Configure FTP on Ubuntu using VSFTP and TLS

configure-ubuntu-ftp-using-vsftp-TLS.md

How to correctly configure FTP on ubuntu

1. Install FTP Service

sudo apt-get update
sudo apt install vsftpd

2. Backup config file

sudo cp /etc/vsftpd.conf  /etc/vsftpd.conf_default

3. Make all the necessary modifications to the config file

sudo nano /etc/vsftpd.conf

add the following to the end of the file

#Configuration for TLS (we'll create the cretificates later)
rsa_cert_file=/etc/ssl/certs/vsftpdcertificate.pem
rsa_private_key_file=/etc/ssl/private/vsftpdserverkey.pem
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
require_ssl_reuse=NO
ssl_ciphers=HIGH
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO

#Assign Passive port range
pasv_min_port=12001
pasv_max_port=12005

4. Create a user for FTP (with password)

sudo useradd –m testuser
sudo password testuser

5. (optional) If you want to limit user access to specific directory

You can limit the user access to the home the home directory, so to change user's home directory to /var/www/

usermod --home /var/www/ testuser

And to limit the access you must enable the following line in the vsftp config file (/etc/vsftpd.conf) by removing the hashtag, if the line is not present you can add it

chroot_local_user=YES

6. Create a self-signed certificate

Using the command:

sudo openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/ssl/private/vsftpdserverkey.pem -out /etc/ssl/certs/vsftpdcertificate.pem -days 365

if you change any of the names used in here you can, but remember to also change them in the /etc/vsftpd.conf file.

7. Restart vsftp

sudo systemctl restart vsftpd

you can check the status using

sudo systemctl status vsftpd

Enjoy!