Install vsftp on Ubuntu 16.04 server

by

For every new webpage I create on my own server, I also create a ftp user who only has access to that page’s web content.
Vsftp is quite inconvenient to work painlessly but after finding this article , it became much easier. Here I summarize my commands based on that article.

Installing vsftpd

sudo apt-get update
sudo apt-get install vsftpd -Y
Kopiera även orginalconfigfilen då vi kommer redigera vsftpd.conf
sudo cp /etc/vsftpd.conf /etc/vsftpd.conf.orig

Configure firewall

On new installs of ubuntu server, the firewall is inactive.
sudo ufw enable

sudo ufw status
sudo ufw allow 22/tcp
sudo ufw allow 20/tcp
sudo ufw allow 21/tcp
sudo ufw allow 990/tcp
sudo ufw allow 40000:50000/tcp
sudo ufw status

Add ftp user

Now I have topweb as a user, but you can replace topweb against what your user is for a webpage.
sudo adduser topweb

sudo mkdir /home/topweb/ftp
sudo chown nobody:nogroup /home/topweb/ftp
sudo chmod a-w /home/topweb/ftp

Here I add the folders and docks compose file that we use for wordpress later.
sudo mkdir -pv /home/topweb/ftp/files/wordpress/home/wp_html
sudo mkdir -pv /home/topweb/ftp/files/wordpress/home/db
sudo touch /home/topweb/ftp/files/wordpress/docker-compose.yml

sudo chown -R topweb:topweb /home/topweb/ftp/files
sudo ls -la /home/topweb/ftp

Configure vsftpd.conf

To open the vsftpd.conf file:
sudo nano /etc/vsftpd.conf

Make sure your vsftpd.conf file has the following parameters:
write_enable=YES
chroot_local_user=YES

user_sub_token=$USER
local_root=/home/$USER/ftp

pasv_min_port=40000
pasv_max_port=50000

userlist_enable=YES
userlist_file=/etc/vsftpd.userlist
userlist_deny=NO

rsa_cert_file=/etc/ssl/private/vsftpd.pem
rsa_private_key_file=/etc/ssl/private/vsftpd.pem

ssl_enable=YES

allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES

require_ssl_reuse=NO
ssl_ciphers=HIGH

Generate certificate/h4>
Because ftp without ssl certificate is very unsafe, we create a certificate and set the path to the file as we specified above.
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/vsftpd.pem -out /etc/ssl/private/vsftpd.pem

Add the user to the user list

In vsftpd.conf I have chosen that only users who are in userlist_file should have rights to connect with ftp, so we must add the user to that list.
echo "topweb" | sudo tee -a /etc/vsftpd.userlist
cat /etc/vsftpd.userlist

Restart vsftp service

The final step is to restart vsftp and make sure everything works by printing the status.
sudo systemctl restart vsftpd
sudo systemctl status vsftpd

Add more ftp users

To add more ftp users just do the same steps as before
sudo adduser topwebtest

sudo mkdir /home/topwebtest/ftp
sudo chown nobody:nogroup /home/topwebtest/ftp
sudo chmod a-w /home/topwebtest/ftp
sudo mkdir -pv /home/topwebtest/ftp/files/wordpress/home/wp_html
sudo mkdir -pv /home/topwebtest/ftp/files/wordpress/home/db
sudo touch /home/topwebtest/ftp/files/wordpress/docker-compose.yml
sudo chown -R topwebtest:topwebtest /home/topwebtest/ftp/files
sudo ls -la /home/topwebtest/ftp

Add to userlist_file
echo "topwebtest" | sudo tee -a /etc/vsftpd.userlist

Test TLS with FileZilla

Most modern FTP clients can be configured to use TLS encryption. The following illustration shows how the settings should look when you add a new ftp connection to the server with the ftp user we created. After you enter the password for the user in the next step that comes, just accept the certificate and you have securely connected with ftp to the server. All traffic is encrypted and if someone is listening on your traffic, the data is completely incomprehensible to the thief.

Leave a Reply

Your email address will not be published. Required fields are marked *


PageLines