INSTALLATION AND

CONFIGURATION OF FTP SERVER

Prepared By
-anooja joy
Step 1 » Update repositories .
sudo apt-get update

Step 2 » Install VsFTPD package using the below command.

sudo apt-get install vsftpd

Step 3 >> Restart vsftpd service using the below command.

sudo systemctl restart vsftpd
Step 4 >> Check whether your ftp is woorking properly by executing
ftp –p 172.17.14.105
OUTPUT
Connetcted to 172.17.14.105
220(vsFTPd 3.0.3)
Name(172.17.14.105:KJSCE):
Enter login credentials: username: kjsce pwd: kjsce
Step 5>> copy the configuration file so we can start with a blank
configuration, saving the original as a backup.
sudo cp /etc/vsftpd.conf /etc/vsftpd.conf.orig
 ADDING USERS IN FTP
sudo adduser test
• Enter the password twice and other details like.
– Full name
– room number
– work phone
– homephone
– other
• Tee command is used to store and view (both at the same
time) the output of any other command.
echo “test" | sudo tee -a /etc/vsftpd.userlist
OUTPUT
test
USER DIRECTORY CONFIGURATION
• FTP is generally more secure when users are restricted to a specific
directory. When chroot is enabled for local users, they are
restricted to their home directory by default.
• STRATEGY: We will create an ftp directory to serve as
the chroot and a writable files directory to hold the actual files.
• Create a ftp folder inside home directory set its ownership, and be
sure to remove write permissions with the following commands:
sudo mkdir /home/test/ftp
sudo chown nobody:nogroup /home/test/ftp
sudo chmod a-w /home/test/ftp
Let's verify the permissions:
sudo ls -la /home/test/ftp
Output
total 8 4 dr-xr-xr-x 2 nobody nogroup 4096 Aug 24 21:29 .
4 drwxr-xr-x 3 test test 4096 Aug 24 21:29
 USER DIRECTORY CONIGURATION
• create the directory files where files can be uploaded and assign
ownership to the user:
sudo mkdir /home/test/ftp/files
sudo chown test:test /home/test/ftp/files
• A permissions check on the files directory should return the following:
sudo ls -la /home/test/ftp
Output
total 12 dr-xr-xr-x 3 nobody nogroup 4096 Aug 26 14:01 .
drwxr-xr-x 3 test test 4096 Aug 26 13:59 ..
drwxr-xr-x 2 test test 4096 Aug 26 14:01 files
• Add a test.txt file to use which we test later on:
echo "vsftpd test file" | sudo tee /home/test/ftp/files/test.txt
OUTPUT
vsftpd test file
 Modifying configuration files
STRATEGY: allow a single user with a local shell account to connect with FTP.
Step 1 » sudo gedit etc/vsftpd.conf
After installation open /etc/vsftpd.conf file and make changes as follows. Uncomment the below lines
write_enable=YES » allow the user to upload files
local_umask=022 » prevent access to the other folders outside the Home directory.
chroot_local_user=YES » prevent the FTP-connected user from accessing any files or commands outside
the directory tree.
user_sub_token=$USER » insert the username in our local_root directory path so our configuration will
work for this user and any future users that might be added.
local_root=/home/$USER/ftp
pasv_min_port=40000 » limit the range of ports that can be used for passive FTP to make sure enough
connections are available:
pasv_max_port=50000
userlist_enable=YES » access is given to a user only when they are explicitly added to a list rather than
by default:
userlist_file=/etc/vsftpd.userlist
userlist_deny=NO
anonymous_enable=NO
local_enable=YES
ascii_upload_enable=YES
ascii_download_enable=YES
ftpd_banner=Welcome to OSL Lab FTP service. ##Uncomment and enter your Welcome message - Not
necessary, It's optional.
use_localtime=YES ##Add this line the end.
Step 4 » Restart vsftpd service using the below command.
sudo systemctl restart vsftpd
Testing FTP Access by downloading file
ftp -p 203.0.113.0
Output
Connected to 203.0.113.0. 220 (vsFTPd 3.0.3)
Name (203.0.113.0:default): test (Try for :anonymous , sudo_user[it should fail)
331 Please specify the password. Password: your_user's_password
230 Login successful.
Remote system type is UNIX. Using binary mode to transfer files.
List Current File: This command list the names of the files in the current remote
directory
ftp>ls
Change Directory: To change directory on the remote machine use cd command:
ftp> cd files // change diectory
OUTPUT
directory changed successfully
DOWNLOAD/COPY: Download / Copy one file at a time from the remote ftp server to the local
machine use get command:
ftp> get test.txt //downloading file
Output
227 Entering Passive Mode (203,0,113,0,169,12).
150 Opening BINARY mode data connection for test.txt (16 bytes).
226 Transfer complete.
16 bytes received in 0.0101 seconds (1588 bytes/s)
ftp>Bye
 FILE TRANSFER
• Upload One File: To copy one file at a time from
the local systems to the remote ftp server.
upload the file test.txt with a new name upload.txt
to test write permissions:
ftp> put test.txt upload.txt
Output
227 Entering Passive Mode (203,0,113,0,164,71).
150 Ok to send data. 226 Transfer complete. 16
bytes sent in 0.000894 seconds (17897 bytes/s)
Close the connection:
ftp> bye
 ACCESS FTP via browser
• Open up your Web browser, and navigate to
URL: ftp://ftp-server-ip/. ie. ftp://172.17.15.10/.
or ftp://username@FTP-Server-IP-
Address/. And then, enter the password of the
FTP user.
• Enter the FTP username and password, and click
Login.
• You can now download or view the FTP server’s
contents.
 OTHER WAYS OF ACCESS
Connect To Another FTP Server:
To open a connection with another ftp server.
ftp> open 172.17.15.86
ACCESSING FTP server from other client
sudo telnet localhost 21
• To exit from FTP console, just type: quit.
• Go to the remote system, and open up the Terminal, and
access the FTP server as shown below.
ftp 192.168.43.2
• type the following in the terminal and see that vsftpd is
listening on the port 21 for any incoming FTP connection.
sudo netstat -ntaulp | grep vsftpd
 Change Local Directory
Create a Local Directory: To make a new directory.
ftp> mkdir dirName
ftp> mkdir scripts
ftp> cd scripts
ftp> pwd
Delete a Directory:
Purpose is to remove or delete a directory.
ftp> rmdir dirName
ftp> rmdir images
Change Local Directory:
To change directory on your local system:
ftp> lcd /path/to/new/dir
ftp> lcd /tmp
Print local directory:
The lpwd command prints current download directory for local systems
ftp> lpwd
Present working directory:
pwd: To find out the pathname of the current directory on the remote ftp server,
enter:
ftp> pwd
 Turn On / Off Interactive Prompting:
Download Multiple
To copy multiple files from the remote ftp server to the local system.
ftp> mget *
To download all perl files (ending with .pl extension)
ftp> mget *.pl
Turn On / Off Interactive Prompting:
The ftp command prompt sets interactive prompting; “on” which enables prompting
so that you can verify of each step of the multiple commands, “off” allows the
commands to act unimpeded.
ftp> prompt on
ftp> mput *.php
ftp> prompt off
ftp> mget *.py
Delete File:
To delete a file in the current remote directory use delete command.
ftp> delete fileName
ftp> delete output.jpg
Set The Mode Of File Transfer:
The binary mode is recommended for almost all sort of files including images, zip files
and much more. The binary mode provides less chance of a transmission error. To set
the mode of file transfer to ASCII
ftp> ascii
To set the mode of file transfer to binary.
ftp> binary
 SECURE FTP
• For secure transmission that protects the username and password, and
encrypts the content, FTP is often secured with SSL/TLS (FTPS). The two
most common methods of securely transmitting information between
two computers are the (i) Secure Shell (SSH) and (ii) Transport Layer
Security (TLS), and its predecessor Secure Sockets Layer (SSL),
cryptographic protocols. Both are public-key cryptography tunneling
protocols that aim to create a secure, confidential exchange of data and
connection across a network (particularly the internet).
• FTP does not encrypt any data in transit, including user credentials, we'll
enable TTL/SSL to provide that encryption. The first step is to create the
SSL certificates for use with vsftpd.
• We'll use openssl to create a new certificate and use the -days flag to
make it valid for one year. In the same command, we'll add a private
2048-bit RSA key. Then by setting both the -keyout and -out flags to the
same value, the private key and the certificate will be located in the same
file. We'll do this with the following command:
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout
/etc/ssl/private/vsftpd.pem -out /etc/ssl/private/vsftpd.pem
• You'll be prompted to provide address
information for your certificate. Substitute
your own information for the questions
below:
Generating a 2048 bit RSA private key ………
writing new private key to '/etc/ssl/private/vsftpd.pem' ----- Y
ou are about to be asked to enter information that will be
incorporated into your certificate request.
What you are about to enter is what is called a Distinguished Name
or a DN. There are quite a few fields but you can leave some blank
For some fields there will be a default value, If you enter '.', the field
will be left blank. -----
Country Name (2 letter code) [AU]:IN
State or Province Name (full name) [Some-State]:MH
Locality Name (eg, city) []:Mumbai
Organization Name (eg, company) [Internet Widgits Pty Ltd]:KJSCE
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []: Email Address
[]:
Once you've created the certificates, open the vsftpd configuration file again:
sudo gedit /etc/vsftpd.conf
Toward the bottom of the file, you should two lines that begin with rsa_. Comment
them out so they look like:
# rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem #
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
Below them, add the following lines which point to the certificate and private key
we just created:
rsa_cert_file=/etc/ssl/private/vsftpd.pem
rsa_private_key_file=/etc/ssl/private/vsftpd.pem
After that, we will force the use of SSL, which will prevent clients that can't deal
with TLS from connecting. This is necessary in order to ensure all traffic is
encrypted but may force your FTP user to change clients. Change ssl_enable
to YES:
ssl_enable=YES
After that, add the following lines to explicitly deny anonymous connections over
SSL and to require SSL for both data transfer and logins:
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
After this we'll configure the server to use TLS, the preferred successor
to SSL by adding the following lines:
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
Finally, we will add two more options. First, we will not require SSL
reuse because it can break many FTP clients. We will require "high"
encryption cipher suites, which currently means key lengths equal to
or greater than 128 bits:
require_ssl_reuse=NO
ssl_ciphers=HIGH
• save and close the file. restart the server for the changes to take
effect:
• sudo systemctl restart vsftpd
we will no longer be able to connect with an insecure command-line
client. If you try ftp -p 203.0.113.0 When you login with test You will
get Login failed message