Am writing this to demonstrate how we can set up a file transfer protocol in ubuntu.
First things first, Ftp is a standard network protocol used to transfer computer files from one host to another host over a TCP-based network, such as the Internet.
FTP is built on a client-server architecture and uses separate control and data connections between the client and the server.
Now lets set it up.
Step 1 » Update
repositories .
mundia@localhost:~$ sudo apt-get update
mundia@localhost:~$ sudo apt-get update
Step 2 » Install VsFTPD package using the below command.
mundia@localhost:~$ sudo apt-get install vsftpd
Step 3 » After installation open /etc/vsftpd.conf file and make changes as follows.
Uncomment the below lines (line no:29 and 33).
write_enable=YES
local_umask=022 » Uncomment the below line (line no: 120 ) to prevent access to the other folders outside the Home directory.
chroot_local_user=YES and add the following line at the end.
allow_writeable_chroot=YES» Add the following lines to enable passive mode.
pasv_enable=Yes
pasv_max_port=40000
pasv_min_port=40100
Step 4 » Restart vsftpd service using the below command.
mundia@localhost:~$ sudo service vsftpd restart
Step 5 » Now ftp server will listen on port 21. Create user with the below command.
Use /usr/sbin/nologin shell to prevent access to the bash
shell for the ftp users .
mundia@localhost:~$ sudo useradd -m john -s /usr/sbin/nologin
mundia@localhost:~$ sudo passwd john
Step 6 » Allow login access for nologin shell .
Open /etc/shells
and add the following line at the end.
/usr/sbin/nologin
Now try to connect this ftp server with the username on port 21 using winscp or filezilla client and make sure that user cannot access the other folders outside the home directory.
/usr/sbin/nologin
Now try to connect this ftp server with the username on port 21 using winscp or filezilla client and make sure that user cannot access the other folders outside the home directory.
Please note using ftp on port 21 is a big security risk . it’s highly recommended to use SFTP. Please continue for SFTP configuration
Securing FTP ( SFTP )
SFTP is
called as “Secure FTP” which generally use SSH File Transfer Protocol . so we
need openssh-server package installed , Issue the below command if it’s not
already installed.
mundia@localhost:~$ sudo apt-get install openssh-server
Step 7 » Again open /etc/vsftpd.conf file and add the below line to enable ssl.
ssl_enable=Yes
Step 8 » Create a new group ftpaccess for FTP users.
mundia@localhost:~$ sudo groupadd ftpaccess
Step 9 » Now make changes in this /etc/ssh/sshd_config file.
» Find the below line
Subsystem sftp /usr/lib/openssh/sftp-server and replace with
Subsystem sftp internal-sftp
Match group ftpaccess
ChrootDirectory %h
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp» and comment the below line ( Last line).
#UsePAM yes
Step 10 » Restart both VsFTPD and sshd service.
mundia@localhost:~$ sudo service vsftpd restart
mundia@localhost:~$ sudo service ssh restart
Step 11 » The below steps must be followed while creating Users for sftp access.
Create user john with ftpaccess group and /usr/bin/nologin shell.
mundia@localhost:~$ sudo useradd -m john -g ftpaccess -s /usr/sbin/nologin
mundia@localhost:~$ sudo passwd johnChange ownership for the home directory.
mundia@localhost:~$ sudo chown root /home/john
Create a folder inside home directory for writing and
change ownership for that folder.
mundia@localhost:~$ sudo mkdir /home/john/www
mundia@localhost:~$ sudo chown john:ftpaccess /home/john/www
Now try to connect server using SFTP ( port : 22 ) and makesure Users can upload files to www directory and cannot access other folders outside home directory.
