Very Secure FTP daemon (VSFTPD) also known as a very secure FTP daemon is a secure way of sending and receiving files from one system to another in UNIX systems. The regular File Transfer Protocol (FTP) is a widely used networking standard protocol. However, FTP is not a secure protocol because it transmits data alongside other important details without encryption. In this guide, you will learn how to install VSFTPD on Ubuntu 18.04 server.
Prerequisites
Before you get started, ensure that you have the following in check:
- An instance of Ubuntu 18.04 LTS. You can easily deploy a cloud server from Cloudcone starting at only $3.71.
- A regular non-root user with sudo privileges.
- A static IP address (in this case 192.168.0.102) should be available
Step 1: Install VSFTPD
The default repository has the VSFTPD files available making installation a straight forward. To install vsftpd, execute the command:
# sudo apt-get install vsftpd –y
Sample Output
After the installation start VSFTPD service by enabling it to start on boot time
# sudo systemctl start vsftpd # sudo systemctl enable vsftpd
Sample Output
Step 2: Creating the Directory Structure for FTP
With VSFTPD installed, we are now going to add a user account. We will create a new user called ‘vsftp’ for demonstration purposes. Therefore, the command will be:
# sudo adduser vsftp
Sample Output
Next, create an FTP directory and adjust the file ownership as follows
# sudo mkdir /home/vsftp/ftp # sudo chown nobody:nogroup /home/vsftp/ftp # sudo chmod a-w /home/vsftp/ftp
Create a directory where the files will be uploaded and ownership given to the VSFTPD user
# sudo mkdir /home/vsftp/ftp/test # sudo chown vsftp:vsftp /home/vsftp/ftp/test
Step 3: Configure VSFTPD
With the FTP user and directory in place, we need to configure VSFTPD service. before anything else, it’s always a good idea to create a backup of the original config file
# sudo cp /etc/vsftpd.conf /etc/vsftpd.conf.bak
Once the backup is in place, Open the vsftpd.conf file
# sudo vim /etc/vsftpd.conf
Add the following lines to the open file
listen=NO listen_ipv6=YES anonymous_enable=NO local_enable=YES write_enable=YES local_umask=022 dirmessage_enable=YES use_localtime=YES xferlog_enable=YES connect_from_port_20=YES chroot_local_user=YES secure_chroot_dir=/var/run/vsftpd/empty pam_service_name=vsftpd pasv_enable=Yes pasv_min_port=10000 pasv_max_port=11000 user_sub_token=$USER local_root=/home/$USER/ftp userlist_enable=YES userlist_file=/etc/vsftpd.userlist userlist_deny=NO
Save and close the file. Do not forget to edit the above file to suit your needs.
Add the vsftpd user to the /etc/vsftpd.userlist file to give FTP access using the command.
# sudo nano /etc/vsftpd.userlist
Next, Add the following line.
vsftp
Save and close the file, then restart the VSFTPD services
# sudo systemctl restart vsftpd
Open the web browser and on the URL enter ftp://192.168.0.102 and key in the name and password to access the FTP page. Enter the vsftpd username and password then click OK button.
Step 4: Secure VSFTPD using SSL/TLS
Now we need to enable SSL/TLS to encrypt all data transferred via FTP. For this to happen, you need to create a certificate using the OpenSSL as shown
# sudo mkdir /etc/cert # sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/cert/vsftpd.pem -out /etc/cert/vsftpd.pem
Sample Output
Then modify the vsftpd.conf file and make some changes
# sudo nano /etc/vsftpd.conf
Edit the file by adding the following lines
rsa_cert_file=/etc/cert/vsftpd.pem rsa_private_key_file=/etc/cert/vsftpd.pem ssl_enable=YES allow_anon_ssl=NO force_local_data_ssl=YES force_local_logins_ssl=YES ssl_tlsv1=YES ssl_sslv2=NO ssl_sslv3=NO require_ssl_reuse=NO ssl_ciphers=HIGH
Save the file and restart the vsftpd using the following command
# sudo systemctl restart vsftpd
Step 5: Access FTP over SSL / TLS
It is not possible to access FTP server over a browser, so you need an FTP application such as FileZilla to access the FTP server. Use the following command to install
# sudo apt-get install filezilla -y
Click on Files > Sites Manager
Add the New site and give it a new host or site name, IP address. Select ‘FTP‘ as the protocol and define Encryption as ‘Require explicit FTP over TLS‘
Click on the Connect button and a screen with a certificate that needs to be verified for use during the SSL/TLS
connection. Click OK .
FileZilla will authenticate and lead the contents of the home directory of the VSTPD user
Awesome! We have successfully installed and configured VSFTPD on Ubuntu 18.04 server. In this guide, you have learned how to install VSFTPD on Ubuntu 18.04 LTS. Your feedback is much welcome.
