How To Install and Configure FTP Server with VSFTPD on Ubuntu 20.04

In this article we will see How To Install and Configure FTP Server with VSFTPD on Ubuntu 20.04. However, vsftpd is an open source and free FTP Server for Linux systems. It is one of the most popular, secure and fastest FTP Server application. The vsftpd FTP Server is a trusted application among the professionals. However the official website claims that security, stability and performance is the key points due to which it has gained much popularity among the Linux users.

Furthermore, as claimed by the developers of vsftpd some of the features of vsftpd Server includes bandwidth throttling, per user configuration, virtual users, Standalone or inetd operation etc. FTP is an abbreviation for file transfer protocol. In the older days normally insecure files transfers using FTP were used for transfer of files and documents between server and clients. Additionally, in the modern days the old FTP is taken over by more secure, stable and faster FTP application like vsftpd, scp etc. In my opinion vsftpd is the best choice for transferring your important files and data between clients and server. Currently there are number of Linux distribution that includes vsftpd as the default FTP Server in their Linux distribution.

Prerequisites for installation of vsftpd on Ubuntu 20.04 Focal Fossa

Following are the prerequisites for installing vsftpd on Ubuntu 20.04 Focal Fossa operating system.

  1. Firstly, we will require a Desktop or a laptop computer with pre-installed Ubuntu 20.04 operating system. If you need to install Ubuntu 20.04 on your system then you can follow our guide to installing Ubuntu 20.04. The link to the tutorial is given below.
    How to Install Ubuntu 20.04 LTS Focal Fossa
  1. We will require a non root user with sudo privileges with passwords for the installation of the application.
  2. Additionally, we will require a stable and fast internet connection for downloading and installing the vsftpd application on our computer.

Install FTP Server with VSFTPD on Ubuntu 20.04 LTS

First update your system before the start of the installation. To update your system open the terminal window and issue the following command as given below.

sudo apt-get update
sudo apt-get upgrade

The vsftpd FTP Server package is already available in the default package repository of the Ubuntu 20.04 operating system. Therefore just use the apt command of the Ubuntu 20.04 to install the vsftpd FTP Server. To install the application issue the following command in the terminal window.

sudo apt-get install vsftpd

The above command will prompt to start the installation of the application. On the affirmative response the installation will start and will complete in very short time. During the installation the vsftpd Server creates a initial configuration file. The location of this configuration file “vsftpd.conf” is the /etc folder.

Before making any changes, the backup of the original configuration file of vsftpd should be taken. To do this copy the original configuration file with a new name. to do this issue the following command in the terminal window.

sudo cp /etc/vsftpd.conf /etc/vsftpd.conf.backup

Configure the Firewall on Ubuntu 20.04 for vsftpd FTP Server

Now we have to configure the firewall so that the FTP traffic can pass through the firewall. First check whether ufw firewall is installed and started on your system. Issue the following command in the terminal windows.

sudo ufw status

If the output of the above command shows that ufw firewall is installed but is currently disabled as shown below.

sudo ufw status
Status: inactive

Then issue the following command in the terminal window.

sudo ufw enable
sudo service ufw restart

To allow OpenSSH and FTP traffic through the firewall issue the following command in the terminal window in the given order.

sudo ufw allow OpenSSH
sudo ufw allow 20/tcp
sudo ufw allow 21/tcp
sudo ufw allow 990/tcp
sudo ufw allow 10000:20000/tcp

Now again issue the ufw status command in the terminal window as shown below.

sudo ufw status

The output of the above command will be similar as given below.

sudo ufw status
Status: active
To                         Action      From
—                         ——      —-
OpenSSH                    ALLOW       Anywhere
20/tcp                     ALLOW       Anywhere
21/tcp                     ALLOW       Anywhere
990/tcp                    ALLOW       Anywhere
10000:20000/tcp            ALLOW       Anywhere
OpenSSH (v6)               ALLOW       Anywhere (v6)
20/tcp (v6)                ALLOW       Anywhere (v6)
21/tcp (v6)                ALLOW       Anywhere (v6)
990/tcp (v6)               ALLOW       Anywhere (v6)
10000:20000/tcp (v6)       ALLOW       Anywhere (v6)

Configuring FTP Directory and FTP User in vsftpd Server

If you have your website hosted on your web server and you want to upload and download files from the website folder. Then you have to configure this directory in vsftpd server. In addition to this you should also create a separate ftp user for file transfer job. Now we will see how to create out FTP directory and FTP user.

First we will create our FTP User with the name ftpuser and give FTP access to it. To create a new FTP user issue the following command in the terminal windows as shown below.

sudo adduser ftpuser

The output of the above command will be similar to the figure given below.

sudo adduser ftpuser
Adding user `ftpuser’ …
Adding new group `ftpuser’ (1001) …
Adding new user `ftpuser’ (1001) with group `ftpuser’ …
Creating home directory `/home/ftpuser’ …
Copying files from `/etc/skel’ …
New password:
Retype new password:
passwd: password updated successfully
Changing the user information for ftpuser
Enter the new value, or press ENTER for the default
Full Name []: FTP User
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [Y/n] Y

As shown in the above figure enter and confirm the password and necessary information as you like and create the new ftpuser.

Now we will setup a directory structure on the server for transferring files and provide the ftpuser access to the directory. Let us create this folder with the name of ftp inside the /home/pentarock folder. We will also give ownership to ftpuser on this directory.  To create a new FTP directory and provide the ownership to the ftpuser issue the following command in the terminal window in the given sequence.

sudo mkdir /home/ftpuser/ftp
sudo chown nobody:nogroup /home/ftpuser/ftp
sudo chmod a-w /home/ftpuser/ftp

Now we will create a folder where the files can be uploaded and we will also provide ownership to our ftpuser on this folder. To do this issue the following command in the terminal windows as shown below in the given sequence.

sudo mkdir /home/ftpuser/ftp/ftpdocs
sudo chown ftpuser:ftpuser /home/ftpuser/ftp/ftpdocs

Now we have successfully created the FTP directory structure and our ftp user. Also we have given the necessary permissions to our ftp user for transfer of files in this directory.

Configure vsftpd Server

Now we will make the necessary changes in the configuration file vsftpd.conf to configure our vsftpd FTP server. To do this open the vsftpd.conf file in your favorite text editor. We are using nano editor. Issue the following command in the terminal window.

sudo nano /etc/vsftpd.conf

Make the following changes in the vsftpd.conf file.

listen=NO
listen_ipv6=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
chroot_local_user=YES
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
pasv_enable=Yes
pasv_min_port=10000
pasv_max_port=11000
user_sub_token=$USER
local_root=/home/$USER/ftp/ftpdocs
userlist_enable=YES
userlist_file=/etc/ vsftpd.userlist
userlist_deny=NO

Make the changes in the configuration file as shown in the figure above and save and exit the text editor.

Now create a userlist file as mentioned in the configuration file above and add our ftp user in the userlist file. When the userlist_deny is set to NO in the configuration file then the users in the list are allowed and when it is set to YES then the users in the userlist are denied FTP permission. Now to create userlist file and add out ftpuser in the userlist file, issue the following command in the terminal window.

sudo echo "ftpuser" | sudo tee -a /etc/vsftpd.userlist

To verify that the file is created and user is added in the userlist file issue the following command in the terminal window.

sudo cat /etc/vsftpd.userlist

The output of the above command will be similar to the given below.

[email protected]:~# sudo cat /etc/vsftpd.userlist

ftpuser

Now restart the vsftpd FTP Server so that the configuration changes may take effect. To restart the vsftpd service issue the following command in the terminal window.

sudo systemctl restart vsftpd

Now we have successfully installed and configured vsftpd server. Now we can test our vsftpd server by connecting to it from out ftpuser.

Verify the FTP Connection

To test our vsftpd FTP Server we have created a test file “ftptest.txt” in the ftpdocs folder. Now we will transfer the same file to a Windows 10 computer using the ftp command in the command window of Windows 10 Operating System. Issued the ftp command and the output of the command are shown below.

C:\Users\Pentarock>ftp 192.168.1.25
Connected to 192.168.1.25.
220 (vsFTPd 3.0.3)
200 Always in UTF8 mode.
User (192.168.1.25:(none)): ftpuser
331 Please specify the password.
Password:
230 Login successful.
ftp> cd ftpdocs
250 Directory successfully changed.
ftp> dir
200 PORT command successful. Consider using PASV.
150 Here comes the directory listing.
-rw-r–r–    1 0        0              74 Sep 05 11:00 ftptest.txt
226 Directory send OK.
ftp: 72 bytes received in 0.00Seconds 36.00Kbytes/sec.
ftp> get ftptest.txt
200 PORT command successful. Consider using PASV.
150 Opening BINARY mode data connection for ftptest.txt (74 bytes).
226 Transfer complete.
ftp: 74 bytes received in 0.00Seconds 74000.00Kbytes/sec.
ftp>

The above output shows that our vsftpd server is installed correctly and we are now able to transfer files from our server.

The above file transfers are insecure. In the insecure FTP Servers decrypted data is transferred. Therefore now we will secure our vsftpd server. To provide the encryption we will enable TLS/SSL on our vsftpd FTP Server. We will use openssl to create SSL certificate to be used with our vsftpd FTP Server. Then, we will create a certificate with the validity of 90 days. We will also add a private 2048 bit RSA key. To create the SSL certificate issue the following command in the terminal window.

sudo openssl req -x509 -nodes -days 90 -newkey rsa:2048 -keyout /etc/ssl/private/vsftpd.pem -out /etc/ssl/private/vsftpd.pem

The output of the above command will be similar to the shown below.

sudo openssl req -x509 -nodes -days 90 -newkey rsa:2048 -keyout /etc/ssl/private/vsftpd.pem -out /etc/ssl/private/vsftpd.pem
Generating a RSA private key
………………………………..+++++
………………………..+++++
writing new private key to ‘/etc/ssl/private/vsftpd.pem’
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [AU]:IN
State or Province Name (full name) [Some-State]:UP
Locality Name (eg, city) []:GZB
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Pentarock
Organizational Unit Name (eg, section) []:Blog
Common Name (e.g. server FQDN or YOUR name) []:
Email Address []:[email protected]

There are many fields to enter during the creation of the certificate but you can leave some of them blank if you wish. Now open the vsftpd configuration file again in your favorite text editor. Issue the following command to open the file in the nano text editor.

sudo nano /etc/vsftpd.conf

Scroll down to the end of the configuration file. There you will see the following lines.

rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key

Comment out these lines and add two new lines below these lines as shown in the figure below.

# rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
# rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
rsa_cert_file=/etc/ssl/private/vsftpd.pem
rsa_private_key_file=/etc/ssl/private/vsftpd.pem

Now add the following lines in the vsftpd FTP Server configuration file as given below.

ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
require_ssl_reuse=NO
ssl_ciphers=HIGH

Further, restart the vsftpd Server by issuing the following command in the terminal window.

sudo systemctl restart vsftpd

Now if we will try to connect to our server in insecure mode the output of the command will be similar to the shown below.

C:\Users\Pentarock>ftp 192.168.1.25
Connected to 192.168.1.25.
220 (vsFTPd 3.0.3)
200 Always in UTF8 mode.
User (192.168.1.25:(none)): ftpuser
530 Non-anonymous sessions must use encryption.
Connection closed by remote host.

Test TLS Connection using Filezilla client Installed on a Windows 10 Computer

Now we will test our vsftpd server using Filezilla client which supports and uses TLS encryption. You can do so with any other ftp client application that supports TLS/SSL encryption. There are many FTP client applications are available that support TLS/SSL encryption.

Now open FileZilla Client and Create a new connection to the server as shown in the image below.

How to Setup FTP Server with vsftpd on Ubuntu 20.04 LTSNow create a new connection as shown below. We have created new connection “New Site” with the option “Require Explicit FTP Over TLS” selected.

FTP Over TLSNow connect to the server as shown in the figure below.

Connection SuccessfulNow as shown in the above figure that we have successfully installed and configured the vsftpd FTP Server on our Ubuntu 20.04 LTS Focal Fossa operating system. Enjoy!

Leave a Reply

Your email address will not be published.