How to Set Up Safe FTP in Linux
- select the contributor at the end of the page -
FTP by itself isn't very secure. Information is transmitted in clear text, making it subject to interception and theft. Thus, we have more secure options, like the Very Secure FTP daemon (vsftpd). In this article, we'll explore how to setup vsftpd under Linux.
What is VSFTPD?
The vsftp daemon runs in the background and allows you or users you designate, to copy files to and from your linux boxes, using username and password as login credentials. This ability is open to individuals or groups you may want to establish.
VSFTPD features include:
- Virtual IP configurations
- Virtual users
- Standalone or inetd operation
- Powerful per-user configurability
- Bandwidth throttling
- Per-source-IP configurability
- Per-source-IP limits
- Encryption support through SSL integration
How To Install VSFTP
The daemon is included in most versions of Linux. If you are using a Debian based distribution like Mint or Ubuntu, open a terminal window and type: sudo apt-get install vsftpd
If you are using a Red Hat based disto, open a terminal window and type: sudo yum install vsftp
How To Configure VSFTP
To configure vsftp, open the vsftpd.conf file in the /etc directory. For instance, if you were using gedit as your text editor, you would type: sudo gedit /etc/vsftpd.conf
First, for a secure setup, you'll want to disable anonymous access to your ftp server. Change this line: anonymous_enable=YES to anonymous_enable=NO
With anonymous access disabled, you'll want to allow local users to log in, by uncommenting the following line: #local_enable=YES to local_enable=YES (simply remove the # sign).
Allow write access by uncommenting this line: #write_enable=YES to write_enable=YES
Save and close the file.
Setup an FTP user account:
sudo mkdir -p /home/ftp/ftpuser
sudo useradd ftpuser -d /home/ftp/ftpuser -s /bin/false
sudo passwd ftpuser
Restart your ftp server:
Debian: sudo etc/init.d/vsftpd restart
Red Hat: sudo service vsftpd restart
netstat -a | grep ftp
Run at the command Line:
ftp ip address or hostname: ftp 100.00.00.00
Other VSFTP Configuration Options
There are many other options you can add to this file:
- Limiting the maximum number of client connections (max_clients)
- Limiting the number of connections by source IP address (max_per_ip)
- Setting the maximum rate of data transfer per anonymous login (anon_max_rate)
- Setting the maximum rate of data transfer per non-anonymous login (local_max_rate)
VSFTP Considerations and Resources
Potential issues are often as simple as username and password entry errors. But because firewalls are designed to limit access to certain ports, this is a good area to investigate if you experience issues with your installation. Be sure to check out the vsftpd html man page for more information.