FTP, short for file transfer protocol, is the most used network protocol for transferring files between two systems over a network. FTP in itself is not a secure protocol since it does not use any encryption and it may cause a system to get compromised. This is, therefore, the reason for VSFTP (very secure FTP), a secure FTP protocol that encrypts information transfer between systems. VSFTPD is licensed under GNU GPL and is used as a default FTP server for most of the Linux distributions. In this guide, we are going to look at how to install VSFTP server on Linux Mint 20.

Install FTP server on Linux Mint 20

Follow the following steps to get FTP server installed on Linux Mint 20.

Step 1: Install VSFTPD on Linux Mint 20

Run the following commands to install VSFTP server on Linux Mint 20

sudo apt-get update
sudo apt install -y vsftpd

Step 2: Configure VSFTPD on Linux Mint 20

Once installation is complete, we go ahead to configure VSFTPD. The configuration file is located at /etc/vsftpd.conf. Open the file with your preferred editor.

$ sudo nano /etc/vsftpd.conf

Add or uncomment the following lines if already added.

listen=NO 
anonymous_enable=NO 
local_enable=YES 
write_enable=YES 
local_umask=022 
dirmessage_enable=YES 
use_localtime=YES 
xferlog_enable=YES 
connect_from_port_20=YES 
chroot_local_user=YES 
secure_chroot_dir=/var/run/vsftpd/empty 
pam_service_name=vsftpd 
user_sub_token=$USER
pasv_enable=Yes 
pasv_min_port=30000 
pasv_max_port=30100 
allow_writeable_chroot=YES 
userlist_enable=YES
userlist_file=/etc/vsftpd.user_list
userlist_deny=NO
ssl_tlsv1=YES 
ssl_sslv2=NO

In this configuration, here are the explanations:

FTP access Configuration

By default, FTP grant access to anonymous user only. To prevent this and allow local users we use the below commands.

anonymous_enable=NO 
local_enable=YES 

We also need to ensure that each created user only uploads and access files in their own directories hence the commands:

write_enable=YES 
chroot_local_user=YES 
allow_writeable_chroot=YES 

FTP user restrictions

We also need to restrict users. Only those users in the list and not every local user is allowed to upload files.

userlist_enable=YES
userlist_file=/etc/vsftpd.user_list
userlist_deny=NO

Save and close the file when done then restart vsftpd service.

$ sudo systemctl restart vsftpd.service

Step 3: Secure FTP Server with SSL/ TLS

To encrypt the FTP transmissions with SSL/TLS, we need to have an SSL certificate and configure the FTP server to use it. Run the following command to generate self signed ssl certificate.

$ sudo openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /etc/ssl/private/vsftpd.pem -out /etc/ssl/private/vsftpd.pem

Once ssl is generated and stored, open ftp config file and add ssl path

$ sudo nano /etc/vsftpd.conf

Add the lines

rsa_cert_file=/etc/ssl/private/vsftpd.pem
rsa_private_key_file=/etc/ssl/private/vsftpd.pem
ssl_enable=YES

Save and close the file when done then restart vsftpd service.

$ sudo systemctl restart vsftpd.service

Step 4: Allow ports in firewall

If firewall is enabled, we need to allow FTP ports and TLS connection ports as shown below

$ sudo ufw allow 20/tcp
$ sudo ufw allow 21/tcp
$ sudo ufw allow 990/tcp
$ sudo ufw allow 40000:50000/tcp
$ sudo ufw enable

Step 5: Enable and run VSFTPD

Use the following commands to enable and start VSFTPD

$ sudo systemctl enable vsftpd.service
$ sudo  systemctl start vsftpd.service

Confirm vsftpd.service status

$ sudo systemctl status vsftpd.service

If running the output is as below:

Step 6: Create an FTP user

Issue the below commends to create a user who will be used for ftp connections if you do not have a user already to grant ftp access. You can skip this if you have a user.

$ sudo useradd <name>
$ sudo passwd <name>

Add the user to the allowed ftp users list.

$ echo "newftpuser" | sudo tee -a /etc/vsftpd.user_list

Now create the FTP directory tree and set the correct permissions

$ sudo mkdir -p /home/newftpuser/ftp/upload
$ sudo chmod 550 /home/newftpuser/ftp
$ sudo chmod 750 /home/newftpuser/ftp/upload
$ sudo chown -R newftpuser: /home/newftpuser/ftp

Step 7: Test FTP connection.

Test your FTP server locally by running the below shown command.

$ ftp 192.168.100.175
Connected to 192.168.100.175  (192.168.100.175). 
220 (vsFTPD 3.03).
Name (192.168.100.175:lorna) : lorna
530 Non-anonymous sessions must use encryption. 
Login failed. 
421 Service not available, remote server has closed connection 
ftp>

Also test ftp remotely by running the above command from a remote server. I am testing from a remote Elementary OS machine and the output is the same as above.

$ ftp 192.169.100.175
Connected to 192.168.100.175  (192.168.100.175). 
220 (vsFTPD 3.03)
Name (192.168.100.175:lorna) : lorna
530 Non-anonymous sessions must use encryption. 
Login failed. 
421 Service not available, remote server has closed connection 
ftp>

From the output above, there is an error that VSFTPD can only allow user to login from clients that support encryption services. Command line does not offer encryption services thus producing the error. To securely connect to the server, we need a FTP client that supports SSL/TLS connections such as FileZilla.

Install FileZilla FTP client on Debian/ Ubuntu

Use the below command to install FileZilla ftp client on Debian/ Ubuntu

$ sudo apt-get install filezilla

Once installed, launch filezilla from the system applications

Next, set the host/site name, add the IP address, define the protocol to use, encryption and logon type as in the screen shot below. Click on file > site manager > new site and fill as shown. Click on connect. Enter password when prompted and verify ssl

Verify ssl.

Once you verify ssl, you should notice that you are already connected to the ftp server as shown below:

Just drag and drop files to transfer between the local and remote server folders.

That’s it. You have successfully configured ftp vsftp server on Linux mint 20 and installed filezilla ftp client. Please check more interesting Linux guides below:

Linux Learning videos:

$12.15
$157.95
in stock
Udemy.com
$12.15
$157.95
in stock
Udemy.com
$12.15
$157.95
in stock
Udemy.com
$12.15
$157.95
in stock
Udemy.com

LEAVE A REPLY

Please enter your comment!
Please enter your name here

nineteen − 4 =