FTP, or File Transfer Protocol, is the most widely used network protocol for transferring files and data between two systems over a network. FTP does not encrypt traffic by default, which is insecure and can lead to an attack on the server. VSFTPD (Very Secure FTP Daemon) is a secure, reliable and fast FTP server.
VSFTPD is licensed under the GNU GPL and is the default FTP server for most Linux systems. This article shows you how to install and configure an FTP server on Linux Mint operating system.
How does an FTP server work?
FTP server allows file transfer between client and server. You can upload or download files from the server. The client establishes two connections to the server: one for sending commands and one for sending data. The client sends a command to the FTP server on port 21, the FTP command port. The data port is used for data transfer. There are two types of data connection modes:
- Active mode: In active mode, the client creates a port and waits for the server to connect. This allows it to transmit data. The server connects to the client for data transfer on port 20. Active mode is not enabled by default in most FTP clients because most firewalls, such as our FTP server, deny connections from outside. To use this feature, you must set up a firewall.
- Passive Mode: When a client requests a file, the server opens a random port and tells the client to connect to it. In this case, the client initiates the connection, resolving firewall issues. Most FTP clients run in passive mode by default.
Installing an FTP Server in Linux Mint
First, connect to the Linux virtual machine via SSH using a user with sudo privileges, and then follow these steps:
Step 1: Set up an FTP server
There are many FTP servers available such as ProFTPD and vsftpd. We will be using vsftpd.
vsftpd FTP Server Functions
vsftpd offers many features that make it a great FTP server. This:
- Supports virtual IP configuration
- Supports SSL/TLS compatibility
- Facilitates IPv6
- With the chroot capability, the system can restrict users to their home directory. This will be established later in the article.
- This can limit bandwidth.
- Supports virtual users
We will start by installing VSFTPD on our system. To do this, launch the Terminal in Mint OS by pressing Ctrl+Alt+T on your keyboard. Then, in the terminal, enter the following command to update the system repository index:
sudo apt update
Now enter the command below to install vsftpd:
sudo apt install vsftpd
Once the installation is complete, run the following line of code to check if the vsftpd service is active:
sudo systemctl status vsftpd
In the Active category, you can see that vfstpd is active (running). The systemctl command is used to manage and test Linux services. This command can also be used to enable and disable Linux services. If vsftpd is not running, enter the following line of code into a terminal:
sudo systemctl enable --now vsftpd
Note. The –now option ensures that the enable command has an immediate effect on our service, and not after a reboot.
Step 2: Set up your firewall
FTP uses port 20 for active mode, port 21 for commands, and several ports for passive mode. We need to allow these ports through our firewall. You can skip this step if you are not using a firewall. Most Linux systems use ufw to manage firewalls. However, some cloud providers such as Microsoft Azure have firewalls outside of the VM that must be configured through their portal. Open the port range for passive FTP connections and ports 20 and 21 for TCP connections. The range of passive ports depends on the expected number of concurrent user clients.
In addition, a single client can transfer multiple or large files using multiple ports. We will see how to specify our FTP server to use these ports later in this guide. Ports 1 to 1024 are reserved, so our passive FTP port range must be greater than 1024. I will open ports between 5000 and 10000. Also, we will open port 990 for TLS, which will be configured later. Let’s do it for ufw. Enter the following lines of code on your terminal:
sudo ufw allow 20/tcp sudo ufw allow 21/tcp sudo ufw allow 990/tcp sudo ufw allow 5000:10000/tcp
Step 3: Set up users
The two most typical use cases for FTP servers are:
- You want to host a public FTP server that many public users will connect to to receive files.
- You want to upload files to your Linux server for personal use without the presence of public users.
In the first scenario, you will need to create an additional user and provide your clients with a username and password to access files. Otherwise, the second example is identical to the first.
The public user should only be allowed to view and upload files from a specific directory, but the administrator should be able to upload files to any folder on the computer. To do this, you must have a basic understanding of user permissions. The root user can write files to any folder on the server. Other users have access to all folders in their home directory, which is /home/username, but cannot write to most other directories.
Let’s say you want to upload files to directories other than your administrator’s home directory, such as /var/www. In this case, you must change the owner of the directory to your administrator user with the chown command, or change the permissions to change the directory with the chmod command.
Create a public user account to get started. To do this, run the following line of code:
sudo adduser fosslinux
Enter your password, clear the rest of the fields and press Y to save your changes.
We will now disable ssh permission for this user for security purposes. Enter the following command:
sudo nano /etc/ssh/sshd_config
Add the following line to this file:
Type Ctrl+x followed by y followed by Enter. Restart the SSH service for these changes to take effect.
sudo systemctl restart ssh
Step 4: Create an FTP folder and set its permissions.
We will create an FTP directory. Enter the following command:
sudo mkdir /ftp
We will now change the owner of this directory to our administrator account. Key in
sudo chown fosslinux /ftp
If you want to upload files to a folder that is not owned by your administrator account, you must use the previous command to change the owner of the folder.
Step 5: Set up and secure vsftpd
Open the configuration file for vsftpd. To do this, run the following command:
sudo nano /etc/vsftpd.conf
Make sure the following lines are not commented out
anonymous_enable=NO local_enable=YES write_enable=YES
We also opened ports 5000 to 10000 for passive mode in step 2. So now we need to tell vsftpd which ports to use for passive FTP connections. Add the following lines to the vsftpd.conf file.
We will now define a default directory for FTP connections that will be opened whenever a client connects to our FTP server. To do this, add the following line:
Note. Note that there must be no spaces before or after the = sign in this configuration file.
How to block a user in the home directory
For security purposes, we will limit the fosslinux user to the default directory, as the user can usually browse the entire Linux server by default. To do this, vsftpd uses chroot. Uncomment the following lines to continue.
chroot_local_user=YES chroot_list_enable=YES chroot_list_file=/etc/vsftpd.chroot_list
Also, add the following line to the config file as it is missing by default.
The first line enables the chroot function for local users, including our administrators and fosslinux users. The second and third lines allow us to select users to chroot.
How to set file permission
This line will change the modify permission of each newly created file and folder to 664 (-rw-rw-r-) and 775 respectively (rwxrwxr-x). This means that the fosslinux user can only read and download files from each subdirectory of our FTP directory, but cannot upload anything since he is not the owner of the directory.
Type Ctrl+x followed by y followed by Enter. Currently, we have to create this list file by executing the following line of code:
sudo touch /etc/vsftpd.chroot_list sudo nano /etc/vsftpd.chroot_list
Regardless of the users you choose in this file; they will not be chrooted. So put your administrative username in this file as we don’t like to block it.
Type Ctrl+x followed by y followed by Enter. We need to restart our vsftpd server for these changes to take effect immediately. You can restart the server by running this line of code:
sudo systemctl restart --now vsftpd
How to secure vsftpd with TLS/SSL
It is recommended to encrypt FTP traffic if it will be transmitted over the Internet. FTPS will be used to encrypt our traffic (file transfer protocol over SSL). First, let’s create a self-signed certificate. Enter the following commands in the terminal:
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/vsftpd.pem -out /etc/ssl/private/vsftpd.pem
Enter the required information and the certificate will be generated. You can also press Enter to set the default values. At this time, open the vsftpd configuration file. Run this line of code:
sudo nano /etc/vsftpd.conf
Go to the end of the file and delete the lines shown below.
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key ssl_enable=NO
After you have removed the above lines, add the following lines:
rsa_cert_file=/etc/ssl/private/vsftpd.pem rsa_private_key_file=/etc/ssl/private/vsftpd.pem ssl_enable=YES allow_anon_ssl=NO force_local_data_ssl=YES force_local_logins_ssl=YES ssl_tlsv1=YES ssl_sslv2=NO ssl_sslv3=NO require_ssl_reuse=NO ssl_ciphers=HIGH
Finally, restart the vsftpd service with the command
sudo systemctl restart --now vsftpd
How to connect to our FTP server
You will need an FTP client for this. Again, there are plenty of options available. I would suggest using Filezilla. Download, install, then run. Enter your server’s IP address in the “Host” section, along with your username and password, and then click the “Quick Connect” button.
You will see your PC directories on the left and your FTP server directories on the right. You can upload and download files between the FTP server and your device by drag and drop (client).
2588600cookie-checkHow to set up an FTP server on Linux Mintno
Comments: 0Publications: 76Registration: 22-11-2021
#Install #FTP #Server #Linux #Mint
❤ XOXO ❤