If you’re looking to install an FTP server on Ubuntu, you can’t beat the simplicity of vsftpd
FTP stands for File Transfer Protocol. It is similar to HTTP (Hypertext Transfer Protocol) in that it specifies a language for transferring data over a network. FTP is not encrypted by default, so by itself, it is not a good choice for secure data transmission.
This guide will help you install and configure an FTP server with vsftpd on Ubuntu.
Access to a user account with sudo privileges Access to a terminal
- /command line window (Ctrl-Alt-T)
- , included by default
The apt package manager
Step 1: Update system packages Start by updating your repositories: Enter the following in a terminal window:
apt update The system proceeds
to update the repositories.
Step 2: Install
vsftpd Server on Ubuntu A common open source FTP utility used in Ubuntu
is vsftpd. It is recommended for its ease of use.
1. To install vsftpd
, enter the command: sudo apt install vsftpd
This is an example of the output in Ubuntu
. 2. To start the
service and enable it at startup, run the commands
: sudo systemctl start vsftpd sudo systemctl enable vsftpd
Step 3: Back up
the configuration files
Before making any changes, be sure to back up the configuration files
. 1. Create a
backup copy of the default configuration file by entering
the following: sudo cp /etc/vsftpd.conf /etc/vsftpd.conf_default Step 4: Create FTP User
FTP user with the following commands
: sudo useradd -m testuser sudo passwd testuser
The system should prompt you to create a password for the new testuser account.
Step 5: Configure the firewall to allow
If you are using UFW that comes standard with Ubuntu, it will block FTP traffic by default. Enter the following commands to open ports 20 and 21 for FTP traffic: sudo ufw allow 20/tcp sudo ufw allow 21/tcp
Step 6: Connect to Ubuntu FTP Server
to FTP server
with the following command: sudo ftp
ubuntu-ftp Replace ubuntu-ftp with your system name (taken from the command line).
Log in with the testuser Account and password you just set. You should now have successfully logged into your FTP server.
Configuring and securing Ubuntu vsftpd
default directory By default, the
FTP server uses the /srv/ftp directory as the default directory. You can change this by creating a new directory and changing the FTP user’s home directory.
To change the FTP home directory, type the following
: sudo mkdir /srv/ftp/new_location sudo usermod -d /srv/ftp/new_location ftp Restart the vsftpd service to apply the changes: sudo systemctl restart
Now, you can put any file you want to share via FTP in the /srv/ftp folder (if you left it as default), or the /srv/ftp/new_location/ directory (if you have changed it).
If you want to allow authenticated users to upload files, edit the vsftpd.conf file by entering the following: sudo nano /etc/vsftpd.conf
Find the entry labeled write_enable=NO and change the value to “YES”. Save
file, exit, and then restart
the FTP service with the following: sudo systemctl restart vsftpd.service
This allows the user to make changes within their home directory
Numerous exploits take advantage of unsecured FTP servers. In response, there are several configuration options in vsftpd.conf that can help secure your FTP server.
Limit user access
One method is to limit users to their home directory. Open
vsftpd.conf in an editor and uncomment the following command: chroot_local_user=YES
Here is an example of the nano
file: Create a user list file To create a list
, edit /
etc/vsftpd.chroot_list and add one user per line
your ftp server to limit this list of users to their own home directories by editing vsftpd.conf: chroot_local_user=YES chroot_list_file=/etc/vsftpd.chroot_list The image illustrates the edits that were made: Restart the vsftpd service: sudo systemctl Restart vsftpd.service
default, the list of users blocked from FTP access is stored in /etc/ftpusers . To add blocked users, edit this file and add one user per line.
Encrypt traffic with FTPS
Another method to protect your FTP server is to encrypt traffic. This is done by using FTPS – File Transfer Protocol over SSL (Secure Socket Layer).
For this to work, users must be configured with a shell account on the FTP server. This will add a layer of strong encryption to your FTP traffic.
1. Start by creating a new certificate with openssl. To do this, run the command
: sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/vsftpd.pem -out /etc/ssl/private/vsftpd.pem
2. Provide the necessary information when prompted, or maintain the default settings by pressing Enter.
3. Next, open your vsftpd.conf file in an editor and change the line ssl_enable = NO to ssl_enable = YES: ssl_enable = YES
4. Then add the following lines: rsa_cert_file=
/etc/ssl/private/vsftpd.pem rsa_private_key_file=/etc/ssl/private/vsftpd.pem allow_anon_ssl=NO force_local_data_ssl=YES force_local_logins_ssl=YES ssl_tlsv1=YES ssl_sslv2=NO ssl_sslv3=NO require_ssl_reuse=NO ssl_ciphers=HIGH pasv_min_port=40000 pasv_max_port=50000
5. Save your changes and exit the file.
6. Finally, restart the service
to apply the changes:
sudo systemctl restart vsftpd.service
Now, you should have installed an FTP server on Ubuntu with vsftpd
You should now be able to set up your user and account lists, and connect to your new FTP server. We also detail the risks of the FTP protocol and how to mitigate them.