How to Set Up FTP Server on Ubuntu VPS
In this article, you are going to learn how to set up an FTP server on an Ubuntu VPS. We’ll be using a vsftpd server, which is widely regarded as the fastest and most secure FTP server for UNIX-like systems.
What Is FTP?
FTP, or File Transfer Protocol, is a means to share files between computers over an internet connection using the TCP/IP protocol. It also makes use of a client-server framework and SSL/TLS security to ensure secure and reliable data transfer.
This is somewhat similar to HTTP (HypertText Transfer Protocol) or SMTP (Simple Mail Transfer Protocol). The difference is that FTP is responsible for transporting files through the internet while HTTP and SMTP handle the transfer of web pages and emails, respectively.
Before we begin, keep in mind that we will guide you through configuring an FTP server on Ubuntu.
How to Set Up an FTP Server on Ubuntu
This tutorial requires you to know how to connect to a server through SSH. If you own Hostinger’s VPS, the login details are available in the Server tab of the hPanel.
1. Install vsftpd
- First of all, we’ll have to get our package updates before we proceed with the vsftpd installation. To begin, run the following command:
sudo apt-get update
Wait for all the processes to complete, and you will see a confirmation as soon as the update finishes.
- Once it’s done, install the vsftpd daemon using the command below:
sudo apt-get install vsftpd
You will be prompted with a confirmation message, which will require you to type Y and hit Enter to continue with the installation.
- After the installation is completed, you should back up the original file so you can start with a blank configuration file:
sudo cp /etc/vsftpd.conf /etc/vsftpd.conf.original
Now we are ready to configure the firewall.
2. Allow FTP Traffic from the Firewall
- To allow the Ubuntu FTP server to communicate via the internet, it needs to make its way through the firewall. But first, let’s just see whether the firewall is already enabled on your machine or not. Simply run this command to verify the status:
sudo ufw status
- If you see the ufw: command not found, it means that the Ubuntu firewall is not installed. You can install it by typing:
sudo apt-get install ufw
- Then enable the firewall using this command:
sudo ufw enable
- Once it’s active, you still need to make sure FTP traffic is allowed. To do that, execute the following commands one by one:
sudo ufw allow OpenSSH sudo ufw allow 20/tcp sudo ufw allow 21/tcp sudo ufw allow 990/tcp sudo ufw allow 40000:50000/tcpThis series of commands will open up several ports:
- OpenSSH is required if you still wish to access your server via SSH. Sometimes, this option is enabled by default.
- ports 20 and 21 for the FTP traffic.
- ports 40000:50000 will be reserved for the range of passive ports that will eventually be set in the configuration file.
- port 990 will be used when TLS is enabled.
- Now let’s look at the status again:
sudo ufw statusThe output should look something like this:Status: active To Action From -- ------ ---- OpenSSH ALLOW Anywhere 990/tcp ALLOW Anywhere 20/tcp ALLOW Anywhere 21/tcp ALLOW Anywhere 40000:50000/tcp ALLOW Anywhere OpenSSH (v6) ALLOW Anywhere (v6) 20/tcp (v6) ALLOW Anywhere (v6) 21/tcp (v6) ALLOW Anywhere (v6) 990/tcp (v6) ALLOW Anywhere (v6) 40000:50000/tcp (v6) ALLOW Anywhere (v6)
3. Create the User Directory
- Once the firewall is set up, we must create the user who is going to use the FTP access. This is how to do it:
sudo adduser hostinger
Remember to change the username according to your own preference.
- Then, enter a password for the user and fill in all the required details.
Ideally, FTP should be restricted to one specific directory for security purposes. That is why vsftpd uses chroot jails, which limits a local user to their home directory by default.
However, it is possible that because of vsftpd security, a user might not be able to write to that directory. To fix this, we don’t have to remove write privileges from the home folder. Instead, we will make an ftp directory which acts as chroot. It contains a writable directory that will be responsible for holding the required files. - Use the following command to create the FTP folder:
sudo mkdir /home/hostinger/ftp
Then, set the ownership using:
sudo chown nobody:nogroup /home/hostinger/ftp
Finally, remove the write permission:
sudo chmod a-w /home/hostinger/ftp
Now, use the following command to verify the permissions:
sudo ls -la /home/hostinger/ftp
The output should look something like:
total 8 dr-xr-xr-x 2 nobody nogroup 4096 Oct 8 11:32 . drwxr-xr-x 3 hostinger hostinger 4096 Oct 8 11:32 ..
- Next, we will create the file-holding directory and assign ownership:
sudo mkdir /home/hostinger/ftp/files sudo chown hostinger:hostinger /home/hostinger/ftp/files
Finally, add a test file to the directory which will be used when we test everything later on:
echo "vsftpd sample file" | sudo tee /home/hostinger/ftp/files/sample.txt
4. Configure vsftpd
The next step is to configure vsftpd and our FTP access. In this example, we will allow a single user to connect using a local shell account. The two key configurations required for this are already set in the configuration (vsftpd.conf) file.
- To begin, use the nano command to open vsftpd configuration file.
sudo nano /etc/vsftpd.conf
Verify that the content has similar settings to this:
. . . # Allow anonymous FTP? (Disabled by default). anonymous_enable=NO # # Uncomment this to allow local users to log in. local_enable=YES . . .
In the same file, we will remove # (uncomment) and make sure we enable the write_enable.
. . . write_enable=YES . . .
- You also need to uncomment chroot to ensure that the FTP user only accesses files within the allowed directory. Change the NO value to YES, as well. Keep in mind that there are two lines like this, and you have to uncomment both of them.
. . . chroot_local_user=YES . . .
- There are a few new values that you should also add to the bottom of the file. The first one is user_sub_token in the local_root directory path. It will allow the configuration to work with the current user or any other users that are subsequently added:
user_sub_token=$USER local_root=/home/$USER/ftp
- To ensure that a substantial amount of connections are available, we will limit the number of ports the configuration file:
pasv_min_port=40000 pasv_max_port=50000
- In this tutorial, we intend to allow access on a case by case basis. Therefore, we’ll set the configuration to grant access only to users that you have explicitly added to the list:
userlist_enable=YES userlist_file=/etc/vsftpd.userlist userlist_deny=NO
When you set userlist_deny flag to NO, only specified users will be allowed access. Once done, click CTRL+X followed by Y to save it, then Enter to confirm the file changes.
- Lastly, we will create a user list and add a user to the file:
echo "hostinger" | sudo tee -a /etc/vsftpd.userlist
Verify that the user is indeed active by running the following command:
cat /etc/vsftpd.userlist
The output should be “hostinger” as shown in this screenshot:
- Restart the daemon using the following command to load the configuration changes:
sudo systemctl restart vsftpd
5. Secure the FTP Server
- By default, FTP doesn’t encrypt data, so we will be using SSL/TLS certificate to secure data transfer. The first step is we need to create the SSL certificate for the Ubuntu FTP server.
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/vsftpd.pem -out /etc/ssl/private/vsftpd.pem
The –days flag makes the certificate valid for a year and we have included a 2048-bit private RSA key in the same command.
- Once prompted, enter the corresponding personal details in the field provided.
- After you finish creating the certificate, open the configuration file again:
sudo nano /etc/vsftpd.conf
The end of the file should contain two lines that start with rsa.
# rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem # rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
Now, we will point the configuration file to the certificate that we just created. Add the following directories right below the previous lines:
rsa_cert_file=/etc/ssl/private/vsftpd.pem rsa_private_key_file=/etc/ssl/private/vsftpd.pem
- Next, we will enable SSL and ensure that only clients who have an active SSL can contact us. Simply enter this line:
ssl_enable=YES
Then, add the following lines to ban any anonymous connections over SSL:
allow_anon_ssl=NO force_local_data_ssl=YES force_local_logins_ssl=YES
Configure the server to use TLS using:
ssl_tlsv1=YES ssl_sslv2=NO ssl_sslv3=NO
- Now we will change two more options. Firstly, disable SSL reuse to prevent FTP clients from breaking down. Secondly, we will use high encryption cipher suites, which make sure that key lengths are either equal to or greater than 128 bits.
require_ssl_reuse=NO ssl_ciphers=HIGH
Save the file again by pressing CTRL+X followed by Y, then hit Enter.
- Let’s restart vsftpd once again to apply the new configurations:
sudo systemctl restart vsftpd
Great work! You have now configured the FTP server on your Ubuntu VPS to work with SSL/TLS protocol.
6. Test the Connection with FileZilla
Nowadays, most FTP clients support TLS encryption configurations. It’s a great way to test whether your Ubuntu FTP server is working properly. To test out the connection, we will be using a FileZilla FTP Client.
- To start, launch FileZilla and click on the Site Manager icon. Then, click the New Site button in the prompted window to enter the Ubuntu FTP server details.
- Fill in all the required columns with your newly created Ubuntu FTP server information. Since we configured it to use TLS, we may also choose the Use explicit FTP over TLS option. The final configuration should look like this:
- Once ready, click Connect, and a screen asking to enter the FTP user’s password will appear. After that, hit OK.
- Finally, you will need to verify the SSL certificate of your FTP server on Ubuntu VPS. After confirming, the root directory with the test file should now appear on your screen.
That’s all! Now, you can perform various files transfers from your computer to the Ubuntu FTP server and vice versa.
Conclusion
Having an Ubuntu FTP server makes it easy for you to share files between your Ubuntu VPS/server and computer. It is a secure and reliable method of data transfer, thanks to SSL/TLS security and the TCP/IP protocol.
In this tutorial, you have learned how to set up an FTP server on Ubuntu using vsftpd. There are five steps that you should follow. Let’s take a look at them once again.
- Install vsftpd on your Ubuntu server and back up the original configuration file.
- Allow FTP connections through the firewall.
- Create a user directory that can be accessed only by specified users.
- Configure vsftpd.
- Secure the FTP server.
- Test your FTP connection with FileZilla.
Good luck, and be sure to check our other VPS tutorials!
Learn What Else Your Ubuntu Can Do
How to List Packages in Ubuntu
How to Change Timezone in Ubuntu
How to List Users in Ubuntu
How to Install Python Pip on Ubuntu
How to Change Hostname in Linux
How to Install Java on Ubuntu
How to Install Node on Ubuntu
Domantas leads the content and SEO teams forward with fresh ideas and out of the box approaches. Armed with extensive SEO and marketing knowledge, he aims to spread the word of Hostinger to every corner of the world. During his free time, Domantas likes to hone his web development skills and travel to exotic places.
Comments
December 16 2018
Nice article! Thank you. Everything worked like a charm.
August 14 2019
Thank you very much for this article. It worked like it should and everything is explained well, kudos!
June 28 2020
Great article! It was very helpful - confirm all is working well on Ubuntu 18 VPS server and done via SSH terminal
July 07 2020
Happy to hear that, Bolat! :)
July 10 2020
This worked fine here, thank you
July 14 2020
You are very welcome, Udor! :)
November 02 2020
how do i move files out of the ftp folder? when i try to move the files out of the ftp folder it gives me permission denied
February 02 2021
Hi there, Rudy! If you're getting Permission Denied error, you're most likely not connected well to FTP. I'd suggest to re-check your FTP connection and make sure the correct port is allowed.
December 17 2020
Ubuntu 20 on VPS server, after your lesson Filezilla cannot connect to VPS - Error GnuTLS -15: An unexpected TLS packet was received. What's wrong? Thank you
February 09 2021
Hi there! This is most likely due to SSL being enabled on the server. Try encryption: Use explicit FTP over TLS ;)
September 17 2021
Hi! I am also getting this error: GnuTLS error -15 in gnutls_record_recv: An unexpected TLS packet was received. I tried with Use explicit FTP over TLS and also Require explicit FTP over TLS. Do you have an idea why this is happening? Thank you!
October 13 2021
Hi! It looks like your error comes after some time of inactivity. FileZilla and other FTP clients abort connections automatically after some time of no activity in order to save resources and prevent some type of DDoS attacks. Additionally, in the case of popular FTP clients - the FTP connections could clog quickly if inactive connections were not aborted. So all you'd need to do is make sure to make an action in FileZilla from time to time to keep the connection going.
October 19 2021
how to get host ip ?
October 19 2021
Hi, you can find your IP using the command:
ip aMarch 09 2022
Wow. That was an EXCELLENT step by step guide to installing a SECURE FTP SERVER on a VPS. Many thanks for your hard work, making it so easy for others to set this up.
March 09 2022
Happy to hear it was useful :)
April 13 2022
great article dude!
March 25 2023
Hello, Love the tutorial it is very straight forward and explains every step needed. After following your tutorial I still can't connect on FileZilla, port 22 is open and hostinger account is set, I can access the virtual machine on it. Status: Connecting to {ip-address}... Response: fzSftp started, protocol_version=11 Command: open "hostinger@{ip-address}" 22 Status: Using username "hostinger". Command: Pass: ************* Status: Connected to {ip-address} Error: Could not connect to server Any advice to fix this?
March 31 2023
Hello there! Make sure you got SFTP set up properly along with SFTP settings in /etc/ssh/sshd_config. I would suggest following this tutorial for more information. You can skip the Install SSH and Manage SSH Service parts since our VPSs already have SSH installed. If any issues occur, don't hesitate and contact our live support, and we'll gladly help you out.
July 31 2023
Hi, i am getting the following error when i try to connect: Error: GnuTLS error -15 in gnutls_record_recv: An unexpected TLS packet was received. Error: Could not read from socket: ECONNABORTED - Connection aborted Error: Could not connect to server i have require explicit ftp over tls enabled, how do i fix this error?
August 04 2023
Hello, try testing the connection with https://ftptest.net/. It will show if the issue is on your server or your device.
August 25 2023
Hello there, CyberPanel uses 8090 TCP port, so you might want to allow it. Also if you got a VPS at Hostinger you can simply reset the firewall to fix this issue. Alternatively, try disabling ufw all together to see if that helps.