FTP which stands for File Transfer Protocol is an application layer protocol that is used in the exchange of data and information between computers on a private network or internet seamlessly by use of an FTP application. Makes use of Transmission Control Protocol (TCP) on the internet. With the use of FTP, one can upload and download data with ease. In this guide, we are going to discuss how to install and configure vsftpd, an FTP Server that provides secure file transfer.
Very Secure FTP Daemon (vsftp) is an FTP daemon that establishes a secure connection to FTP Server by creating a secure tunnel that encrypts data flow to and from FTP Server. This protects files being uploaded or downloaded from hackers thus enforcing end-to-end encryption between the user and FTP Server.
Features of vsftpd
1. Secure – VSFTPD uses TLS/SSL to encrypt files being transferred between user and FTP server.
2. Stable – It is a very consistency and reliable FTP server.
3. Very fast – Since files are being downloaded and uploaded through a private tunnel, there is low interference hence time taken to upload and download large files in size within seconds.
4. Supports Virtual Users – This is more secure because whenever a real user account is compromised, user can only use FTP Server but can not login to system to use other services like SSH.
5. IP independent – supports both IPv4 and IPv6.
Step 1: Install vsftpd on Rocky Linux 8
Open you Rocky Linux 8 terminal then run the command below to start installation of vsftpd.
sudo yum update sudo yum install vsftpd
Press Y then Enter to permit installation process. Process will go for seconds then screen below will appear to very that installation is complete and was successful.
Screen above contains the version of vsftpd installed. To view more information on the version installed, use below command.
sudo rpm -qi vsftpd
Start vsftpd services then enable it to allow auto start on system boot. Run the last command to verify that vsftpd is up and running
sudo systemctl start vsftpd sudo systemctl enable vsftpd --now sudo systemctl status vsftpd
Step 2: Create FTP user and Its Directory.
There is a need now to create a user that will be used in accessing FTP server.
sudo adduser vsftpduser sudo passwd vsftpduser
Create FTP directory then grant necessary permissions and ownership effectively.
sudo mkdir -p /home/ftpuser/ftp_folder sudo chmod -R 750 /home/ftpuser/ftp_folder sudo chown ftpuser: /home/ftpuser/ftp_folder
Add FTP user to /etc/vsftpd/user_list file to grant user access to the vsftpd server.
sudo bash -c 'echo ftpuser >> /etc/vsftpd/user_list'
Step 3: vsftpd Configuaration.
Next we are going to make some configuration in vsftp configuration file to allow users be able to access FTP server. Open configuration file in /etc/vsftpd/vsftpd.conf to start editing.
Allow remote access to local users then block anonymous users. Check if lines are missing then add .
anonymous_enable = NO local_enable = YES
Give user permission to run ant FTP command such as downloading, uploading, deleting and even adding files.
write_enable = YES
Restrict user access only to there home directory.
chroot_local_user = YES
Grant users write permission to their home directories.
allow_writable_chroot = YES
Declare custom ports to enable passive FTP connections.
Allow only declared users in the user_list file to access FTP server then block the anonymous ones.
Save and close the file. Restart vsftpd services to allow changes to synchronize.
sudo systemctl restart vsftpd
Test ftp connection by running ftp command followed by your server IP as shown below.
Enter FTP user and password configured earlier. Screen below is an evident that FTP daemon, vsftpd is up and reachable via FTP protocol.
Step 4: SSL/TLS Configuration for vsftpd
Next, we are going to generate SSL certificate files then configure it on the server. This is to ensure security and encryption of file transfer between FTP server and user system.
Apply for certificate by running command shown.
sudo openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /etc/vsftpd.pem -out /etc/vsftpd/vsftpd.pem
Screen will come up prompting you to fill some details such as your country name, state/province and others. Give the necessary information accordingly.
Next, edit the /etc/vsftpd/vsftpd.conf file and add the paths of the certificate location. This is to create awareness of the vsftpd of the location of certificate files. Tell the server to switch on SSL.
$ sudo vim /etc/vsftpd/vsftpd.conf #add these lines rsa_cert_file=/etc/vsftpd/vsftpd.poem rsa_private_key_file=/etc/vsftpd.poem #switch on SSL ssl_enable=ON
Save and exit the file. Restart vsftpd service to allow changes in the file to take effect.
Step 5: Allow vsftpd in the firewall
Allow port 20 for FTP traffics, 21 for FTP data and 30000-31000 for passive communication with vsftpd.
sudo firewall-cmd --permanent --add-port=20-21/tcp sudo firewall-cmd --permanent --add-port=30000-31000/tcp
Reload firewall to effect the changes.
sudo firewall-cmd --reload
Step 6: Test vsftpd with FTP client (FileZilla).
For us to connect to FTP Server (vsftpd), we need an FTP client installed. If you are using a Windows system, just search for FileZilla then download the .exe file and install the application. For Linux users, use the command below to install FileZilla.
sudo apt install filezilla
Now launch your FTP client to initiate connect to vsftpd.
Enter vsftpd server IP, username and password respectfully. Click on Quickconnect button on the left hand side to start the connection.
A pop-up screen will show up prompting you to accept the security option to enable the establishment of a secure connection. Tick in the checkbox where it says “Always trust this certificate in the next session” then click the OK button to continue.
If the credentials you entered were all right then it will land on a page that simulates this one. It is divided into two parts, the left side files in your local server and the right side file in server with vsftpd.
Upload file with FTP client.
Download file with FileZilla.
We have managed to install vsftpd, FTP server in Rocky Linux 8 and ensured that it is up and running. Furthermore, we have also configure TLS/SSL encryption to allow secure connection to vsftpd FTP server. Hope the guide was useful and interesting. Share with friends and also your feedback is highly appreciated.
More guides available in our website: