Setup FTP server using VsFtp and Configure Secure FTP connections (Using TLS/SSL) on Ubuntu 14.04 Server

Sponsored Link
vsftpd is a GPL licensed FTP server for UNIX systems, including Linux. It is secure and extremely fast. It is stable. Don't take my word for it, though. Below, we will see evidence supporting all three assertions. We will also see a list of a few important sites which are happily using vsftpd. This demonstrates vsftpd is a mature and trusted solution.

VsFTPd Features

Despite being small for purposes of speed and security, many more complicated FTP setups are achievable with vsftpd! By no means an exclusive list, vsftpd will handle:

Virtual IP configurations
Virtual users
Standalone or inetd operation
Powerful per-user configurability
Bandwidth throttling
Per-source-IP configurability
Per-source-IP limits
IPv6
Encryption support through SSL integration

Install VsFTPd server on ubuntu

Open the terminal and run the following command

sudo apt-get install vsftpd

Configuring Vsftpd server

The default configuration file is located at /etc/vsftpd.conf so you need to edit this file to configure your vsftpd server

sudo vi /etc/vsftpd.conf

Disable the ability for users to log in anonymously by changing the following option

anonymous_enable=NO

Next, we need to enable user logins that use the local authentication files, since we disabled anonymous access. Uncomment the following line

local_enable=YES

To enable users to make modifications to the filesystem, we will uncomment the following option

write_enable=YES

uncomment the chroot_local_user option to restrict users to their own home directories

chroot_local_user=YES

Save and close the file.

Creating FTP User

Because of the way vsftpd secures its chroot jails, the chroot must not be owned by the user and must not be writeable. Because of this, it is best to implement a user specifically for use with FTP.

Create the user using the following command

sudo adduser ftpuser1

Assign a password and feel free to press "ENTER" through the other prompts. Now, give root ownership of the ftpuser1's home directory:

sudo chown root:root /home/ftpuser1

We need to create a separate directory within this home directory where files can be uploaded. Then, we need to give this directory over to our FTP user:

sudo mkdir /home/ftpuser1/files
sudo chown ftpuser:ftpuser /home/ftpuser1/files

Now, we should be able to log in (insecurely) as the ftpuser1 and upload files to the files directory.

Configure SSL with vsftpd

We need to create some SSL certificates to use with vsftpd.Create SSL certificates uding the following command and this certificate valid for 1 year It will be placed in the /etc/ssl/private/ directory, which we can reference in our configuration file.

sudo openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout /etc/ssl/private/vsftpd.pem -out /etc/ssl/private/vsftpd.pem

Add the SSL Details to the vsftpd Configuration

Open the vsftpd configuration file using the following command

sudo vi /etc/vsftpd.conf

You should see similar to the following line that matches the SSL certificate we just created

rsa_cert_file=/etc/ssl/private/vsftpd.pem

When we created the certificate, we included both the key file and the certificate in one file, so we can also point our private key line to that:

rsa_private_key_file=/etc/ssl/private/vsftpd.pem

After that, we will add the following lines to force SSL. This will restrict clients that can't deal with TLS, but that is what we want.

ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES

After this we configure the server to use TLS, which is actually a successor to SSL, and preferred:

ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO

Finally, we will require add some additional options to flesh out our configuration file

require_ssl_reuse=NO
ssl_ciphers=HIGH

Save and close the file.

Finally we need to restart vsftpd service to take all these changes

sudo service vsftpd restart

Now you can use filezilla or coreftp clients to connect vsftpd server

Sponsored Link

You may also like...

2 Responses

  1. Steve says:

    This article is great help setting up my new server. But I’m having trouble with the ssl certificate code not working. sudo openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout /etc/ssl/private/vsftpd.pem -out /etc/ssl/private/vsftpd.pem This code just shows a list of ssl codes in the terminal.

  2. Jarkko says:

    Very useful article, got SSL working well with the instructions

Leave a Reply

Your email address will not be published. Required fields are marked *