Configure FTP server on Ubuntu?

How to configure FTP on Ubuntu 16.04?

Asked on July 24, 2018 in Sysadmin.
Add Comment
1 Answer(s)
Best answer


This tutorial will show how to setup an FTP server on Ubuntu VPS. A vsftpd server will be used which is widely regarded as the quickest and most secure FTP server for UNIX-like systems out there.

FTP or File Transfer Protocol is a means to send and receive files over a network connection.

Making use of a client/server framework and SSL/TLS security, FTP allows users to share files to (and receive from) remote computers via secure, efficient and reliable data transfer (using the TCP/IP protocols).

FTP functions in the same way HTTP or SMTP do; the only difference obviously is that it is responsible for the secure transport of files from a sender to a receiver instead of web pages from a server to a user or electronic mail throughout the internet. This tutorial will focus on guiding the users regarding FTP server setup on Ubuntu 16.04.

Note: The following tutorial is based on Ubuntu 16.04. But you can apply the same steps when creating an FTP server on Ubuntu 14.04

Step 1 – Installing Vsftpd

First things first, let’s get our package updates before we proceed with the vsftpd daemon installation. To begin, run the following command:

sudo apt-get update

Wait for all the processes to complete and you will see a confirmation as soon as the update finishes.


Once that is out of the way, install the vsftpd daemon using the following command:

sudo apt-get install vsftpd

You will be prompted with a confirmation message, which will require you to type and hit Enter to continue with the installation.


After the installation completes, make a backup of the original file so that we can start our work with a blank configuration file:

sudo cp /etc/vsftpd.conf /etc/vsftpd.conf.original

Now we are ready to go to the next step and configure the firewall.

Step 2 – Allowing FTP traffic from the firewall

To allow the Ubuntu FTP server to communicate with the outside world, it needs to make its way through the firewall. Let’s first see whether the firewall is enabled on the machine or not.

Run the following command to verify the status:

sudo ufw status

If you see the following message:

ufw: command not found

It means that the firewall is not installed and you may proceed to the next step.

However, if the output shows some defined rules or a message that firewall status is active, you will have to verify whether FTP traffic will work. Let’s go ahead and open ports 20 and 21 for the FTP traffic; ports 40000-50000 will be the reserved for the range of passive ports that will eventually be set in the configuration file and port 990 will be used when TLS will be enabled. Execute the following commands to do so:

sudo ufw allow 20/tcp
sudo ufw allow 21/tcp
sudo ufw allow 990/tcp
sudo ufw allow 40000:50000/tcp

Now let’s look at the status again:

sudo ufw status

The output should now look something like:

Status: active
To                         Action      From
--                              ------      ----
990/tcp                    ALLOW       Anywhere
20/tcp                     ALLOW       Anywhere
21/tcp                     ALLOW       Anywhere
40000:50000/tcp            ALLOW       Anywhere
20/tcp (v6)                ALLOW       Anywhere (v6)
21/tcp (v6)                ALLOW       Anywhere (v6)
990/tcp (v6)               ALLOW       Anywhere (v6)
40000:50000/tcp (v6)       ALLOW       Anywhere (v6)

Now that we have all the necessary ports open and available to us, we can proceed to the next step.

Step 3 – Creating the user directory

As a 3rd step to creating an Ubuntu FTP server, we will need to select the user that is going to be making use of FTP access.

For the sake of showing how it’s done, we will be adding a new user. To create it, use the following command:

sudo adduser alex

When asked, enter a password for the user and fill in all other details. Ideally, FTP should be restricted to one a specific directory for security purposes. Vsftpd uses chroot jails to accomplish this.

With chroot enabled, a local user is restricted to their home directory (by default). It is, however, possible that because of vsftpd security, a user might not be able to write to the directory.

We will not remove write privileges from the home folder, instead, we will make an ftp directory which will act as the chroot along with a writable files directory that will be responsible for holding the pertinent files. Use the following command to create the FTP folder:

sudo mkdir /home/alex/ftp

Set the ownership using:

sudo chown nobody:nogroup /home/alex/ftp

Finally, remove the write permissions:

sudo chmod a-w /home/alex/ftp

Now, use the following command to verify the permissions:

sudo ls -la /home/alex/ftp

The output should look something like:

total 8
dr-xr-xr-x 2 nobody nogroup 4096 Jun 29 11:32 .
drwxr-xr-x 3 alex   alex    4096 Jun 29 11:32 ..

As a next step, we will create the file holding directory and assign the ownership:

sudo mkdir /home/alex/ftp/files
sudo chown alex:alex /home/alex/ftp/files

Finally, add a test file to the directory which will be used when we test everything later on:

echo "vsftpd sample file" | sudo tee /home/alex/ftp/files/sample.txt

Step 4 – Configuring vsftpd

As the next step in our bid to set up an FTP server on Ubuntu VPS, we will be configuring vsftpd and our FTP access. In this tutorial, we will allow a single user to connect with FTP using a local shell account. The two key configurations required for this are already set in the configuration (vsftpd.conf) file. Firstly verify that the configuration file actually has settings matching to those mentioned below using the nano command:

sudo nano /etc/vsftpd.conf
. . .
# Allow anonymous FTP? (Disabled by default).
# Uncomment this to allow local users to log in.
. . .

In the same file, we will proceed by removing # and enabling the write_enable:

. . .
. . ..

Chroot will also be uncommented to ensure that the user connected via FTP only accesses files within the allowed directory:

. . .
. . .

A few new values will also need to be added by hand. You may simply paste them at the bottom of the file. Firstly, a user_sub_token will be added into the local_root directory path. This will allow the configuration to work with the current user and any other users that are subsequently added:


To ensure that substantial amount of connections are available, we will limit the number of ports used in the configuration file:


In this tutorial, we plan to allow access on a case by case basis so let’s set the configuration up in a way that access only gets granted to users that have explicitly been added to a list:


The userlist_deny flag is responsible for toggling the logic; when set to “NO”, only those users specified on the list will be allowed access. Once done, click CTRL+X and confirm the file changes.

Lastly, we will proceed with the creation and addition of our user to the file:

echo "alex" | sudo tee -a /etc/vsftpd.userlist

Verify that the user is indeed active by running the following command:

cat /etc/vsftpd.userlist

The output should be “alex” as shown in this screenshot:


Restart the daemon using the following command to load the configuration changes:

sudo systemctl restart vsftpd

Step 5 – Making FTP secure

By default, FTP doesn’t do any data encryption, so we will be using TTL/SSL to make things safer. As a first step, we need to create the SSL certificate and use it to secure the Ubuntu FTP server. To start, use the following command:

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/vsftpd.pem -out /etc/ssl/private/vsftpd.pem

The –days flag makes the certificate valid for a year and we have included a 2048-bit private RSA key in the same command. Once prompted, enter the pertinent personal details in the field provided.

After you finish creating the certificate, open the configuration file again:

sudo nano /etc/vsftpd.conf

The end of the file should contain two lines that start with “_rsa”. Comment both of these lines like:

# rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
# rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key

Instead, we will point the configuration file to the certificate that we just created. Add the following lines:


Now we will enable SSL and ensure that only clients that have SSL enabled to get to contact us. Change the value of ssl_enable to YES:


Now add the following lines to further secure things: (This will not allow any anonymous connections over SSL)


Configure the server to use TLS using:


Here we will add 2 more options. Firstly, SSL reuse will not be necessary because it can lead to many FTP clients breaking down. Secondly, we will use high encryption cipher suites, which will mean that key lengths are either equal to (or greater than) 128 bits.


Let’s restart once again to apply the new configurations:

sudo systemctl restart vsftpd

Great work! You have now configured the FTP server on your Ubuntu VPS to work with SSL/TLS protocol.

Step 6 – Testing connections with FileZilla

Nowadays, most FTP clients support TLS encryption configurations, so it’s a great way to test whether your Ubuntu FTP server is working as intended. To test out the connection, we will be using a FileZilla FTP Client. To begin, launch FileZilla, click on the Site Manager icon.


Click the New Site button in the prompted window to begin entering the Ubuntu FTP server details.


Fill in all the required details with your newly created Ubuntu FTP server information. Since we configured it to use TLS, we may also mark the encryption to be explicit FTP over TLS. The final configuration should look like this:

Once ready, click Connect and a screen asking to enter the FTP user’s password will appear.


Finally, you will need to verify the SSL certificate of your FTP server on Ubuntu VPS.

After confirming, the root directory with the test file should now appear on your screen.


That’s all! Now, you can perform various files transfers from your computer to the Ubuntu FTP server and vice versa.


In this tutorial, we have gone through a step-by-step journey to create a way for a local user to securely transfer files via FTP with SSL/TLS on Ubuntu FTP server.

We have also tested the connection using FileZilla to make sure everything is functional.

Font: Hostinger

Answered on July 24, 2018.
Add Comment

Your Answer

By posting your answer, you agree to the privacy policy and terms of service.