Skip to content

Instantly share code, notes, and snippets.

@rakibulinux

rakibulinux/vsftpd.sh

Last active February 5, 2020 21:44
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save rakibulinux/092e02034d355a46d524226d2bec91c7 to your computer and use it in GitHub Desktop.
Save rakibulinux/092e02034d355a46d524226d2bec91c7 to your computer and use it in GitHub Desktop.
Download ZIP
How to Install and Configure vsftpd on Ubuntu 18.04
Raw
vsftpd.sh
#!/bin/sh
#Install vsftpd
sudo apt-get install vsftpd -y
sudo systemctl start vsftpd
sudo systemctl enable vsftpd
#Setup Directory Structure For FTP
#Create a User
sudo adduser rakibs
#Create a Directory and Set Ownership
sudo mkdir /home/rakibs/ftp
sudo chown nobody:nogroup /home/rakibs/ftp
sudo chmod a-w /home/rakibs/ftp
#Verify the permissions:
sudo ls -la /home/rakibs/ftp
#Create a Directory Where Files Can Be Uploaded and Give Ownership to the Test User
sudo mkdir /home/rakibs/ftp/test
sudo chown rakibs:rakibs /home/rakibs/ftp/test
#Let’s add a test.txt file to use when we test:
echo "rakibs vsftpd test file" | sudo tee /home/rakibs/ftp/test/test.txt
#Let’s add our user to /etc/vsftpd.userlist. Use the -a flag to append to the file:
echo "rakibs" | sudo tee -a /etc/vsftpd.userlist
#Check that it was added as you expected:
cat /etc/vsftpd.userlist
#Configure vsftpd
#Backup vsftpd’s Original Config File
sudo cp /etc/vsftpd.conf /etc/vsftpd.conf.bak
#Open and Edit the vsftpd.conf File
sudo nano /etc/vsftpd.conf
#Add the Following to the File:
listen=NO
listen_ipv6=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
chroot_local_user=YES
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
pasv_enable=Yes
pasv_min_port=10000
pasv_max_port=11000
user_sub_token=$USER
local_root=/home/$USER/ftp
userlist_enable=YES
userlist_file=/etc/vsftpduserlist.conf
userlist_deny=NO
#Save and Close the Config File. vsftpd has many configuration options so you may need to make further adjustments based on your local server setup.
#Add The rakibs User We Created to vsftpd’s User List File. I use "rakib" & rakibs
sudo nano /etc/vsftpduserlist.conf
rakib
rakibs
#Now Save and Exit
#Restart the vsftpd Service to Apply These Changes
sudo systemctl restart vsftpd
#Opening the Firewall
#Let’s open ports 20 and 21 for FTP, port 990 for when we enable TLS, and ports 40000-50000 for the range of passive ports we plan to set in the configuration file:
sudo ufw allow 20/tcp
sudo ufw allow 21/tcp
sudo ufw allow 990/tcp
sudo ufw allow 40000:50000/tcp
sudo ufw status
#Test vsFTPD. Be sure to replace 192.168.0.106 with your server’s public IP address:
ftp -p 192.168.0.106
#Type "bye"
ftp> bye
#Setup Security with SSL/TLS
#Create a Security Certificate
sudo mkdir /etc/certs
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/vsftpd.pem -out /etc/ssl/private/vsftpd.pem
#Open the vsftpd.conf File
sudo nano /etc/vsftpd.conf
#Add the Following Lines to the File
rsa_cert_file=/etc/ssl/private/vsftpd.pem
rsa_private_key_file=/etc/ssl/private/vsftpd.pem
allow_anon_ssl=NO
ssl_enable=YES
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
require_ssl_reuse=NO
ssl_ciphers=HIGH
pasv_min_port=40000
pasv_max_port=50000
#Save the File and Restart vsftpd
sudo systemctl restart vsftpd
#If you forget your ftp account password, then try this:
passwd your_username
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment