How to Install vsftpd FTP Server on Debian 11

FTP, short for File Transfer Protocol, is a popular protocol for transferring files to and from an FTP server. However, it is fraught with security risks since it sends data and sensitive information such as usernames and passwords in plain text. VSFTPD ( Very Secure FTP Daemon ) is a fast, secure and stable FTP server that uses encryption to secure data exchanged with the server.

In this tutorial, we learn how to install vsftpd FTP server on Debian 11.

Step 1: Install vsftpd on Debian 11

First, open the terminal and update the package lists on your Debian server.

sudo apt update

The vsftpd package is hosted on Official Debian repositories. Therefore, use the APT package manager as shown.

sudo apt install vsftpd

The command installs vsftpd, alongside other dependencies. Once installed, vsftpd starts automatically. You can confirm this by running the command:

sudo systemctl status vsftpd

From the output, you can see that vsftpd is running as expected.

check vsftpd status — Check vsftpd status

In case the vsftpd service is not running in your case, you can start it as indicated.

sudo systemctl start vsftpd

Then enable the service to start on boot time.

sudo systemctl enable vsftpd

Step 2: Create a unique FTP user

Next, we are going to create a unique FTP user account that we are going to use to log in to the FTP server. Simply use the adduser command followed by the name of the user and respond to the prompts accordingly.

sudo adduser ftpuser

It's recommended to disable the shell access because by default when a user is created it allows ssh access.

Step 3: Add FTP user to the list of allowed login users

Moving on we will add the FTP user to the vsftpd.userlist file. Local users specified in this file are granted permission to access the FTP server.

So, execute the command:

echo "ftpuser" | sudo tee -a  /etc/vsftpd.userlist

Perfect. Let's now proceed and configure vsftpd.

Step 4: Create FTP user directory

Next, create an FTP directory for the FTP user and assign the appropriate directory permissions and ownership.

sudo mkdir -p /home/ftpuser/ftp_dir/upload

sudo chmod 550 /home/ftpuser/ftp_dir

sudo chmod -R 750 /home/ftpuser/ftp_dir/upload

sudo chown -R ftpuser: /home/ftpuser/ftp_dir

Step 5: Configure vsftpd

A few extra steps are required before we can log in and start interacting with the server. Proceed and edit the main configuration file - /etc/vsftpd.conf.

sudo vim /etc/vsftpd.conf

There are a couple of settings that you need to ensure are set.

Let's first start with FTP access. By default, anonymous users are granted access. But this is not what we want due to security purposes. Therefore, we will disable login by the anonymous user and only grant access to the local user.

anonymous_enable=NO

local_enable=YES

Next, you need to allow the local user to upload files and gain access to their home directory as well as make changes to the files as indicated.

write_enable=YES

chroot_local_user=YES

allow_writeable_chroot=YES

Additionally, you can limit the local users who can access and upload files by specifying only the users contained in the vsftpd.userlist file.

userlist_enable=YES

userlist_file=/etc/vsftpd.userlist

userlist_deny=NO

To provide a secure FTP connection to the server, we need to encrypt the server using an SSL certificate. We are going to generate a self-signed SSL certificate to encrypt the server. To do so run the command.

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/vsftpd.pem -out /etc/ssl/private/vsftpd.pem

Head back to the default configuration file again, and paste these lines to specify the path of the generated SSL certificates and enable SSL.

rsa_cert_file=/etc/ssl/private/vsftpd.pem

rsa_private_key_file=/etc/ssl/private/vsftpd.pem

ssl_enable=YES

In summary, your configuration file should contain these lines:

listen=NO
listen_ipv6=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
chroot_local_user=YES
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
rsa_cert_file=/etc/ssl/private/vsftpd.pem
rsa_private_key_file=/etc/ssl/private/vsftpd.pem
ssl_enable=YES
user_sub_token=$USER
local_root=/home/$USER/ftp_dir
userlist_enable=YES
userlist_file=/etc/vsftpd.userlist
userlist_deny=NO

For the changes to come into effect, restart the server.

sudo systemctl restart vsftpd

Just to ensure that everything is fine, you can verify its running status.

sudo systemctl status vsftpd

Step 5: Access the vsftpd server

We are now done with the configurations. The last bit is to log in. In case you have a firewall enabled, allow ports 20 and 21.

sudo ufw allow 20/tcp

sudo ufw allow 21/tcp

Then reload the firewall for the changes to apply.

sudo ufw reload

Finally, grab your FTP client such as FileZilla, and fill in the details as follows:

Host: sftp://server-IP

Username: ftpuser

Password: Password of ftpuser

Once you have filled out the details, click on the 'QuickConnect' button.

After the successful directory listing, you can now begin transferring files securely over SSL.

On the command line, simply run the command:

sftp ftpuser@server-IP

Type 'yes' when prompted to continue and provide the password to the FTP user to log in.

Conclusion

This was a tutorial we learned how to install vsftpd FTP server on Debian 11. We further went ahead and created the user, configured the Server, and logged in from an FTP client and on the command line.

About The Author

James Kiarie

James Kiarie is a skilled and certified LPIC Linux administrator with a strong passion for technical writing, specializing in the Linux domain. With over four years of experience, he has crafted numerous technical guides, helping a wide audience navigate through various Linux distributions.