FTP, short for File Transfer Protocol, is a popular protocol for transferring files to and from an FTP server. However, it is fraught with security risks since it sends data and sensitive information such as usernames and passwords in plain text. VSFTPD ( Very Secure FTP Daemon ) is a fast, secure and stable FTP server that uses encryption to secure data exchanged with the server.
In this tutorial, we learn how to install vsftpd FTP server on Debian 11.
Step 1: Install vsftpd on Debian 11
First, open the terminal and update the package lists on your Debian server.
sudo apt update
The vsftpd package is hosted on Official Debian repositories. Therefore, use the APT package manager as shown.
sudo apt install vsftpd
The command installs vsftpd, alongside other dependencies. Once installed, vsftpd starts automatically. You can confirm this by running the command:
sudo systemctl status vsftpd
From the output, you can see that vsftpd is running as expected.
In case the vsftpd service is not running in your case, you can start it as indicated.
sudo systemctl start vsftpd
Then enable the service to start on boot time.
sudo systemctl enable vsftpd
Step 2: Create a unique FTP user
Next, we are going to create a unique FTP user account that we are going to use to log in to the FTP server. Simply use the
adduser command followed by the name of the user and respond to the prompts accordingly.
sudo adduser ftpuser
It's recommended to disable the shell access because by default when a user is created it allows ssh access.
Step 3: Add FTP user to the list of allowed login users
Moving on we will add the FTP user to the
vsftpd.userlist file. Local users specified in this file are granted permission to access the FTP server.
So, execute the command:
echo "ftpuser" | sudo tee -a /etc/vsftpd.userlist
Perfect. Let's now proceed and configure vsftpd.
Step 4: Create FTP user directory
Next, create an FTP directory for the FTP user and assign the appropriate directory permissions and ownership.
sudo mkdir -p /home/ftpuser/ftp_dir/upload
sudo chmod 550 /home/newftpuser/ftp_dir
sudo chmod -R 750 /home/ftpuser/ftp_dir/upload
sudo chown -R ftpuser: /home/ftpuser/ftp_dir
Step 5: Configure vsftpd
A few extra steps are required before we can log in and start interacting with the server. Proceed and edit the main configuration file -
sudo vim /etc/vsftpd.conf
There are a couple of settings that you need to ensure are set.
Let's first start with FTP access. By default, anonymous users are granted access. But this is not what we want due to security purposes. Therefore, we will disable login by the anonymous user and only grant access to the local user.
Next, you need to allow the local user to upload files and gain access to their home directory as well as make changes to the files as indicated.
Additionally, you can limit the local users who can access and upload files by specifying only the users contained in the
To provide a secure FTP connection to the server, we need to encrypt the server using an SSL certificate. We are going to generate a self-signed SSL certificate to encrypt the server. To do so run the command.
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/vsftpd.pem -out /etc/ssl/private/vsftpd.pem
Head back to the default configuration file again, and paste these lines to specify the path of the generated SSL certificates and enable SSL.
In summary, your configuration file should contain these lines:
listen=NO listen_ipv6=YES anonymous_enable=NO local_enable=YES write_enable=YES dirmessage_enable=YES use_localtime=YES xferlog_enable=YES connect_from_port_20=YES chroot_local_user=YES secure_chroot_dir=/var/run/vsftpd/empty pam_service_name=vsftpd rsa_cert_file=/etc/ssl/private/vsftpd.pem rsa_private_key_file=/etc/ssl/private/vsftpd.pem ssl_enable=YES user_sub_token=$USER local_root=/home/$USER/ftp userlist_enable=YES userlist_file=/etc/vsftpd.user_list userlist_deny=NO
For the changes to come into effect, restart the server.
sudo systemctl restart vsftpd
Just to ensure that everything is fine, you can verify its running status.
sudo systemctl status vsftpd
Step 5: Access the vsftpd server
We are now done with the configurations. The last bit is to log in. In case you have a firewall enabled, allow ports 20 and 21.
sudo ufw allow 20/tcp
sudo ufw allow 21/tcp
Then reload the firewall for the changes to apply.
sudo ufw reload
Finally, grab your FTP client such as FileZilla, and fill in the details as follows:
Password: Password of ftpuser
Once you have filled out the details, click on the 'QuickConnect' button.
After the successful directory listing, you can now begin transferring files securely over SSL.
On the command line, simply run the command:
sftp [email protected]
Type 'yes' when prompted to continue and provide the password to the FTP user to log in.
This was a tutorial we learned how to install vsftpd FTP server on Debian 11. We further went ahead and created the user, configured the Server, and logged in from an FTP client and on the command line.