Last active
February 5, 2020 21:44
-
-
Save rakibulinux/092e02034d355a46d524226d2bec91c7 to your computer and use it in GitHub Desktop.
How to Install and Configure vsftpd on Ubuntu 18.04
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
#Install vsftpd | |
sudo apt-get install vsftpd -y | |
sudo systemctl start vsftpd | |
sudo systemctl enable vsftpd | |
#Setup Directory Structure For FTP | |
#Create a User | |
sudo adduser rakibs | |
#Create a Directory and Set Ownership | |
sudo mkdir /home/rakibs/ftp | |
sudo chown nobody:nogroup /home/rakibs/ftp | |
sudo chmod a-w /home/rakibs/ftp | |
#Verify the permissions: | |
sudo ls -la /home/rakibs/ftp | |
#Create a Directory Where Files Can Be Uploaded and Give Ownership to the Test User | |
sudo mkdir /home/rakibs/ftp/test | |
sudo chown rakibs:rakibs /home/rakibs/ftp/test | |
#Let’s add a test.txt file to use when we test: | |
echo "rakibs vsftpd test file" | sudo tee /home/rakibs/ftp/test/test.txt | |
#Let’s add our user to /etc/vsftpd.userlist. Use the -a flag to append to the file: | |
echo "rakibs" | sudo tee -a /etc/vsftpd.userlist | |
#Check that it was added as you expected: | |
cat /etc/vsftpd.userlist | |
#Configure vsftpd | |
#Backup vsftpd’s Original Config File | |
sudo cp /etc/vsftpd.conf /etc/vsftpd.conf.bak | |
#Open and Edit the vsftpd.conf File | |
sudo nano /etc/vsftpd.conf | |
#Add the Following to the File: | |
listen=NO | |
listen_ipv6=YES | |
anonymous_enable=NO | |
local_enable=YES | |
write_enable=YES | |
local_umask=022 | |
dirmessage_enable=YES | |
use_localtime=YES | |
xferlog_enable=YES | |
connect_from_port_20=YES | |
chroot_local_user=YES | |
secure_chroot_dir=/var/run/vsftpd/empty | |
pam_service_name=vsftpd | |
pasv_enable=Yes | |
pasv_min_port=10000 | |
pasv_max_port=11000 | |
user_sub_token=$USER | |
local_root=/home/$USER/ftp | |
userlist_enable=YES | |
userlist_file=/etc/vsftpduserlist.conf | |
userlist_deny=NO | |
#Save and Close the Config File. vsftpd has many configuration options so you may need to make further adjustments based on your local server setup. | |
#Add The rakibs User We Created to vsftpd’s User List File. I use "rakib" & rakibs | |
sudo nano /etc/vsftpduserlist.conf | |
rakib | |
rakibs | |
#Now Save and Exit | |
#Restart the vsftpd Service to Apply These Changes | |
sudo systemctl restart vsftpd | |
#Opening the Firewall | |
#Let’s open ports 20 and 21 for FTP, port 990 for when we enable TLS, and ports 40000-50000 for the range of passive ports we plan to set in the configuration file: | |
sudo ufw allow 20/tcp | |
sudo ufw allow 21/tcp | |
sudo ufw allow 990/tcp | |
sudo ufw allow 40000:50000/tcp | |
sudo ufw status | |
#Test vsFTPD. Be sure to replace 192.168.0.106 with your server’s public IP address: | |
ftp -p 192.168.0.106 | |
#Type "bye" | |
ftp> bye | |
#Setup Security with SSL/TLS | |
#Create a Security Certificate | |
sudo mkdir /etc/certs | |
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/vsftpd.pem -out /etc/ssl/private/vsftpd.pem | |
#Open the vsftpd.conf File | |
sudo nano /etc/vsftpd.conf | |
#Add the Following Lines to the File | |
rsa_cert_file=/etc/ssl/private/vsftpd.pem | |
rsa_private_key_file=/etc/ssl/private/vsftpd.pem | |
allow_anon_ssl=NO | |
ssl_enable=YES | |
force_local_data_ssl=YES | |
force_local_logins_ssl=YES | |
ssl_tlsv1=YES | |
ssl_sslv2=NO | |
ssl_sslv3=NO | |
require_ssl_reuse=NO | |
ssl_ciphers=HIGH | |
pasv_min_port=40000 | |
pasv_max_port=50000 | |
#Save the File and Restart vsftpd | |
sudo systemctl restart vsftpd | |
#If you forget your ftp account password, then try this: | |
passwd your_username |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment