How to Set Up a Linux FTP Server for Quick File Transfers

filezilla logo

FTP, or File Transfer Protocol, is a standard protocol for sending and receiving files from remote servers. It is easier to use than command line alternatives like scp, especially with GUIs like FileZilla.

What is FTP?

In the old days of the Internet, public FTP servers were a very common way of making files available to a large number of people. Today, FTP is still around and widely used for administrative tasks.

While some form of FTP CLI is provided with most major operating systems, GUI clients FileZilla make the process of moving files between servers as easy as dragging and dropping from local storage to remote storage, or vice versa. All underlying traffic is handled via FTP.

For this you need to install and configure an FTP server, such as vsftpd, on the remote machine you want to access.

It should be noted that users logged in via FTP will have access to your system, just like you. There are steps you can take to mitigate these risks, such as accessing the whitelist and locking out users in their home directories.

Installing vsftpd

To get started, install vsftpd from your distribution’s package manager. For Debian based systems like Ubuntu this would come from apt:

sudo apt-get install vsftpd

Next, you’ll need to start the service and configure it to run at startup time:

systemctl start vsftpd
systemctl activate vsftpd

FTP has two main authentication methods:

Anonymous FTP, where anyone can connect without a password. This is used for public file sharing and is disabled by default.
Local user login, which allows any user of / etc / passwd to access FTP using a username and password.

You will probably want to enable local user login and disable anonymous access. Logging in to FTP using your user account will give you access to anything your account can access.

Open /etc/vsftpd.conf in your favorite text editor and change the following line to YES:

local_enable = YES

If you want to be able to download files, also replace write_enable with YES:

write_enable = YES

With a restart of vsftpd (systemctl restart vsftpd), you should now be able to connect to FTP using a client like FileZilla or the CLI on your home machine.

If you only want to enable FTP for specific users, you can access the whitelist. Open /etc/vsftpd.userlist and add the names of each account you want to activate on separate lines.

nano /etc/vsftpd.userlist

Then add the following lines to /etc/vsftpd.conf:

userlist_enable = YES
userlist_file = / etc / vsftpd.userlist
userlist_deny = NO

This will limit access to only the users defined in the user list file and deny all others.

If you don’t want users to access files outside of their home directory, you can put them in a chroot jail, which will prevent them from interacting with top-level directories. You can enable it by uncommenting the following line in /etc/vsftpd.conf:

chroot_local_user = YES

Restart vsftpd with systemctl, restart vsftpd to apply the changes.

FTPS configuration

Standard FTP traffic is sent unencrypted as HTTP. This is obviously not great, so you need to configure vsftpd to encrypt traffic with TLS.

To do this, generate a new key and sign a request with openssl:

openssl genrsa -des3 -out FTP.key

openssl request –New -key FTP.key -out certificate.csr

vsftpd needs the password removed from this key, so copy the key and send it back to openssl:

cp FTP.key FTP.key.orig

openssl rsa -in FTP.key.orig -out ftp.key

Finally, generate a TLS certificate using this key:

openssl x509 -req-days 365 –in certificate.csr -signkey ftp.key -out mycertificate.crt

Copy the key and certificate to / etc / pki / tls / certs /:

cp ftp.key / etc / pki / tls / certs /

cp mycertificate.crt / etc / pki / tls / certs

Now that all the certificates are configured, you can open /etc/vsftpd.conf again and add the following lines:

ssl_enable = YES
allow_anon_ssl = YES
ssl_tlsv1 = YES
ssl_sslv2 = NO
ssl_sslv3 = NO
rsa_cert_file = / etc / pki / tls / certs / mycertificate.crt
rsa_private_key_file = / etc / pki / tls / certs / ftp.key
ssl_ciphers = TOP
require_ssl_reuse = NO

Restart vsftpd with systemctl, restart vsftpd to apply the changes.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.