Vsftpd ( Very Secure File Transfer Protocol Daemon ) is the default FTP server for Ubuntu, CentOS, Fedora, and RHEL Linux distributions. Vsftpd is a stable, fast, and secure FTP server used for file transfers from the client to remote servers and vice versa.
Vsftpd among other features has IPv6 and TLS support, we can use also use SFTP ( SSH File Transfer Protocol ) to run FTP over SSH, but for this tutorial, you will learn how to secure FTP with SSL/TLS. SSL/TLS support is built into many internet communications frameworks and the certificate visibility offers higher trust for authentication.
We will start by updating the Ubuntu 20.04 packages with the command:
$ sudo apt update
Then we can proceed to install vsftpd:
$ sudo apt install vsftpd
Next, we can check the vsftp version with vsftpd -v and we can also check if the vsftpd service is running with:
$ systemctl status vsftpd
We can configure vsftpd from the configuration file that can be found in /etc/vsftpd.conf
Make sure you create a copy of the original file before we start editing the configuration file.
Now we can open the configuration file with:
$ sudo nano /etc/vsftpd.conf
You can notice the following configuration which is enabled by default:
# Allow anonymous FTP? (Disabled by default). anonymous_enable=NO # # Uncomment this to allow local users to log in. local_enable=YES
If we want to allow users to add, change, or remove files and directories we will need to uncomment the line #write_enable=YES by removing the # symbol.
Next, you can create a list of users that will have access by adding the following lines in the configuration:
userlist_enable=YES userlist_file=/etc/vsftpd.userlist userlist_deny=NO
/etc/vsftpd.userlist will be the file to which we can add users that we want to give access.
You can add the users with the command:
echo "user" | sudo tee -a /etc/vsftpd.userlist
Or you can simply open the file with your favorite file editor and add the name of the users each in a new line.
You can also enable Chroot Jail for the users in the configuration file so the users cannot access the filesystem outside of its home directory with uncommenting the line:
Securing Transmissions using SSL/TLS
FTP is not encrypting the data including the user credentials during the FTP session. That’s why to increase security you should use SFTP or enable TLS/SSL for encrypted transfer. If you have a domain pointing to your server you can also use a free SSL Certificate from Let’s Encrypt. With an SSL certificate installed you will also be to see the certificate information before connecting, to verify that you are connecting to the right server.
You can use the following command to generate a self-signed certificate that is valid for 1 year:
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/vsftpd.pem -out /etc/ssl/private/vsftpd.pem
You can answer the questions accordingly or just skip the questions using enter for default values.
This will generate the certificate and private key in the /etc/ssl/private/ directory.
Now you will need to change the /etc/vsftpd.conf configuration file to the location of the certificate and the private key. Open the /etc/vsftpd.conf with your favorite editor and change the values to the right location and make sure to enable SSL also.
... rsa_cert_file=/etc/ssl/private/vsftpd.pem rsa_private_key_file=/etc/ssl/private/vsftpd.pem ssl_enable=YES ...
Save the file and restart the vsftpd service for the changes to take effect with:
systemctl restart vsftpd
Now using an FTP client you can connect securely to your FTP server, in this tutorial we will be using the Filezilla FTP client.
To create the FTP connection, open the Site Manager and use the following options to connect to your server.
For the Host value use the IP address of your FTP server and make sure that you choose the “Require explicit FTP over TLS” option for Encryption.
After you click on Connect, you will see the certificate information and you can check the “Always trust this certificate in future sessions” if you don’t want to receive this message in future sessions.
Click OK and you will notice in the Status screen that TLS connection is established and you are successfully connected to your FTP server.
Of course, if you are one of our Ubuntu Hosting customers, you don’t have to install Vsftpd with SSL/TLS on your Ubuntu 20.04 VPS – simply ask our admins, sit back, and relax. Our admins will install Vsftpd with SSL/TLS on Ubuntu 20.04 for you immediately.
PS. If you liked this post about how to install Vsftpd with SSL/TLS on Ubuntu 20.04 VPS, please share it with your friends on the social networks using the buttons below, or simply leave a comment in the comments section. Thanks.