FTP server is computer software that allows uploading, downloading, deleting files, and creating or making directories via a File Transfer Protocol (FTP) connection. FTP is a protocol that transfers files between a server (the sender)and a client (the receiver).
FTP server serves as an intermediary for computers that transfer files on the network. FTP servers allow users to sign in by providing a username and a password to access the files. FTP can also provide access to users without login credentials but these users generally have limited access.
What is ProFTPD?
ProFTPD is a secure and configurable FTP daemon that provides system administrators great flexibility in user authentication and access controls.
- It has a single configuration file.
- Can run as a stand-alone server or from inetd/xinetd.
- Anonymous FTP and chroot directories.
- Multiple Password files.
- Supports virtual users.
- Offers visibility of directories controlled based on user ownership.
- Multiple authentication methods like PAM and LDAP.
This guide will show you how to install and configure an FTP server on Ubuntu using ProFTPD.
Install FTP server on Ubuntu using ProFTPD
We have to install the ProFTPD server first on our system.
Install ProFTPD Server
Update your package index.
sudo apt update && sudo apt upgrade -y
Then install ProFTPD using the following command.
sudo apt install proftpd -y
Check if the version to confirm installation was completed successfully.
$ proftpd -v ProFTPD Version 1.3.6c
Start and enable the service on startup
sudo systemctl start proftpd sudo systemctl enable proftpd
Then verify the status using the following command.
$ systemctl status proftpd ● proftpd.service - LSB: Starts ProFTPD daemon Loaded: loaded (/etc/init.d/proftpd; generated) Active: active (running) since Thu 2022-04-28 00:35:27 EAT; 56s ago Docs: man:systemd-sysv-generator(8) Tasks: 1 (limit: 4628) Memory: 2.1M CGroup: /system.slice/proftpd.service └─50219 proftpd: (accepting connections) Elb 28 00:35:27 ubuntu20 systemd: Starting LSB: Starts ProFTPD daemon... Elb 28 00:35:27 ubuntu20 proftpd: * Starting ftp server proftpd Elb 28 00:35:27 ubuntu20 proftpd: 2022-04-28 00:35:27,301 ubuntu20 proft> Elb 28 00:35:27 ubuntu20 proftpd: ...done. Elb 28 00:35:27 ubuntu20 systemd: Started LSB: Starts ProFTPD daemon.
To configure ProFTPD, we will edit the configuration file.
sudo nano /etc/proftpd/proftpd.conf
Edit the setting shown below. You can put the server name to the one you want.
ServerName "serverostname" DefaultRoot ~
The second setting requires you to comment it out. It ensures that any user is restricted to their home directory and cannot access the whole file system from FTP. Save and exit the file.
Restart the server to save changes.
sudo systemctl restart proftpd
Create an FTP User
Create a user and set their password. Input the other fields as you wish or press Enter to skip.
$ sudo adduser ftpuser Adding user `ftpuser' ... Adding new group `ftpuser' (1004) ... Adding new user `ftpuser' (1002) with group `ftpuser' ... Creating home directory `/home/ftpuser' ... Copying files from `/etc/skel' ... New password: Retype new password: passwd: password updated successfully Changing the user information for ftpuser Enter the new value, or press ENTER for the default Full Name : Room Number : Work Phone : Home Phone : Other : Is the information correct? [Y/n] Y
Now create a file to test for uploading of files over the FTP server in the user’s home directory.
echo "ftp test file" | sudo tee /home/ftpuser/test.txt
Configure TLS for ProFTPD on Ubuntu
Create a new OpenSSL certificate and use the -days flag to make it valid for a year.
sudo openssl req -x509 -newkey rsa:2048 -keyout /etc/ssl/private/proftpd.key -out /etc/ssl/certs/proftpd.crt -nodes -days 365
You will be prompted for information on your new certificate. You can fill or skip the parts.
Generating a RSA private key .............+++++ ........+++++ writing new private key to '/etc/ssl/private/proftpd.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:KE State or Province Name (full name) [Some-State]:Nairobi Locality Name (eg, city) :Nairobi Organization Name (eg, company) [Internet Widgits Pty Ltd]:Technixleo Organizational Unit Name (eg, section) : Common Name (e.g. server FQDN or YOUR name) : Email Address :
Two files will be created. The certificate is stored under “/etc/ssl/certs/proftpd.crt” and the private key under “/etc/ssl/private/proftpd.key“.
Then open the default tls configuration file
sudo nano /etc/proftpd/tls.conf
Comment out and edit the following lines to configure TLS connections.
TLSEngine on TLSLog /var/log/proftpd/tls.log TLSProtocol SSLv23 TLSRSACertificateFile /etc/ssl/certs/proftpd.crt TLSRSACertificateKeyFile /etc/ssl/private/proftpd.key TLSOptions NoCertRequest EnableDiags NoSessionReuseRequired TLSVerifyClient off TLSRequired on
Save and exit the file.
Open ProFTPD configuration file
sudo nano /etc/proftpd/proftpd.conf
Find the following line and comment it out.
Save and exit the file. Then restart the service to save the TLS configuration.
sudo systemctl restart proftpd
You can enable UFW by using the following command.
sudo ufw enable
Configure the firewall to allow ports 20 (FTP command port), 21 (FTP data port), and 990/tcp for TLS.
sudo ufw allow 20,21,990/tcp
Then check the firewall status by using the following command.
$ sudo ufw status Status: active To Action From -- ------ ---- 20,21,990/tcp ALLOW Anywhere 20,21,990/tcp (v6) ALLOW Anywhere (v6)
Access FTP server via an FTP client (Filezilla)
For this guide, I will use FileZilla. To install use the following command.
sudo apt install filezilla
Launch the client from the Application launcher as shown below.
Click on-site manager on the icon shown below.
Then click on New Site.
Fill in the Host field with your IP address and can leave the port empty or type 21 which is the default port. Under the Encryption drop-down menu, select Require explicit FTP over TLS from the menu. Fill in your FTP username and password with the ones we created above. Click the Connect button to proceed.
It will show you the certificate like the one below. Click OK to continue.
Click OK and you will be connected to the server as shown below.
We will upload the file we created to test if uploads are successful. You can just drag the file to the remote directory to transfer it.
Next will be to test downloading of files. Rename the file and drag it to the home directory of the user as that is where the user is restricted to.
The upload and download test is successful as shown above.
From this guide, we have gone through installing ProFTPD in Ubuntu systems. We have configured ProFTPD with TLS connections. We have also connected and accessed the FTP Server via the FileZilla client and tested the uploading and downloading files.
More guides to check out on the website: