File transfer protocol ( FTP ) is used to transfer files between client and server. It is commonly used by most of the companies to share data with the customers . Also it plays an important role in data automation. Now a days many softwares & application supports FTP protocol for data transfer. Here we will see about setup ftp server on ubuntu 16.04.
This article explains about configuration steps for FTP, FTPS and SFTP.
FTP is unsecure since it’s not encrypted. It is highly recommended to use FTPS or SFTP.
Package installation and pre configs
Before starting, It is better to assign static IP to the server.
Please make sure you have an internet connection since we need to install package and dependencies from internet.
We are going to use VSFTPD package for FTP which is flexible and easy to manage.
Step 1 » Update the repository and install vsftpd package using below commands.
krizna@leela:~$ sudo apt update
krizna@leela:~$ sudo apt install vsftpd
Step 2 » Copy the original configuration file for a backup.
krizna@leela:~$ sudo cp /etc/vsftpd.conf /etc/vsftpd.conf.bk
1) FTP configuration.
2) Secure FTP ( FTPS ).
3) SFTP configurarion.
Setup FTP server on ubuntu 16.04
Lets do a basic FTP configuration.
Step 3 » Edit /etc/vsftpd.conf file and make the changes as below.
Uncomment below lines.
write_enable=YES
Add below lines at the end of the file. The first line is to keep all non-chroot users jailed.
local_umask=022
chroot_local_user=YES
Other 2 lines are for the passive port range.
allow_writeable_chroot=YES
pasv_min_port=40000
pasv_max_port=40100
Step 4 » Now restart vsftpd service and check the status.
krizna@leela:~$ sudo systemctl restart vsftpd
krizna@leela:~$ sudo systemctl status vsftpd
● vsftpd.service - vsftpd FTP server
Loaded: loaded (/lib/systemd/system/vsftpd.service; enabled; vendor preset: enabled)
Active: active (running) since Sat 2017-02-25 14:32:35 IST; 3min 57s ago
Process: 1955 ExecStartPre=/bin/mkdir -p /var/run/vsftpd/empty (code=exited, status=0/SUCCESS)
Main PID: 1958 (vsftpd)
Tasks: 1 (limit: 512)
Memory: 392.0K
CPU: 39ms
CGroup: /system.slice/vsftpd.service
└─1958 /usr/sbin/vsftpd /etc/vsftpd.conf
Feb 25 14:32:35 leela systemd[1]: Starting vsftpd FTP server...
Feb 25 14:32:35 leela systemd[1]: Started vsftpd FTP server.
Status should be active and running.If the service is failed to start, Troubleshoot yourself by commenting the lines one by one and check the status after service restart.
Step 5 » Now create an user to test FTP server. Use /usr/sbin/nologin shell to limit access.
krizna@leela:~$ sudo useradd -m jack -s /usr/sbin/nologin
krizna@leela:~$ sudo passwd jack
Step 6 » Add “/usr/sbin/nologin” to /etc/shells file to enable login access for the users who uses nologin shell.
krizna@leela:~$ echo "/usr/sbin/nologin" | sudo tee -a /etc/shells
Test your FTP configuration. Try to connect from ftp client.
[root@localhost ~]# ftp 192.168.22.16
Connected to 192.168.22.16 (192.168.22.16).
220 (vsFTPd 3.0.3)
Name (192.168.22.16:root): jack
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>
Secure FTP ( FTPS )
FTP connections can be secured by using SSL certificate. We can create self signed SSL certificate using openssl command.
Step 7 » Create new SSL certificate using below command. Here we are going to create 2048 bit RSA certificate with 365 days validity.
krizna@leela:~$ sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/ftps_vsftpd.pem -out /etc/ssl/private/ftps_vsftpd.pem
Step 8 » Now make changes in /etc/vsftpd.conf file to enable and configure SSL. Find and modify below lines as per our certificate location and enable SSL.
rsa_cert_file=/etc/ssl/private/ftps_vsftpd.pem
rsa_private_key_file=/etc/ssl/private/ftps_vsftpd.pem
ssl_enable=YES
Step 9 » Now restart vsftpd service and check the status.
krizna@leela:~$ sudo systemctl restart vsftpd
Step 10 » Try to connect FTP using with TLS/SSL explicit options. This option can be found in Winscp and filezilla tools.
After successful login, You will be able to tranfer data with encrypted.
SFTP configuration
SFTP uses different protocol, It is more secure than FTP since it uses ssh port for data transfer.
Step 11 » Install OpenSSH package if it is not installed .
krizna@leela:~$ sudo apt-get install openssh-server
Step 12 » Create a new group for SFTP users.
krizna@leela:~$ sudo addgroup ftpaccess
Step 13 » Edit /etc/ssh/sshd_config file and comment the below line.
#Subsystem sftp /usr/lib/openssh/sftp-server
and add these lines at the end of the file.
Subsystem sftp internal-sftp
Match group ftpaccess
ChrootDirectory %h
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
Step 14 » Now restart ssh service.**Please perform this step in the console since you may loose SSH connection while doing the service restart.**
krizna@leela:~$ sudo systemctl restart ssh
Step 15 » Create an user with nologin shell and with group ftpacess.
krizna@leela:~$ sudo useradd -m harry -s /usr/sbin/nologin -G ftpaccess
krizna@leela:~$ sudo passwd harry
Perform below steps to chroot users to their home directories.
Step 16 » Modify home directory permission.
krizna@leela:~$ sudo chown root:root /home/harry
Step 17 » Create a directory “upload” inside home directory and modify ownership. This directory can be used to upload files to the server.
krizna@leela:~$ sudo mkdir /home/harry/upload
krizna@leela:~$ sudo chown harry:ftpaccess /home/harry/upload
Now you can connect server using sftp clients.
[root@localhost ~]# sftp harry@192.168.22.16
harry@192.168.22.16's password:
Connected to 192.168.22.16.
sftp> ls
sftp>
That’s it. All the best.
Also see.
» Setup FTP server on ubuntu 14.04
» Setup FTP server on centos 7
How to install Android Studio on ubuntu 20.04
Much appreciation for the tutorial, but how would one go a step further and create something like:
https://download.gimp.org/
Something generally accessibly and on a sub domain?
Все работает, спасибо, я правда обычный авторизованный доступ настроил!
All work, thanks!!!
Step 15 didn’t work for me but I used the below
$sudo su –
# adduser bob2
# Enter Password
# enter password again
Full Name Bob1 the man
Enter any required information or leave Blanc
Adding users to group
# usermod -G rbc_sftp bob2
#exit