FTP Server

Guide

• Filezilla Server
• vsftpd.conf

Server Configuration

Install vsftpd

sudo apt install -y vsftpd

Start service

sudo systemctl enable --now vsftpd
sudo systemctl status vsftpd

Disable firewall

sudo systemctl disable --now ufw
# sudo ufw allow 20/tcp
# sudo ufw allow 21/tcp
# sudo ufw allow 5000:10000/tcp

Create admin user

sudo useradd -m -s /bin/bash admin

sudo passwd admin
# Password:

sudo chown admin:ftp /srv/ftp -R

Create read user

sudo useradd -m -s /bin/bash ftpuser

sudo passwd ftpuser
# Password:

Create config file backup

sudo cp /etc/vsftpd.conf /etc/vsftpd.conf.orig

sudo vi /etc/vsftpd.conf

Update or uncomment in /etc/vsftpd.conf file

anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=0002
chroot_local_user=YES
chroot_list_enable=YES

Add in /etc/vsftpd.conf file

pasv_min_port=5000
pasv_max_port=10000
local_root=/srv/ftp
allow_writeable_chroot=YES

Create chroot file

sudo touch /etc/vsftpd.chroot_list

Add user in /etc/vsftpd.chroot_list file to access / files

Generate SSL certificate

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/vsftpd.pem -out /etc/ssl/private/vsftpd.pem

Update SSL configuration

sudo vi /etc/vsftpd.conf

Comment existing certificate

#rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
#rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
#ssl_enable=NO

Add new certificate

rsa_cert_file=/etc/ssl/private/vsftpd.pem
rsa_private_key_file=/etc/ssl/private/vsftpd.pem
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
require_ssl_reuse=NO
ssl_ciphers=HIGH

Restart vsftpd service

sudo systemctl restart vsftpd

Deny SSH Login

sudo tee -a /etc/ssh/sshd_config << EOF
DenyUsers admin ftpuser
EOF

sudo systemctl restart ssh