Overview

This guide will show you how to install and configure an FTP(s) server in CentOS.

Prerequisites

Operating System of (s)FTP server : CentOS 7

Installation

01. Update the system package resources

$ sudo yum update

02. (Optional) Install nano, a simple text editor. Or use the default editor “vi”.

$ sudo yum install nano -y

03. Install the SFTP package

$ sudo yum install vsftpd -y

04. Verify that Very Secure FTP (VSFTP) has been installed by checking the version.

$ vsftpd -version

05. Start the service, since it is disabled by default

$ sudo systemctl start vsftpd

06. Set the service to automatically start on boot

$ sudo systemctl enable vsftpd

07. Create the firewall rules to allow FTP traffic on Port 21.

$ sudo firewall-cmd --zone=public --permanent --add-port=21/tcp
$ sudo firewall-cmd --zone=public --permanent --add-service=ftp
$ sudo firewall-cmd --reload

If an error saying that “FirewallD is not running” execute the following first then retry the commands

$ sudo systemctl enable firewalld
$ sudo systemctl start firewalld

# Check that the service is running
$ systemctl status firewalld

Configuration

01. Backup the original version of the VSFTP configuration

$ sudo cp /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf.original

02. Edit the configuration file

$ sudo cp /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf.original

03. For FTP access for registered users. Applicable for registered Users with Password or SSH (or SFTP).

anonymous_enable	NO When enabled non-registered users will be able to access the FTP service. Set the value as “NO” to not allow anonymous access.
local_enable	YES Set value as “YES”
write_enable	Value: YES Uncomment this setting. Set value as “YES”
chroot_local_user	Value: YES Uncomment this setting. Limit the FTP users to their own directory. Set value as “YES”
chroot_list_file	Value: /etc/vsftpd/chroot_list Uncomment this setting and set the value as “/etc/vsftpd/chroot_list”.

Add the following configurations at the bottom.

…

userlist_file=/etc/vsftpd/user_list

userlist_deny=NO

…

04. Restart the service to apply the changes

$ sudo systemctl restart vsftpd

05. Check the status of the service to see if there are errors.

$ sudo systemctl status vsftpd

Configuration – SSL / FTPS

To secure the FTP with SSL/TLS certificate use the following steps. Note that if SSL is configured, anonymous access via Username and Password will not be allowed if you perform the following steps. Only SFTP or registered user with SSH keys configured will be allowed.

Also note that you can also provide or install your own/bought SSL certificate. In this example we will be creating a self-signed certificate.

01. Create the directory to place the SSL file

$ mkdir /etc/ssl/private/

02. Create a new certificate or ignore this and install/copy your own certificate. You will be asked for details on the SSL, this is also standard process if you bought an SSL certificate.

$ sudo openssl req -x509 -nodes -keyout /etc/ssl/private/vsftpd-selfsigned.pem -out /etc/ssl/private/vsftpd-selfsigned.pem -days 365 -newkey rsa:2048

Explanation for the parameters used

req – is a command for X.509 Certificate Signing Request (CSR) management.
x509 – means X.509 certificate data management.
days – validity for the certificate, number of days before it expires
newkey – flag saying this is a new key
rsa:2048 – RSA key processor, will generate a 2048 bit private key
keyout – sets the key storage file
out – sets the certificate storage file

03. Enable the TCP port in the firewall

$ sudo firewall-cmd --zone=public --add-port=990/tcp --permanent

# For passive mode
$ sudo firewall-cmd --zone=public --add-port=40001-40100/tcp --permanent

# Apply the changes
$ sudo firewall-cmd --reload

04. Open the VSFTP configuration for editing

$ sudo nano /etc/vsftpd/vsftpd.conf

05. Add the following at the end of the file

# SSL configuration (TLS v1.2)
ssl_enable=YES
ssl_tlsv1_2=YES
ssl_sslv2=NO
ssl_sslv3=NO

# configure the location of the SSL certificate and key file
rsa_cert_file=/etc/ssl/private/vsftpd-selfsigned.pem
rsa_private_key_file=/etc/ssl/private/vsftpd-selfsigned.pem

# prevent anonymous users from using SSL
allow_anon_ssl=NO
# force all non-anonymous logins to use SSL for data transfer
force_local_data_ssl=YES

# force all non-anonymous logins to use SSL to send passwords
force_local_logins_ssl=YES

# Select the SSL ciphers VSFTPD will permit for encrypted SSL connections with the ssl_ciphers option.
ssl_ciphers=HIGH

# turn off SSL reuse
require_ssl_reuse=NO
pasv_min_port=40001
pasv_max_port=40100

# For debug Purpose
debug_ssl=YES

06. Restart the service to apply the changes

$ sudo systemctl restart vsftpd

07. Check the status of the service to see if there are errors.

$ sudo systemctl status vsftpd

If you try to access the FTP server when using a client that does not use encryption. You will get the following message. Solution for this is to use an account with SFTP (User with SSH key) or FileZilla.

Adding an FTP User

01. Create a new FTP user

Note that using SSH requires the SSH service running. If it is not installed, follow the instructions here on how to install it.

# FORMAT
$ sudo adduser {{username}}

# EXAMPLE
$ sudo adduser sysad

Switch to the new user

# FORMAT
$ sudo su - {{username}}

# EXAMPLE
$ sudo su - sysad

Create SSH directory and update the permissions

$ cd ~
$ mkdir .ssh
$ chmod 700 .ssh
$ nano .ssh/authorized_keys

Set the content of the file with the public key of the user. It should contain something like. You can generate new key using online tools like the one here.

Update the permission of the authorized key

$ chmod 600 .ssh/authorized_keys

Exit from the user session.

$ exit

Restart the SSH service

$ sudo service sshd restart

02. Add a new user to the list FTP users.

# FORMAT
$ echo {{username}} | sudo tee –a /etc/vsftpd/user_list

# EXAMPLE
$ echo sysad | sudo tee –a /etc/vsftpd/user_list

03. Create the directory for the new user, and update the permissions. The following is only a sample structure for the user. Depending on the directory structure is designed the steps may be different. It will also disable accessing of the user directories from other users.

# FORMAT
$ sudo mkdir –p /home/{{username}}/ftp/upload
$ sudo chmod 550 /home/{{username}}/ftp
$ sudo chmod 750 /home/{{username}}/ftp/upload
$ sudo chown –R {{username}}: /home/{{username}}/ftp

# EXAMPLE
$ sudo mkdir -p /home/sysad/ftp/upload
$ sudo chmod 550 /home/sysad/ftp
$ sudo chmod 750 /home/sysad/ftp/upload
$ sudo chown -R sysad: /home/sysad/ftp

04. Create or update the chroot user list. These are the users who are “jailed”, meaning they can only access their own folders.

$ sudo nano /etc/vsftpd/chroot_list

Add the user to the file

# FORMAT
{{username}}

# EXAMPLE
sysad

Removing an FTP User

01. Access the server and execute the following command to remove the user. Add an “-r” before the username to remove the user files.

# FORMAT
$ sudo userdel {{username}}

# EXAMPLE
$ sudo userdel sysad

Remove also the user file.

# FORMAT
$ sudo userdel -r {{username}}

# EXAMPLE
$ sudo userdel -r sysad

Accessing the FTP Server

Via CLI (Ubuntu)

Registered User with SSH key

01. Add the Private key to the SSH session

# FORMAT
$ ssh-add {{private-ssh-key}}

# EXAMPLE
$ ssh-add sysad_key.private

02. Login via SFTP. Accept the fingerprint confirmation the first time this command is executed.

# FORMAT
$ sftp {{username}}@{{hostname-or-ip-address}}

# EXAMPLE
$ sftp [email protected]

03. To list the files and folders of the current working directory.

$ ls -l

04. To change to a directory use “cd”, and use “pwd” to see the current directory.

# FORMAT
$ cd {{sub-directory}}

# EXAMPLE
$ cd ftp

05. To download a file from the FTP server

# FORMAT
$ get {{file-name}}

# EXAMPLE
$ get sample.txt

06. To upload a file to the FTP server. Note that the files you can upload are dependent on the directory where you performed the FTP login. You can also specify an absolute path of the file or directory you want to upload.

# FORMAT
$ put {{file-name}}

# EXAMPLE
$ put sample.txt

Via FileZilla

01. On the “File” menu, select “Site Manager”.

02. Create a new site, and set the settings as follows. Then click on the “Connect” button.

Host	“{{ip-address-or-hostname}}” IP Address or Hostname of the FTP server
Port	“22” SFTP Port, 22 is the default
Protocol	“SFTP – SSH File Transfer Protocol”
Logon Type	“Key file”
User	“{{os-username}}” Example: sysad
Key file	“{{key-file-path}}” Key file in PPK format.

03. On successful authentication, the remote FTP server and its accessible folders will be visible.

For the anonymous user with accessible “pub” directory:

04. To download a file on the right side, there is “Remote site” section that looks like a file system directory and files. Select a file, then right-click to open the context menu. Then select “Download”. The file will be downloaded on the current value of the “Local site” on the left section.

05. To upload a file. Select or navigate the value what file you want to upload on the “Local site”. Then select or navigate the directory for the destination on the “Remote site”. Select the file from the “Local site”, right-click, then select “Upload”.

Select file from local

Click on the “Upload” option.

How To Install And Configure An FTP(s) Server In CentOS

Overview

Prerequisites

Installation

Configuration

Configuration – SSL / FTPS

Adding an FTP User

Removing an FTP User

Accessing the FTP Server

Via CLI (Ubuntu)

Registered User with SSH key

Via FileZilla

Previous Is Your Code Inclusive?

Next 7 Benefits Of Using VPN For Your Business

Suggested Posts

Android Dev Summit 2019 | Advanced Haptics: The When, What, and How of New Haptic APIs

Google I/O 2019 | Chrome OS Accessibility for Android Developers

Google Cloud Next 2019 | NYC Strong: Intelligence, Security, and Response on GCP

How The Words ‘Bug’ And ‘Debug’ Made It To The World Of Computers

How To Install TensorFlow

Amazon Expands In Santa Barbara And Announces Plans To Create 150 Tech Jobs In Central California

DataStax Opens Registration For World’s Largest Apache Cassandra™ NoSQL Event

IOTA And The Eclipse Foundation Launch Working Group To Develop Commercial Applications On Distributed Ledger Technology

Centra Health Delivers Superior Patient Care With Oracle Cloud Applications

SaltStack Infrastructure Automation Now Integrated With Tenable.io For Closed-Loop Vulnerability Remediation

Dynatrace Enables Speed And Confidence In U.S. Government Agency’s Migration To The Cloud

Huawei Predicts 10 Emerging Trends In Telecom Energy In The Next 5 Years

Oracle Announces Oracle Cloud Data Science Platform

SAP Named A Leader In IDC MarketScape For Supply Chain Planning

TI’s EMI-optimized Integrated Transformer Technology Miniaturizes Isolated Power Transfer Into IC-sized Packaging

High-Tech Shortages Loom As Coronavirus Shutdowns Hit Manufacturers

DataStax Opens Registration For World’s Largest Apache Cassandra™ NoSQL Event

IOTA And The Eclipse Foundation Launch Working Group To Develop Commercial Applications On Distributed Ledger Technology

Centra Health Delivers Superior Patient Care With Oracle Cloud Applications

SaltStack Infrastructure Automation Now Integrated With Tenable.io For Closed-Loop Vulnerability Remediation

Dynatrace Enables Speed And Confidence In U.S. Government Agency’s Migration To The Cloud

Huawei Predicts 10 Emerging Trends In Telecom Energy In The Next 5 Years

MENU

More Stories

IBM Unveils z15 With Industry-First Data Privacy Capabilities