# FTP

## FTP

### With VSFTPD

* Very Secure File Transfer Protocol Daemon (vsftpd)
* Written by a security researcher (Chris Evans)
* Ubiquitous across the web

Install it:

`sudo apt install vsftpd`

Start it and enable it :

`sudo systemctl enable --now vsftpd`

Allow it through the firewall:

`sudo ufw allow ftp`

It will add port 21 but not 20 because passive mode will take in place

With passive mode : `sudo ufw allow 10000:20000/tcp`

Or if you want to use Active mode than you should allow port 20

`sudo ufw allow 20/tcp`

Default config works, but it is not very secure, and i need to tell it the ports range

`sudo vim /etc/vsftpd.conf`

#### *VSFTPD Configuration*

Restrict listening addresses

Allow anonymous FTP users if you are planning for a public FTP server

```bash
listen_address=192.168.1.5
anonymous_enable=YES
```

By default VSFTPD read only, so users can download but no upload (but only for users ofcourse)

```bash
# Uncomment this to enable any form of FTP write command.
write_enable=YES
```

Enable passive mode :

```bash
pasv_enable=YES
pasv_min_port=10000
pasv_max_port=20000
```

Now, restart the service:

`sudo systemctl restart vsftpd`

Now Users, like linux users can see their datalike their home directory

But if an anonymous user will see the content of `/srv/ftp`

And sure enough, now i can see my files:

<figure><img src="https://3920762582-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FUof61mOHVpq6iArn9d2y%2Fuploads%2FjBeSoE1UnHMrJ24FVBlS%2Fftp_gui.png?alt=media&#x26;token=50e6c064-5138-4224-919a-24acdad339b3" alt=""><figcaption><p>FILEZILLA GUI</p></figcaption></figure>

And f i connect as an anonymous user :thumbsup:

<figure><img src="https://3920762582-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FUof61mOHVpq6iArn9d2y%2Fuploads%2F0CYSpBH9sT63PFJxKz5o%2Fftp_anon_user.png?alt=media&#x26;token=47e361e4-ede5-433f-9919-7e5630c64013" alt=""><figcaption></figcaption></figure>

Logging is enabled by default :

```bash
# Activate logging of uploads/downloads.
xferlog_enable=YES
```

`sudo tail /var/log/vsftpd.log`

```bash
Sun Sep  3 12:46:11 2023 [pid 33142] CONNECT: Client "::ffff:192.168.1.100"
Sun Sep  3 12:46:11 2023 [pid 33141] [ftp] OK LOGIN: Client "::ffff:192.168.1.100", anon password "anonymous@example.com"
Sun Sep  3 12:47:28 2023 [pid 33596] CONNECT: Client "::ffff:192.168.1.100"
Sun Sep  3 12:47:28 2023 [pid 33595] [ftp] OK LOGIN: Client "::ffff:192.168.1.100", anon password "anonymous@example.com"
Sun Sep  3 12:47:28 2023 [pid 33597] [ftp] OK DOWNLOAD: Client "::ffff:192.168.1.100", "/anon_content", 0.00Kbyte/sec
```

#### ***Authenticated users***

Default to their home folder

```bash
chroot_local_user=YES
```

Let’s understand one thing before we jump to something else:

FTPS is on top SSL

SFTP is on top of SSH

***ENABLE TLS***

I have my own certs from Let’s Encrypt i will use it :

This is the default configuration, you should enable SSL from NO to YES

```
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
ssl_enable=NO
```

<figure><img src="https://3920762582-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FUof61mOHVpq6iArn9d2y%2Fuploads%2F1zOtpLzDFaOVDP9pAQX2%2Fftp_tls.png?alt=media&#x26;token=7f61e2f0-eed6-4e06-bbaa-a923041bd8eb" alt=""><figcaption></figcaption></figure>