This tutorial is to know how we can install, config, set up, and use the VSFTPD FTP server on Ubuntu 22.04 LTS Jammy JellyFish using the command terminal.
Vsftpd is an FTP server that is very consciously designed for security. For example, the program checks its configuration and the rights of all files it is to access before starting and refuses to start if it is configured incorrectly.
Furthermore, Vsftpd is the only FTP server in the “main” branch of the Ubuntu distribution, i.e. it is guaranteed to be maintained and provided with security updates. This does not have to be the case with other FTP servers from the “universe/multiverse” branches.
Last but not least, Vsftpd is very easy to set up. Without cumbersome configuration files, you can let the local users access their home directory or set up anonymous FTP access. Apart from this open-source FTP server; PureFTPd and ProFTPD are some other popular names in the category.
Steps to install and VSFTPD FTP Server on Ubuntu 22.04
The steps given here can be used on Ubuntu 20.04 as well including Debian 11, Linux Mint, and other similar Linux distros.
Also, learn: How To Install SFTPGo on Ubuntu 22.04 LTS Jammy
1. Update Ubuntu 22.04
Let’s start with the running of the system update command because we are going to use an APT package manager to install VSFTPD. Therefore, this step ensures all the latest available updates are on our system.
sudo apt update && sudo apt upgrade
2. Install VSFTPD on Ubuntu 22.04
We don’t need to add any third-party repository or download any deb binary manually because the official Ubuntu repository is enough; use the APT package manager command given below and you are done:
sudo apt install vsftpd
3. Check Vsftpd service is active
Once the installation is completed, let’s check the service of this FTP server is running in the background without producing any errors.
systemctl status vsftpd --no-pager -l
4. Create a user for FTP on Ubuntu 22.04
Let’s create a user that will not have sudo access and we only use it to access a specific folder under its home directory for FTP to read and write files.
sudo adduser h2smedia
Note: Change h2smedia with whatever name you want to give to your user. The above command will also ask you to set the password for the user.
5. Create the FTP folder:
Now, let’s create a folder under the home directory of the newly created user so that the user can only access that to upload and download files. However, to restrict the user’s access to only some specific directory vsftpd uses chroot that we also need to enable, which we do later in this article. Yet, there is one more problem, it is VSFTPD will not allow a user to connect to the FTP server if the home directory is writable. Therefore, we create a root directory for a user named- FTP under the user’s home that will act as chroot, and inside that, there will be another directory known as upload to hold the files.
Note: Don’t forget to Replace h2smedia with your created user.
sudo mkdir /home/h2smedia/ftp
Configure ownership:
sudo chown nobody:nogroup /home/h2smedia/ftp
Remove the root FTP folder writable permission:
sudo chmod a-w /home/h2smedia/ftp
Create a directory to upload files, which going to hold your files:
sudo mkdir /home/h2smedia/ftp/upload
Give created upload folder ownership to our FTP user
sudo chown h2smedia:h2smedia /home/h2smedia/ftp/upload
Now to test, let’s a create demo file inside the upload folder:
echo "My FTP Server" | sudo tee /home/h2smedia/ftp/upload/demo.txt
Finally, check the permission for the FTP directory:
sudo ls -la /home/h2smedia/ftp
6. Configuring VSFTPD on Ubuntu 22.04
After installation, the configuration file /etc/vsftpd.conf must be adapted to your own needs with an editor. The file is commented on in detail. Nevertheless, the most important settings are explained below.
sudo nano /etc/vsftpd.conf
7. How to enable Anonymous user
(optional) By default due to security reasons, nobody can log in to the FTP server anonymously (without using a valid user). However, due to any reason, if you want to enable it then find a line- anonymous_enable=No and change NO to YES.
8. Enable Local FTP user
Well, to access the FTP server using the users you have created and available on your system, you can look for a line given below in Vsftpd config file on Ubuntu 22.04:
local_enable=YES
By default, it is set to YES or enabled, hence there is no need to do anything.
9. Enable file & folder upload
In the basic configuration, no user is allowed to write via FTP. Neither local users (if they are allowed by “local_enable=YES”), nor anonymous users. To enable the uploading of files to the FTP server, we need to
# Uncomment this to enable any form of FTP to write a command.
write_enable=YES
10. Restrict local users to their home directory
Now, restrict local users to their home directories. So, that they can’t access the files outside of their home directories. Find the below line and remove the # given in front of it to enable it.
chroot_local_user=YES
Scroll to the end of the file and the following lines, this will ensure that when a user login the FTP server, it routes to the directory that is meant to be accessed.
user_sub_token=$USER local_root=/home/$USER/ftp
Set Passive ports:
The Vsftpd uses active mode by default on ports – 20 / 21 to communicate if you want to set up passive mode as well which works if there is some firewall issue between the client and server. However, both the server and the client must support passive FTP mode for this process to work. However, the passive ports must be allowed in the server firewall. Know about its configuration.
pasv_min_port=30000 pasv_max_port=31000
Also, add the following lines which make sure the VSFTPD only allows the access of users to the FTP server which are in its list not anyone randomly.
userlist_enable=YES userlist_file=/etc/vsftpd.userlist userlist_deny=NO
Save the file using Ctrl+O, hit the Enter Key, and Exit the file using Ctrl+X.
Also, don’t forget to open ports in the firewall, if you are using UFW then use this command other wiser open the system in your cloud or network firewall. Port 900 is for TLS.
sudo ufw allow 20,21,990/tcp
sudo ufw allow 30000:31000/tcp
11. Add created user to the VSFTPD User list
Next, add the created user to the VSFTPD user list file, so that it allows that user to log in and access the FTP server.
echo "h2smedia" | sudo tee -a /etc/vsftpd.userlist
Note: Replace h2smedia with your created user.
12. Restart the VSFTPD Server
To apply the changes we have made so far, restart the FTP server service once:
sudo systemctl restart vsftpd
13. Connect to Test your FTP Server
We can use both the command line and GUI app to test the server to know whether it is working or not. Let’s first try with the command line:
Using Command line
-p is for passive mode
ftp -p 192.168.135.129
Note: Replace 192.168.135.129 with your Ubuntu 22.04 Server address where VSFTPD is installed.
As it asked for a Name, enter the FTP server username and then the password, you have set. If you have configured everything right, you will be able to log in.
Test Using File Zilla
Here we are using GUI FTP client FileZilla, you can use any other you have. On your FTP client enter the IP address of the Ubuntu 22.04 server where you have configured the VSFTPD. After that add the username and password.
14. Setup SSL/TSL for Vsftpd on Ubuntu 22.04
By default, the data transfer using the Vsftpd FTP server will not be in an encrypted format even the credentials, to remove this security flaw we can configure SSL using OpenSSL to provide encryption.
On your command terminal, first, run:
sudo openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /etc/ssl/private/vsftpd.pem -out /etc/ssl/private/vsftpd.pem
This will generate the required 2048-bit private key and self-signed SSL certificate.
Once you have generated the SSL certificate, edit the VSFTPD configuration file and add the location of the Private key and SSL certificate to that.
sudo nano /etc/vsftpd.conf
Scroll down to find the following lines and change their values as shown further:
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pemrsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.keyssl_enable=NO
Change the values of rsa_cert_file and rsa_private_key_file directives with the path of the SSL & Private key file we have generated. Also, change ssl_enable=NO to ssl_enable=YES. As shown below:
rsa_cert_file=/etc/ssl/private/vsftpd.pem rsa_private_key_file=/etc/ssl/private/vsftpd.pem ssl_enable=YES
Also, scroll to the end of the file and add:
allow_anon_ssl=NO force_local_data_ssl=YES force_local_logins_ssl=YES
This will deny access to Anonymous connection over SSL and force users to transfer data and log in using SSL only:
Save the file using Ctrl+O, hit the Enter key, and then exit using Ctrl+X.
Restart the FTP server:
sudo systemctl restart vsftpd
Now, check whether we can access the FTP server over TSL or not. Here we are using again the FileZilla:
15. How to update VSFTPD
As we have used the default system repository to install this open-source FTP server, hence we can use the system update and upgrade command as well to get future updates for this server application.
sudo apt update && sudo apt upgrade
16. Uninstall or Remove
To completely uninstall VSFTPD from Ubuntu 22.04, in case you don’t require this FTP server anymore on your system. Then, here is the command to follow:
sudo apt autoremove --purge vsftpd*
FAQ
VSFTPD stands for Very Secure FTP Daemon. It is an open-source FTP server for Unix and Linux to transfer data from the FTP client to the server and vice versa.
FTP is a file transfer protocol (FTP for short) whereas VSFTP is a server application that provides a platform to use FTP protocol efficiently and securely. FTP is used in large networks or servers to exchange files between server and PC or network and PC. We can use the FTP protocol to create, move, or delete directories on the server or network.
Yes, VSFTPD is one of the safest open-source FTP servers available to use free of cost. Apart from being secure it also offers fast speed and stability.
Vsftpd uses FTP protocol (stands for File transfer) to transfer the data and it stands for “Very Secure FTP Daemon“.
Yes, VSFTPD is an open-source server application licensed under the GNU General Public License. Therefore, the source code of VSFTPD is available for everyone.
Other Articles:
How to install FileZilla Server on Ubuntu 20.04/18.04 Linux
How to Install FileZilla FTP Client on Ubuntu 22.04 LTS Jammy
2 ways to Install LibreCAD on Ubuntu 22.04 LTS Jammy Linux
Install Foxit PDF Reader on Ubuntu 22.04 LTS Linux
Create a New User in Ubuntu 22.04 or 20.04 using GUI or Terminal
