Setting up an FTP Server on Ubuntu Server 14.04
File Transfer Protocol (FTP) is a TCP protocol for downloading files between computers. This article tutorial will show you how to install and setup an FTP server on Ubuntu 14.04.
Access to an FTP server can be managed in two ways:
- Anonymous – remote clients can access the FTP server by using the default user account called “anonymous” or “ftp” and sending an email address as the password.
- Authenticated – a user must have an account and a password.
While there a variety of FTP server tools for linux, the most appropriate and popular options is vsftpd
sudo apt-get install -y vsftpd
The next step is to change settings for vsftpd by opening /etc/vsftpd.conf in your preferred text editor. For my case, I’ve used vim.
Edit the following lines to this:
listen=YES local_enable=YES write_enable=YES
To help make vsftpd more secure, users can be limited to their home directories. Uncomment the following line in /etc/vsftpd.conf
To allow user-root access, add the following line at the end in vsftpd.conf:
# Allow users to write to their root directory allow_writeable_chroot=YES
Save the vsftd.conf file and restart the vsftpd service to effect the changes.
sudo service vsftpd restart
Adding an FTP User
Use the following command to create a new FTP user:
sudo useradd -m ftpuser –G ftpaccess -s /usr/sbin/nologin
sudo passwd ftpuser
This will prompt you to create a password for the ftpuser.
Note: /usr/sbin/nologin shell prevents access to the bash shell for the ftp users. To allow login access for nologin shell, edit /etc/shells adding the nologin shell:
# /etc/shells: valid login shells /usr/sbin/nologin
Granting an FTP user access to a Directory
For my case, I will set the HOME directory of the FTP user to /var/www/ directory. For a different ftp user, this is how to achieve it;
usermod --home /var/www/ ftpuser
Remember to set required permission on /var/www/. For instance;
chmod –R 0775 /var/www/
Testing your FTP Server
Try and connect to your ftp server using an ftp client software like Filezilla.
Please Note: The FTP connection is on port 21. It is recommended to use SFTP (Secure FTP) which uses SSH File Transfer Protocol over a secure connection.
How to Connect with SFTP
SFTP uses the SSH protocol to authenticate and establish a secure connection. We now need to install openssh-server package (if it’s not already installed) by using the following command;
sudo apt-get install openssh-server
You may configure the default behaviour of the OpenSSH server application by editing the file /etc/ssh/sshd_config
Please Note: Prior to editing the configuration file, you should make a copy of the original file and protect it from writing using the following commands;
sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.original sudo chmod a-w /etc/ssh/sshd_config.original
Once you’ve backed up your sshd_config file, you can make changes with your preferred text editor;
Find and comment the below line;
Subsystem sftp /usr/lib/openssh/sftp-server
Add these lines at the end of the file;
Subsystem sftp internal-sftp AllowGroups ftpaccess ChrootDirectory %h
Restart the sshd service using the following command;
sudo service ssh restart
Now try to connect server using SFTP and make sure users can upload files to www
Securing Your FTP with SSL (FTPS)
Different from SFTP, FTPS is FTP over Secure Socket Layer (SSL). When transferring sensitive information over FTP it is useful to utilize a more secure connection using SSL.
To create a new SSL certificate, use the following command;
sudo openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout /etc/ssl/private/vsftpd.pem -out /etc/ssl/private/vsftpd.pem
This will create a certificate that will last a year. It will be placed in the /etc/ssl/private/ directory, which we can reference in our configuration file.
Edit /etc/vsftpd.conf and at the bottom add:
ssl_enable=YES allow_anon_ssl=NO force_local_data_ssl=YES force_local_logins_ssl=YES ssl_tlsv1=YES ssl_sslv2=NO ssl_sslv3=NO require_ssl_reuse=NO ssl_ciphers=HIGH
Also, notice the certificate and key line we have just created:
Now restart vsftpd service, and users will be forced to use FTPS:
sudo service vsftpd restart
Now your FTP server is ready to accept secure connections using “FTP over TLS” encryption.