How To Configure FTP Server on Ubuntu using ProFTPD

FTP server is computer software that allows uploading, downloading, deleting files, and creating or making directories via a File Transfer Protocol (FTP) connection. FTP is a protocol that transfers files between a server (the sender)and a client (the receiver).

FTP server serves as an intermediary for computers that transfer files on the network. FTP servers allow users to sign in by providing a username and a password to access the files. FTP can also provide access to users without login credentials but these users generally have limited access.

What is ProFTPD?

ProFTPD is a secure and configurable FTP daemon that provides system administrators great flexibility in user authentication and access controls.

Features

• It has a single configuration file.
• Can run as a stand-alone server or from inetd/xinetd.
• Anonymous FTP and chroot directories.
• Multiple Password files.
• Supports virtual users.
• Offers visibility of directories controlled based on user ownership.
• Multiple authentication methods like PAM and LDAP.

This guide will show you how to install and configure an FTP server on Ubuntu using ProFTPD.

Install FTP server on Ubuntu using ProFTPD

We have to install the ProFTPD server first on our system.

Install ProFTPD Server

Update your package index.

sudo apt update && sudo apt upgrade -y

Then install ProFTPD using the following command.

sudo apt install proftpd -y

Check if the version to confirm installation was completed successfully.

$ proftpd -v
ProFTPD Version 1.3.6c

Start and enable the service on startup

sudo systemctl start proftpd
sudo systemctl enable proftpd

Then verify the status using the following command.

$ systemctl status proftpd
● proftpd.service - LSB: Starts ProFTPD daemon
     Loaded: loaded (/etc/init.d/proftpd; generated)
     Active: active (running) since Thu 2022-04-28 00:35:27 EAT; 56s ago
       Docs: man:systemd-sysv-generator(8)
      Tasks: 1 (limit: 4628)
     Memory: 2.1M
     CGroup: /system.slice/proftpd.service
             └─50219 proftpd: (accepting connections)

Elb 28 00:35:27 ubuntu20 systemd[1]: Starting LSB: Starts ProFTPD daemon...
Elb 28 00:35:27 ubuntu20 proftpd[50210]:  * Starting ftp server proftpd
Elb 28 00:35:27 ubuntu20 proftpd[50218]: 2022-04-28 00:35:27,301 ubuntu20 proft>
Elb 28 00:35:27 ubuntu20 proftpd[50210]:    ...done.
Elb 28 00:35:27 ubuntu20 systemd[1]: Started LSB: Starts ProFTPD daemon.

To configure ProFTPD, we will edit the configuration file.

sudo nano /etc/proftpd/proftpd.conf

Edit the setting shown below. You can put the server name to the one you want.

ServerName  "serverostname"
DefaultRoot ~

The second setting requires you to comment it out. It ensures that any user is restricted to their home directory and cannot access the whole file system from FTP. Save and exit the file.

Restart the server to save changes.

sudo systemctl restart proftpd

Create an FTP User

Create a user and set their password. Input the other fields as you wish or press Enter to skip.

$ sudo adduser ftpuser
Adding user `ftpuser' ...
Adding new group `ftpuser' (1004) ...
Adding new user `ftpuser' (1002) with group `ftpuser' ...
Creating home directory `/home/ftpuser' ...
Copying files from `/etc/skel' ...
New password: 
Retype new password: 
passwd: password updated successfully
Changing the user information for ftpuser
Enter the new value, or press ENTER for the default
	Full Name []: 
	Room Number []: 
	Work Phone []: 
	Home Phone []: 
	Other []: 
Is the information correct? [Y/n] Y

Now create a file to test for uploading of files over the FTP server in the user’s home directory.

echo "ftp test file" | sudo tee /home/ftpuser/test.txt

Configure TLS for ProFTPD on Ubuntu

Create a new OpenSSL certificate and use the -days flag to make it valid for a year.

sudo openssl req -x509 -newkey rsa:2048 -keyout /etc/ssl/private/proftpd.key -out /etc/ssl/certs/proftpd.crt -nodes -days 365

You will be prompted for information on your new certificate. You can fill or skip the parts.

Generating a RSA private key
.............+++++
........+++++
writing new private key to '/etc/ssl/private/proftpd.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:KE
State or Province Name (full name) [Some-State]:Nairobi
Locality Name (eg, city) []:Nairobi
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Technixleo
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:
Email Address []:

Two files will be created. The certificate is stored under “/etc/ssl/certs/proftpd.crt” and the private key under “/etc/ssl/private/proftpd.key“.

Then open the default tls configuration file

sudo nano /etc/proftpd/tls.conf

Comment out and edit the following lines to configure TLS connections.

TLSEngine                          on
TLSLog                              /var/log/proftpd/tls.log
TLSProtocol                       SSLv23
TLSRSACertificateFile         /etc/ssl/certs/proftpd.crt
TLSRSACertificateKeyFile    /etc/ssl/private/proftpd.key
TLSOptions                       NoCertRequest EnableDiags NoSessionReuseRequired
TLSVerifyClient                 off
TLSRequired                     on

Save and exit the file.

Open ProFTPD configuration file

sudo nano /etc/proftpd/proftpd.conf

Find the following line and comment it out.

Include /etc/proftpd/tls.conf

Save and exit the file. Then restart the service to save the TLS configuration.

sudo systemctl restart proftpd

You can enable UFW by using the following command.

sudo ufw enable

Configure the firewall to allow ports 20 (FTP command port), 21 (FTP data port), and 990/tcp for TLS.

sudo ufw allow 20,21,990/tcp

Then check the firewall status by using the following command.

$ sudo ufw status
Status: active

To                         Action      From
--                         ------      ----
20,21,990/tcp              ALLOW       Anywhere                  
20,21,990/tcp (v6)         ALLOW       Anywhere (v6) 

Access FTP server via an FTP client (Filezilla)

For this guide, I will use FileZilla. To install use the following command.

sudo apt install filezilla

Launch the client from the Application launcher as shown below.

Click on-site manager on the icon shown below.

Then click on New Site.

Fill in the Host field with your IP address and can leave the port empty or type 21 which is the default port. Under the Encryption drop-down menu, select Require explicit FTP over TLS from the menu. Fill in your FTP username and password with the ones we created above. Click the Connect button to proceed.

It will show you the certificate like the one below. Click OK to continue.

Click OK and you will be connected to the server as shown below.

We will upload the file we created to test if uploads are successful. You can just drag the file to the remote directory to transfer it.

Next will be to test downloading of files. Rename the file and drag it to the home directory of the user as that is where the user is restricted to.

The upload and download test is successful as shown above.

Conclusion

From this guide, we have gone through installing ProFTPD in Ubuntu systems. We have configured ProFTPD with TLS connections. We have also connected and accessed the FTP Server via the FileZilla client and tested the uploading and downloading files.

More guides to check out on the website:

• Install Zsh and Oh-My-Zsh on Kubuntu/KDE Neon/Ubuntu
• Install Snapd and Snap Packages on Solus Linux
• How To Install and Use GNS3 on KDE Neon / Kubuntu