FTP

FTP

With VSFTPD

  • Very Secure File Transfer Protocol Daemon (vsftpd)

  • Written by a security researcher (Chris Evans)

  • Ubiquitous across the web

Install it:

sudo apt install vsftpd

Start it and enable it :

sudo systemctl enable --now vsftpd

Allow it through the firewall:

sudo ufw allow ftp

It will add port 21 but not 20 because passive mode will take in place

With passive mode : sudo ufw allow 10000:20000/tcp

Or if you want to use Active mode than you should allow port 20

sudo ufw allow 20/tcp

Default config works, but it is not very secure, and i need to tell it the ports range

sudo vim /etc/vsftpd.conf

VSFTPD Configuration

Restrict listening addresses

Allow anonymous FTP users if you are planning for a public FTP server

By default VSFTPD read only, so users can download but no upload (but only for users ofcourse)

Enable passive mode :

Now, restart the service:

sudo systemctl restart vsftpd

Now Users, like linux users can see their datalike their home directory

But if an anonymous user will see the content of /srv/ftp

And sure enough, now i can see my files:

FILEZILLA GUI

And f i connect as an anonymous user 👍

Logging is enabled by default :

sudo tail /var/log/vsftpd.log

Authenticated users

Default to their home folder

Let’s understand one thing before we jump to something else:

FTPS is on top SSL

SFTP is on top of SSH

ENABLE TLS

I have my own certs from Let’s Encrypt i will use it :

This is the default configuration, you should enable SSL from NO to YES

PreviousMore About IptablesNextSSH

Last updated