How to Set Up Safe FTP in Linux

How to Set Up Safe FTP in Linux

File Transfer Protocol (FTP) is one of the oldest and most popular ways to share files between computers and servers. In terms of the Internet, this happens transparently on websites where you download software or files. FTP is available both under Windows and Linux.

FTP by itself isn’t very secure. Information is transmitted in clear text, making it subject to interception and theft. Thus, we have more secure options, like the Very Secure FTP daemon (vsftpd). In this article, we’ll explore how to setup vsftpd under Linux.

How to Set Up Safe FTP in Linux

The vsftp daemon runs in the background and allows you or users you designate, to copy files to and from your linux boxes, using username and password as login credentials. This ability is open to individuals or groups you may want to establish.

VSFTPD features include:

  • Virtual IP configurations
  • Virtual users
  • Standalone or inetd operation
  • Powerful per-user configurability
  • Bandwidth throttling
  • Per-source-IP configurability
  • Per-source-IP limits
  • IPv6
  • Encryption support through SSL integration

The daemon is included in most versions of Linux. If you are using a Debian based distribution like Mint or Ubuntu, open a terminal window and type: sudo apt-get install vsftpd

If you are using a Red Hat based disto, open a terminal window and type: sudo yum install vsftp

How To Configure VSFTP

To configure vsftp, open the vsftpd.conf file in the /etc directory. For instance, if you were using gedit as your text editor, you would type: sudo gedit /etc/vsftpd.conf

First, for a secure setup, you’ll want to disable anonymous access to your ftp server. Change this line: anonymous_enable=YES to anonymous_enable=NO

With anonymous access disabled, you’ll want to allow local users to log in, by uncommenting the following line: #local_enable=YES to local_enable=YES (simply remove the # sign).

Allow write access by uncommenting this line: #write_enable=YES to write_enable=YES

Save and close the file.

Setup an FTP user account:

sudo mkdir -p /home/ftp/ftpuser
sudo useradd ftpuser -d /home/ftp/ftpuser -s /bin/false
sudo passwd ftpuser

Restart your ftp server:

Debian: sudo etc/init.d/vsftpd restart

Red Hat: sudo service vsftpd restart


netstat -a | grep ftp

Run at the command Line:

ftp ip address or hostname: ftp

Other VSFTP Configuration Options

There are many other options you can add to this file:

  • Limiting the maximum number of client connections (max_clients)
  • Limiting the number of connections by source IP address (max_per_ip)
  • Setting the maximum rate of data transfer per anonymous login (anon_max_rate)
  • Setting the maximum rate of data transfer per non-anonymous login (local_max_rate)

VSFTP Considerations and Resources

Potential issues are often as simple as username and password entry errors. But because firewalls are designed to limit access to certain ports, this is a good area to investigate if you experience issues with your installation. Be sure to check out the vsftpd html man page for more information.

Ready to test your skills in Linux? See how they stack up with this assessment from Smarterer, the newest addition to the Pluralsight family. Start this Linux test now