FTP
FTP
With VSFTPD
Very Secure File Transfer Protocol Daemon (vsftpd)
Written by a security researcher (Chris Evans)
Ubiquitous across the web
Install it:
sudo apt install vsftpd
Start it and enable it :
sudo systemctl enable --now vsftpd
Allow it through the firewall:
sudo ufw allow ftp
It will add port 21 but not 20 because passive mode will take in place
With passive mode : sudo ufw allow 10000:20000/tcp
Or if you want to use Active mode than you should allow port 20
sudo ufw allow 20/tcp
Default config works, but it is not very secure, and i need to tell it the ports range
sudo vim /etc/vsftpd.conf
VSFTPD Configuration
Restrict listening addresses
Allow anonymous FTP users if you are planning for a public FTP server
listen_address=192.168.1.5
anonymous_enable=YES
By default VSFTPD read only, so users can download but no upload (but only for users ofcourse)
# Uncomment this to enable any form of FTP write command.
write_enable=YES
Enable passive mode :
pasv_enable=YES
pasv_min_port=10000
pasv_max_port=20000
Now, restart the service:
sudo systemctl restart vsftpd
Now Users, like linux users can see their datalike their home directory
But if an anonymous user will see the content of /srv/ftp
And sure enough, now i can see my files:

And f i connect as an anonymous user 👍

Logging is enabled by default :
# Activate logging of uploads/downloads.
xferlog_enable=YES
sudo tail /var/log/vsftpd.log
Sun Sep 3 12:46:11 2023 [pid 33142] CONNECT: Client "::ffff:192.168.1.100"
Sun Sep 3 12:46:11 2023 [pid 33141] [ftp] OK LOGIN: Client "::ffff:192.168.1.100", anon password "anonymous@example.com"
Sun Sep 3 12:47:28 2023 [pid 33596] CONNECT: Client "::ffff:192.168.1.100"
Sun Sep 3 12:47:28 2023 [pid 33595] [ftp] OK LOGIN: Client "::ffff:192.168.1.100", anon password "anonymous@example.com"
Sun Sep 3 12:47:28 2023 [pid 33597] [ftp] OK DOWNLOAD: Client "::ffff:192.168.1.100", "/anon_content", 0.00Kbyte/sec
Authenticated users
Default to their home folder
chroot_local_user=YES
Let’s understand one thing before we jump to something else:
FTPS is on top SSL
SFTP is on top of SSH
ENABLE TLS
I have my own certs from Let’s Encrypt i will use it :
This is the default configuration, you should enable SSL from NO to YES
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
ssl_enable=NO

Last updated