Skip to main content

Configure FTP - Ubuntu Server

Assuming you have nothing installedinstalled, and are starting from complete scratch, run the following to install vsftpd
run sudo apt-get update && sudo apt install vsftpd to install vsftpd.

Navigate to the home directory of the user you wish to enable FTP access, and run the following.

sudo mkdir /home/USER/ftp
sudo chown nobody:nogroup /home/USER/ftp
sudo chmod a-w /home/USER/ftp

Create a directory where files can be uploaded

sudo mkdir /home/USER/ftp/files
sudo chown USER:USER /home/USER/ftp/files

Add the following to /etc/vsftpd.conf and run sudo systemctl restart vsftpd to restart the service

# FTP Initial Configuration Options
pasv_min_port=40000
pasv_max_port=50000
user_sub_token=$USER
local_root=/home/$USER/ftp
pasv_min_port=40000
pasv_max_port=40000
userlist_enable=YES
userlist_file=/etc/vsftpd.userlist
userlist_deny=NO
pasv_promiscuous=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
require_ssl_reuse=NO
ssl_ciphers=HIGH

Change or modify the following values, when editing these files I like to just comment out the default value, and create a separate value in an organized list with my custom settings. This is useful later should I want to refer back to the default value I can just search it up in my file, and keeps things organized so when I return to the file later I can pick things back up quickly.

# Values Modified During FTP Setup
chroot_local_user=YES
write_enable=YES
ssl_enable=YES

 Run sudo systemctl restart vsftpd to restart the service and test your connection using Filezilla.

Debugging FTP Connections

If you're having issues with your FTP connection, check on the service with the following commands
sudo systemctl -l status vsftpd
sudo tail -f /var/log/vsftpd.log

To test FTP connections via commandline, run the following
ftp -p IPADDRESS

You cannot connect to FTP via commandline using this method if you have enabled SSL/TLS because your connection will not be encrypted under TLS. Use Filezilla or another encrypted connection method instead.

And, since vsftpd should always be listening for connections, we can use lsof in a similar way to verify that we are using the correct IP 
lsof -i | grep ftp

To check if your ports are correctly configured, run
netstat | grep tcp

Notes

Modifying the values below during setup of TLS encryption caused vsftpd to crash on startup..
These values were obtained following the tutorial below. Just noting this in case I missed something here, so I can revisit it later.
https://www.digitalocean.com/community/tutorials/how-to-set-up-vsftpd-for-a-user-s-directory-on-ubuntu-16-04#step-6-%E2%80%94-securing-transactions

# Working values, establishes TLS connection via Filezilla FTP
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem

# Modified values from generating ssl cert that are crashing vsftpd
# rsa_cert_file=/etc/ssl/private/vsftpd.pem
# rsa_private_key_file=/etc/ssl/private/vsftpd.pem
Back to top