قالب وردپرس درنا توس
Home / Tips and Tricks / How to set up a Linux FTP server for fast file transfers – CloudSavvy IT

How to set up a Linux FTP server for fast file transfers – CloudSavvy IT



filezilla logo

FTP, or File Transfer Protocol, is a standard protocol for sending and receiving files from remote servers. It’s easier to use than command line options like scp, especially with GUI interfaces like FileZilla.

What is FTP?

In the past on the Internet, public FTP servers were a very common way to make files available to a large number of people. Today, FTP still exists and is often used for administrative tasks.

While some form of FTP CLI comes with most major operating systems, GUI clients like FileZilla make the process of moving files between servers as easy as dragging and dropping from local storage to remote storage, or vice versa. All underlying traffic is handled with FTP.

To set this up, you need to install and configure an FTP server, such as vsftpd, on the remote machine you want to access.

It should be noted that users who are logged in via FTP will have access to your system, just as you do. There are steps you can take to mitigate these risks, such as whitelisting access and locking users in their home directories.

Installing vsftpd

To get started, install vsftpd from your district’s package manager. For Debian based systems like Ubuntu it would be from apt:

sudo apt-get install vsftpd

Then you need to start the service and set it to run at start time:

systemctl start vsftpd
systemctl enable vsftpd

FTP has two primary authentication methods:

  • Anonymous FTP, where anyone can log in without a password. This is used for general file sharing and is disabled by default.
  • Local user login, which allows all users to log in /etc/passwd to access FTP with a username and password.

You probably want to enable local user login and keep anonymous access disabled. Logging in to FTP with your user account gives you access to everything that your account can access.

Open /etc/vsftpd.conf in your favorite text editor and change the following line to YES:

local_enable=YES

Change if you want to be able to upload files write_enable to YES also:

write_enable=YES

With a reboot of vsftpd (systemctl restart vsftpd), you should now be able to log in to FTP with a client such as FileZilla or CLI on your personal machine.

If you only want to enable FTP for specific users, you can whitelist access. Open /etc/vsftpd.userlistand add the names of each account you want to activate on separate lines.

nano /etc/vsftpd.userlist

Then add the following lines to /etc/vsftpd.conf:

userlist_enable=YES
userlist_file=/etc/vsftpd.userlist
userlist_deny=NO

This will restrict access to only those users defined in the user list file and deny all others.

If you do not want users to access files outside of their home directory, you can place them in a chroot jail, preventing them from interacting with any top-level directories. You can enable this by unchecking the following line in /etc/vsftpd.conf:

chroot_local_user=YES

Restart vsftpd with systemctl restart vsftpd to apply the changes.

Set up FTPS

Standard FTP traffic is sent unencrypted as HTTP. This is obviously not good, so you should configure vsftpd to encrypt traffic with TLS.

To do so, create a new key and sign a request with openssl:

openssl genrsa -des3 -out FTP.key

openssl req -new -key FTP.key -out certificate.csr

vsftpd If the password needs to be removed from this key, then copy the key and send it back to openssl:

cp FTP.key FTP.key.orig

openssl rsa -in FTP.key.orig -out ftp.key

Finally, create a TLS certificate with this key:

openssl x509 -req -days 365 -in certificate.csr -signkey ftp.key -out mycertificate.crt

Copy the key and certify over to /etc/pki/tls/certs/:

cp ftp.key /etc/pki/tls/certs/

cp mycertificate.crt /etc/pki/tls/certs

Now that all the ceremonies have been canceled, you can reopen /etc/vsftpd.confand add the following lines:

ssl_enable=YES
allow_anon_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
rsa_cert_file=/etc/pki/tls/certs/mycertificate.crt
rsa_private_key_file=/etc/pki/tls/certs/ftp.key
ssl_ciphers=HIGH
require_ssl_reuse=NO

Restart vsftpd with systemctl restart vsftpd to apply the changes.


Source link