File Transfer Protocol (FTP) is one of the oldest and most widely used methods for transferring files over a network. It’s reliable, straightforward, and can be secured with encryption protocols like FTPS and SFTP.
Run a quick update by running the following command in a terminal window before installing vsftpd (Very Secure FTP Daemon)
sudo apt updatesudo apt upgradeRun the following command to install vsftpd.
sudo apt install vsftpdTo verify that vsftpd is installed correctly, run the following command.
sudo systemctl status vsftpdThe default configuration of vsftpd may need to be modified based on your needs. The configuration file is located at /etc/vsftpd.conf. To edit it, open it in your favorite text editor. For example, to use Gedit.
sudo gedit /etc/vsftpd.confEnable Local User Login: By default, anonymous users can access the FTP server. If you want to enable local users to log in and manage their own files, find and uncomment the following line.
local_enable=YESEnable File Uploads: For security reasons, file uploads are disabled by default. To enable this, uncomment the following line.
write_enable=YESChroot Local Users: To restrict local users to their home directories, uncomment the line.
chroot_local_user=YESThis setup restricts users to their own directories, preventing them from accessing the entire file system.
Limit Passive Mode Ports: If you’re using a firewall, you’ll need to specify a range of ports for passive mode FTP transfers. Add the following lines to define a range of ports (e.g., 40000–50000).
pasv_min_port=40000
pasv_max_port=50000Optional: Enable SSL/TLS for Secure Transfers (FTPS): If you want to secure your FTP server, you can enable FTPS by adding these lines to your vsftpd.conf file.
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
rsa_cert_file=/etc/ssl/private/vsftpd.pemYou’ll need to generate an SSL certificate for this. You can create a self-signed certificate using OpenSSL.
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/vsftpd.pem -out /etc/ssl/private/vsftpd.pemAfter making these changes, save the file and restart the vsftpd service for the changes to take effect.
sudo systemctl restart vsftpdWith your server now set up, the next step is to create users who can access it. To add a new user, use the following command.
sudo adduser ftpuserFollow the prompts to set a password for the user. This user will now have access to their home directory via FTP.
If your Ubuntu server has a firewall enabled, you’ll need to allow FTP traffic. For those using ufw, you can open the necessary ports by running the following command.
sudo ufw allow 20/tcp
sudo ufw allow 21/tcp
sudo ufw allow 40000:50000/tcp
sudo ufw allow OpenSSHIf FTPS is enabled, open port 990 by running the following command.
sudo ufw allow 990/tcpOnce you’ve allowed the ports, reload the firewall settings.
sudo ufw reloadYour FTP server should now be operational. To test it locally, use the following command.
ftp localhostTo test it remotely, use the following command.
ftp <server-ip>Once you’ve entered your FTP username and password, you should be able to navigate and transfer files without any issues.