Install and Configure VSFTPD server on Ubuntu 18.04 LTS

Vsftpd also known as a very secure FTP daemon is an FTP server for Unix-like systems. FTP is most widely used standard network protocol used for uploading/downloading files between two computers over a network. By default, FTP is insecure because it transmits data together with user credentials without encryption.

In this tutorial, we will learn how to install Vsftpd with SSL/TLS support on Ubuntu 18.04 server.

Requirements

• A server running Ubuntu 18.04.
• A non-root user with sudo privileges.
• Static IP address 192.168.0.102 is configured.

Install Vsftpd

By default, Vsftpd is available in Ubuntu 18.04 default repository. So you can easily install it by just running the following command:sudo apt-get install vsftpd -y

Once Vsftpd is installed, start Vsftpd service and enable it to start on boot time:sudo systemctl start vsftpd
sudo systemctl enable vsftpd

Create Directory Structure for FTP

Before starting, you will need to create a user for FTP access.

You can create a user with the following command:sudo adduser vsftp

Next, create ftp directory and set ownership with the following command:sudo mkdir /home/vsftp/ftp
sudo chown nobody:nogroup /home/vsftp/ftp
sudo chmod a-w /home/vsftp/ftp

Next, create a directory where files can be uploaded and give ownership to vsftp user:sudo mkdir /home/vsftp/ftp/test
sudo chown vsftp:vsftp /home/vsftp/ftp/test

Configure Vsftpd

Next, you will need to perform some configurations to setup FTP server.

First, create a backup of original config file:sudo cp /etc/vsftpd.conf /etc/vsftpd.conf.bak

Next, open the vsftpd.conf file:sudo nano /etc/vsftpd.conf

Add the following lines: listen=NO
listen_ipv6=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
chroot_local_user=YES
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
pasv_enable=Yes
pasv_min_port=10000
pasv_max_port=11000
user_sub_token=$USER
local_root=/home/$USER/ftp
userlist_enable=YES
userlist_file=/etc/vsftpd.userlist
userlist_deny=NO


Save and close the file. You can change the above configuration according to your needs.

Next, you will also need to add vsftp user to /etc/vsftpd.userlist file to allow FTP access:sudo nano /etc/vsftpd.userlist

Add the following line:vsftp


Save and close the file, then restart Vsftpd service to apply these changes:sudo systemctl restart vsftpd

Now, open your web browser and type the URL ftp://192.168.0.102, you will be asked to enter username and password to access FTP.  Enter your vsftp username and password, then click on the Ok button. You should see the following page:

Secure Vsftpd using SSL/TLS

Next, you will need to enable SSL/TLS to encrypt the data transferred via FTP.

To do so, you will need to create a certificate for that. You can create a certificate using OpenSSL using the following command:sudo mkdir /etc/cert
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/cert/vsftpd.pem -out /etc/cert/vsftpd.pem

Next, you will need to modify vsftpd.conf file and make some changes:sudo nano /etc/vsftpd.conf

Add the following lines:rsa_cert_file=/etc/cert/vsftpd.pem
rsa_private_key_file=/etc/cert/vsftpd.pem
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
require_ssl_reuse=NO
ssl_ciphers=HIGH


Save the file, then restart Vsftpd using the following command:sudo systemctl restart vsftpd

Access FTP over SSL/TLS

You can not access your FTP server over SSL/TLS through browser. So, you will need to install FileZilla FTP client to access your FTP server. Because FileZilla supports FTP over SSL/TLS.

You can install FileZilla client using the following command:sudo apt-get install filezilla -y

Once the FileZilla is installed, open it from your Unity dash. You should see the following image:

Now, click on the File>Sites Manager. You should see the following image:

Here, add New site and provide the host/site name, add the IP address, define the protocol to use, encryption and logon type. Then click on the Connect button. You should see the following image:

Now, verify the certificate being used for the SSL/TLS connection, and click OK once more to connect to the FTP server. You should see your FTP server contents in the following page: