Install and Configure VSFTPD server on Ubuntu 18.04 LTS

Vsftpd also known as a very secure FTP daemon is an FTP server for Unix-like systems. FTP is most widely used standard network protocol used for uploading/downloading files between two computers over a network. By default, FTP is insecure because it transmits data together with user credentials without encryption.

In this tutorial, we will learn how to install Vsftpd with SSL/TLS support on Ubuntu 18.04 server.

Requirements

  • A server running Ubuntu 18.04.
  • A non-root user with sudo privileges.
  • Static IP address 192.168.0.102 is configured.

Install Vsftpd

By default, Vsftpd is available in Ubuntu 18.04 default repository. So you can easily install it by just running the following command:

sudo apt-get install vsftpd -y

Once Vsftpd is installed, start Vsftpd service and enable it to start on boot time:

sudo systemctl start vsftpd
sudo systemctl enable vsftpd

Create Directory Structure for FTP

Before starting, you will need to create a user for FTP access.

You can create a user with the following command:

sudo adduser vsftp

Next, create ftp directory and set ownership with the following command:

sudo mkdir /home/vsftp/ftp
sudo chown nobody:nogroup /home/vsftp/ftp
sudo chmod a-w /home/vsftp/ftp

Next, create a directory where files can be uploaded and give ownership to vsftp user:

sudo mkdir /home/vsftp/ftp/test
sudo chown vsftp:vsftp /home/vsftp/ftp/test

Configure Vsftpd

Next, you will need to perform some configurations to setup FTP server.

First, create a backup of original config file:

sudo cp /etc/vsftpd.conf /etc/vsftpd.conf.bak

Next, open the vsftpd.conf file:

sudo nano /etc/vsftpd.conf

Add the following lines:

 listen=NO
 listen_ipv6=YES
 anonymous_enable=NO
 local_enable=YES
 write_enable=YES
 local_umask=022
 dirmessage_enable=YES
 use_localtime=YES
 xferlog_enable=YES
 connect_from_port_20=YES
 chroot_local_user=YES
 secure_chroot_dir=/var/run/vsftpd/empty
 pam_service_name=vsftpd
 pasv_enable=Yes
 pasv_min_port=10000
 pasv_max_port=11000
 user_sub_token=$USER
 local_root=/home/$USER/ftp
 userlist_enable=YES
 userlist_file=/etc/vsftpd.userlist
 userlist_deny=NO

Save and close the file. You can change the above configuration according to your needs.

Next, you will also need to add vsftp user to /etc/vsftpd.userlist file to allow FTP access:

sudo nano /etc/vsftpd.userlist

Add the following line:

vsftp

Save and close the file, then restart Vsftpd service to apply these changes:

sudo systemctl restart vsftpd

Now, open your web browser and type the URL ftp://192.168.0.102, you will be asked to enter username and password to access FTP.  Enter your vsftp username and password, then click on the Ok button. You should see the following page:

Access server by FTP

Secure Vsftpd using SSL/TLS

Next, you will need to enable SSL/TLS to encrypt the data transferred via FTP.

To do so, you will need to create a certificate for that. You can create a certificate using OpenSSL using the following command:

sudo mkdir /etc/cert
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/cert/vsftpd.pem -out /etc/cert/vsftpd.pem

Next, you will need to modify vsftpd.conf file and make some changes:

sudo nano /etc/vsftpd.conf

Add the following lines:

rsa_cert_file=/etc/cert/vsftpd.pem
rsa_private_key_file=/etc/cert/vsftpd.pem
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
require_ssl_reuse=NO
ssl_ciphers=HIGH

Save the file, then restart Vsftpd using the following command:

sudo systemctl restart vsftpd

Access FTP over SSL/TLS

You can not access your FTP server over SSL/TLS through browser. So, you will need to install FileZilla FTP client to access your FTP server. Because FileZilla supports FTP over SSL/TLS.

You can install FileZilla client using the following command:

sudo apt-get install filezilla -y

Once the FileZilla is installed, open it from your Unity dash. You should see the following image:

FileZilla FTP Client

Now, click on the File>Sites Manager. You should see the following image:

Add site in FileZilla

Here, add New site and provide the host/site name, add the IP address, define the protocol to use, encryption and logon type. Then click on the Connect button. You should see the following image:

Accept SSL certificate

Now, verify the certificate being used for the SSL/TLS connection, and click OK once more to connect to the FTP server. You should see your FTP server contents in the following page:

FTP connection to Vsftpd server established

Hitesh Jethva

About Hitesh Jethva

Over 8 years of experience as a Linux system administrator. My skills include a depth knowledge of Redhat/Centos, Ubuntu Nginx and Apache, Mysql, Subversion, Linux, Ubuntu, web hosting, web server, Squid proxy, NFS, FTP, DNS, Samba, LDAP, OpenVPN, Haproxy, Amazon web services, WHMCS, OpenStack Cloud, Postfix Mail Server, Security etc.

Share this page:

Suggested articles

1 Comment(s)

Add comment

Comments

By: Gabriel at: 2018-09-10 15:38:59

Please edit this line:

"Now, open your web browser and type the URL ftp://92.168.0.102"

to:

"Now, open your web browser and type the URL ftp://192.168.0.102"

 

thanks for this tutorial