Christian WellsIn today’s digital landscape, the need for efficient and secure file transfer methods is paramount. FTP (File Transfer Protocol) remains a popular choice for transferring files to and from servers. Among the various FTP servers available, VSFTPD (Very Secure FTP Daemon) stands out as a widely used and free option, offering robust security features. In this comprehensive guide, we will walk you through the process of installing, configuring, and securing VSFTPD on Ubuntu 20.04 LTS.
Prerequisites
Before we dive into the installation process, let’s ensure that we have everything in place. This guide assumes that you have already installed Ubuntu 20.04 LTS (either the desktop or server version) and have either root privileges or a regular user with sudo privileges. Additionally, make sure that ports 20 and 21 are publicly open. To enable passive mode, also open the ports range 50000-50100.
Installation Steps
Let’s get started with the installation process for VSFTPD on Ubuntu. Open your terminal and follow the commands below:
# Refresh packages index sudo apt-get update # InstallVSFTPD sudo apt-get install vsftpd
To verify the successful installation, check the version and status of VSFTPD:
#VSFTPD Version sudo vsftpd-version
#VSFTPD Status
sudo systemctl status vsftpd
If the output shows the version and status of VSFTPD, it means that the installation was successful. However, if it’s not running or enabled, you can use the following commands to enable and start it:
# EnableVSFTPD sudo systemctl enable vsftpd # StartVSFTPD sudo systemctl start vsftpd
Configuring VSFTPD
Now that VSFTPD is up and running, let’s move on to configuring it. We will update the main configuration file located at /etc/vsftpd.conf. It’s always a good practice to create a backup of the original configuration file before making any changes:
# BackupVSFTPD configuration sudo cp /etc/vsftpd.conf /etc/vsftpd.conf.orig
To update the configurations, open the configuration file using your preferred editor (in this guide, we’ll use nano):
# Open the configuration using nano editor sudo nano /etc/vsftpd.conf
Now, let’s go through some important configurations that you might want to modify according to your requirements:
1. Run standalone or from inetd
By default, VSFTPD runs as a standalone daemon. To enable this, make sure the listen directive is set to NO:
listen=NO
2. Enable IPv6 listening
If you want to enable listening on IPv6 sockets, uncomment the following line:
listen_ipv6=YES
3. Allow local users to log in
To allow local users to log in, uncomment the following line:
local_enable=YES
4. Enable FTP write commands
If you want to enable any form of FTP write command, uncomment the following line:
write_enable=YES
5. Change the default umask for local users
If you wish to change the default umask for local users, modify the following line:
local_umask=022
6. Activate directory messages
To activate directory messages that are given to remote users when they enter a certain directory, uncomment the following line:
dirmessage_enable=YES
7. Activate logging of uploads/downloads
To activate logging of uploads and downloads, uncomment the following line:
xferlog_enable=YES
8. Restrict local users to their home directories
If you want to restrict local users to their home directories, uncomment the following line:
chroot_local_user=YES
9. Define the PAM service name
Specify the name of the PAM service VSFTPD will use:
pam_service_name=vsftpd
10. Additional configurations
You can further customize your VSFTPD configuration by adding the following lines:
vsftpd_log_file=/var/log/vsftpd.log tcp_wrappers=YES pasv_enable=Yes pasv_min_port=50000 pasv_max_port=50100 allow_writeable_chroot=NO user_sub_token=$USER local_root=/home/$USER/ftp userlist_enable=YES userlist_file=/etc/vsftpd.userlist userlist_deny=NO
Save the configuration file and exit the editor. Now, restart VSFTPD to apply the changes:
# RestartVSFTPD
sudo systemctl restart vsftpd
Managing Local FTP Users
Now that the VSFTPD server is configured, we can create and manage local FTP users. These users will be able to connect to the FTP server using FTP clients on remote systems. To add a new local user, follow these steps:
# Add User sudo useradd -m -c "FTP User 1" -s /bin/bash ftpuser1 # Set Password sudo passwd ftpuser1
Replace ftpuser1 with the desired username. You will be prompted to set a password for the user. Once the user is created, we need to create directories for storing FTP files and set the appropriate permissions:
sudo mkdir /home/ftpuser1/ftp sudo chown nobody:nogroup /home/ftpuser1/ftp sudo chmod a-w /home/ftpuser1/ftp sudo mkdir /home/ftpuser1/ftp/files sudo chown -R ftpuser1:ftpuser1 /home/ftpuser1/ftp/files sudo chmod -R 0770 /home/ftpuser1/ftp/files
To update the VSFTPD allowed users list, modify the file /etc/vsftpd.userlist:
# Add User - Update Users List echo "ftpuser1" | sudo tee -a /etc/vsftpd.userlist
Now, your local FTP user is ready to connect to the VSFTPD server using an FTP client application.
Securing the VSFTPD Server
To enhance the security of your VSFTPD server, we can configure it to allow FTP over TLS communication. This requires a valid SSL certificate. You can obtain a free SSL certificate using Let’s Encrypt for Apache or Nginx. Alternatively, you can generate a self-signed certificate using OpenSSL.
Once you have obtained an SSL certificate, open the VSFTPD configuration file again:
# Open the configuration using nano editor sudo nano /etc/vsftpd.conf
Update the following configurations to enable FTP over TLS:
rsa_cert_file=<SSL Certificate File> rsa_private_key_file=<Key File> ssl_enable=YES
Additionally, you can add the following lines to further secure your VSFTPD server:
debug_ssl=YES ssl_tlsv1=YES ssl_sslv2=NO ssl_sslv3=NO allow_anon_ssl=NO force_local_data_ssl=YES force_local_logins_ssl=YES require_ssl_reuse=NO ssl_ciphers=HIGH
Save the configuration file and restart VSFTPD:
# RestartVSFTPD
sudo systemctl restart vsftpd
Congratulations! You have successfully installed and secured the VSFTPD server on Ubuntu 20.04 LTS.
Conclusion
In this guide, we have covered the step-by-step process of installing, configuring, and securing VSFTPD on Ubuntu 20.04 LTS. By following the instructions provided, you can create a secure file transfer environment for your organization. Remember to regularly update and monitor your FTP server to ensure its continued security. If you require further assistance or have any questions, feel free to reach out to our expert team at Shape.host.
At Shape.host, we offer reliable and scalable cloud hosting solutions for businesses. Our Linux SSD VPS plans provide the perfect platform for hosting your FTP server securely. Visit our website to learn more about our services and start your journey to a secure and efficient file transfer environment.
