Setting up an FTP Server on Ubuntu Server 14.04

By Austin M ·

File Transfer Protocol (FTP) is a TCP protocol for downloading files between computers. This article tutorial will show you how to install and setup an FTP server on Ubuntu 14.04.

Access to an FTP server can be managed in two ways:

  • Anonymous – remote clients can access the FTP server by using the default user account called “anonymous” or “ftp” and sending an email address as the password.
  • Authenticated – a user must have an account and a password.

Installing vsftpd

While there a variety of FTP server tools for linux, the most appropriate and popular options is vsftpd

sudo apt-get install -y vsftpd

Configuration

The next step is to change settings for vsftpd by opening /etc/vsftpd.conf in your preferred text editor. For my case, I’ve used vim.

vim /etc/vsftpd.conf

Edit the following lines to this:

listen=YES
local_enable=YES
write_enable=YES

To help make vsftpd more secure, users can be limited to their home directories. Uncomment the following line in /etc/vsftpd.conf

chroot_local_user=YES

To allow user-root access, add the following line at the end in vsftpd.conf:

# Allow users to write to their root directory
 allow_writeable_chroot=YES

Save the vsftd.conf file and restart the vsftpd service to effect the changes.

sudo service vsftpd restart

Adding an FTP User

Use the following command to create a new FTP user:

sudo useradd -m ftpuser –G ftpaccess -s /usr/sbin/nologin

Then:

sudo passwd ftpuser

This will prompt you to create a password for the ftpuser.

Note: /usr/sbin/nologin shell prevents access to the bash shell for the ftp users. To allow login access for nologin shell, edit /etc/shells adding the nologin shell:

# /etc/shells: valid login shells
 /usr/sbin/nologin

Granting an FTP user access to a Directory

For my case, I will set the HOME directory of the FTP user to /var/www/ directory. For a different ftp user, this is how to achieve it;

usermod --home /var/www/ ftpuser

Remember to set required permission on /var/www/. For instance;

chmod –R 0775 /var/www/

Testing your FTP Server

Try and connect to your ftp server using an ftp client software like Filezilla.

Please Note: The FTP connection is on port 21. It is recommended to use SFTP (Secure FTP) which uses SSH File Transfer Protocol over a secure connection.

How to Connect with SFTP

SFTP uses the SSH protocol to authenticate and establish a secure connection. We now need to install openssh-server package (if it’s not already installed) by using the following command;

sudo apt-get install openssh-server

You may configure the default behaviour of the OpenSSH server application by editing the file /etc/ssh/sshd_config

Please Note: Prior to editing the configuration file, you should make a copy of the original file and protect it from writing using the following commands;

sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.original
sudo chmod a-w /etc/ssh/sshd_config.original

Once you’ve backed up your sshd_config file, you can make changes with your preferred text editor;

vim /etc/ssh/sshd_config

Find and comment the below line;

Subsystem sftp /usr/lib/openssh/sftp-server

Add these lines at the end of the file;

Subsystem sftp internal-sftp
AllowGroups ftpaccess
ChrootDirectory %h

Restart the sshd service using the following command;

sudo service ssh restart

Now try to connect server using SFTP and make sure users can upload files to www

Securing Your FTP with SSL (FTPS)

Different from SFTP, FTPS is FTP over Secure Socket Layer (SSL). When transferring sensitive information over FTP it is useful to utilize a more secure connection using SSL.

To create a new SSL certificate, use the following command;

sudo openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout /etc/ssl/private/vsftpd.pem -out /etc/ssl/private/vsftpd.pem

This will create a certificate that will last a year. It will be placed in the /etc/ssl/private/ directory, which we can reference in our configuration file.

Edit /etc/vsftpd.conf and at the bottom add:

ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
require_ssl_reuse=NO
ssl_ciphers=HIGH

Also, notice the certificate and key line we have just created:

rsa_cert_file=/etc/ssl/private/vsftpd.pem
rsa_private_key_file=/etc/ssl/private/vsftpd.pem

Now restart vsftpd service, and users will be forced to use FTPS:

sudo service vsftpd restart

Now your FTP server is ready to accept secure connections using “FTP over TLS” encryption.