FTP server on Linux
Introduction
Section titled “Introduction”FTP stands for File Transfer Protocol. It’s a standard communication protocol used for file transfer. It’s build on a client-server model architecture.
FTP users may need to authenticate themselves or connect anonymously if the server is configured to allow it. For secure transmission, FTP is often secured with FTPS or replaced with SFTP.
FTPS stands for File Transfer Protocol Secure. It is an extension to FTP that adds support for the TLS (Transport Layer Security) and the SSL (Secure Sockets Layer).
SFTP stands for SSH File Transfer Protocol. It as an extension of the SSH (Secure Shell protocol) that provides secure file transfer capabilities. It’s seen as a replacement of FTP due to superior security: it basically tunnels FTP through an SSH connection.
FTP with vsftpd
Section titled “FTP with vsftpd”It this blog post we’ll use vsftpd, which is probably the most secure and fastest FTP server for UNIX-like systems.
Installation
Section titled “Installation”Open a new Terminal window and, based on your linux distro, install the package:
sudo apt install vsftpdsudo dnf install vsftpdsudo pacman -S vsftpdConfiguration
Section titled “Configuration”Edit the configuration file with nano editor:
sudo nano /etc/vsftpd.confCopy the following base configuration into the file:
listen=NOlisten_ipv6=YESanonymous_enable=NOlocal_enable=YESwrite_enable=YESlocal_umask=022dirmessage_enable=YESuse_localtime=YESxferlog_enable=YESconnect_from_port_20=YESchroot_local_user=YESsecure_chroot_dir=/var/run/vsftpd/emptypam_service_name=vsftpdrsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pemrsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.keyssl_enable=NOpasv_enable=Yespasv_min_port=10000pasv_max_port=10100allow_writeable_chroot=YESFirewall configuration
Section titled “Firewall configuration”Your Linux firewall might be configured to block connections to FTP. Executing the appropriate command below for your distribution to create an exception that allows the traffic:
# using ufw (uncomplicated firewall)sudo ufw allow from any to any port 20,21 proto tcp# firewalldsudo firewall-cmd --zone=public --permanent --add-service=ftp# if using iptables and no firewall frontendsudo iptables -A INPUT -m state --state NEW,ESTABLISHED -m tcp -p tcp --dport 20,21 -j ACCEPTWith the configuration file saved and the firewall rules updated, restart vsftpd to apply the new changes:
sudo systemctl restart vsftpdFTP user creation
Section titled “FTP user creation”FTP server is ready to receive incoming connections, so now it is time to create a new user account that will be used to connect to the FTP service.
Create a new account called ftpuser. The second command sets the password for the account:
sudo useradd -m ftpusersudo passwd ftpuserThen add some files into /home/ftpuser/ directory.
Connection
Section titled “Connection”You should now be able to connect to the FTP server either by IP address or hostname.
Open a Terminal window from the same Linux machine and use the ftp command to connect to the loopback address (127.0.0.1).
ftp 127.0.0.1It will be asked to insert for username (ftpuser, for this example) and password.
Then you can perform ls command:
ftp> lsIf you are on a different machine, remember to change the IP address properly.
Allow anonymous access
Section titled “Allow anonymous access”If you’d like to be able to access the FTP server without giving a username and password, you can configure anonymous authentication.
Edit line number 3 of /etc/vsftpd.conf file you wrote before.
Change this:
anonymous_enable=NOInto this:
anonymous_enable=YESThen restart the service for changes to take effect:
sudo systemctl restart vsftpdTest out anonymous login:
ftp 127.0.0.1Use anonymous as username, and a blank password.
You should receive a 230 Login successful message.
Change default FTP port number
Section titled “Change default FTP port number”By default, the FTP protocol listens on port 21 for user authentication and port 20 for data transfer.
However, it’s possible to change this behavior by making a small edit to the /etc/vsftpd.conf file.
At the bottom of the file, use the listen_port directive to specify a different port for vsftpd to use.
Aadding the following line will instruct vsftpd to listen on port 8855:
listen_port=8855