LowEndBox - Cheap VPS, Hosting and Dedicated Server Deals

How to Setup FTP Server with VSFTPD on CentOS 8

Tags: , , , , Date/Time: June 26, 2021 @ 5:03 am, by Jon Biloh

How to Setup FTP Server with VSFTPD on CentOS 8

This article was contributed by the folks at RackNerd – a provider of shared hosting, reseller hosting, VPS hosting, dedicated servers, DRaaS, colocation, and more. If you are looking for an affordable hosting service, be sure to check out RackNerd.

File Transfer Protocol, or FTP, is a type of network protocol that lets you transfer files between a remote system on your network and your computer. The client-server model that the FTP is built upon utilizes separate connections for data and control between the remote system and your computer.

If you want to set up an FTP server on your CentOS 8 remote server, then keep reading this guide!

For Linux based systems, there are numerous available open-source FTP servers. However, today, we will be guiding you on how to install the most commonly used one of them. That is VSFTPD – which stands for: Very Secure FTP Daemon.

The VSFTPD software works on an encrypted transmission through SSL; thus, it is secure and fast.

Let’s start with the installation process:

Step 1. Install VSFTPD

You don’t need to download anything for this step, as VSFTPD is in the CentOS repositories by default.

Run the following command to install it:

sudo dnf install vsftpd

Step 2. Enable VSFTPD

Once the package is installed, we need to start the service and make it run when the system boots up.

Run the following command:

sudo systemctl enable vsftpd –now

You can verify the status of VSFTPD by executing this command:

sudo systemctl status vsftpd

Step 3. Configuring VSFTPD

Now that VSFTPD is installed and running, we need to make changes to its config file for our use case.

The config file is stored at /etc/vsftpd/vsftpd.conf

Open the file with this command:

sudo nano /etc/vsftpd/vsftpd.conf

We need to make several changes to this file.

  1. Allow local access:

Locate the following lines in the file and match them to these:

“anonymous_enable=NO

local_enable=YES”

  1. Enable write access:

Locate the following lines in the file and match them to these:

“write_enable=YES”

  1. Place root restrictions

Locate the following lines in the file and match them to these:

“chroot_local_user=YES”

  1. Specify the range of ports

We need to set up the range of ports that can be used by the passive FTP connections. We can do that by adding the following lines to the config file:

“pasv_min_port=30000

pasv_max_port=31000”

Step 4. Set up SSL for FTP connections

The VSFTPD works through SSL connections, and we need to have a certificate configured for that. That certificate can either be signed by a trusted CA or can be self-signed.

The following command will show you how you can create a self-signed certificate with a 2048-bit private key:

sudo openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /etc/vsftpd/vsftpd.pem -out /etc/vsftpd/vsftpd.pem

Now, open the config file for VSFTPD again and match it with the following lines:

“rsa_cert_file=/etc/vsftpd/vsftpd.pem

rsa_private_key_file=/etc/vsftpd/vsftpd.pem

ssl_enable=YES”

Step 5. Restart the VSFTPD service

Now, we are done with the configuration process of the FTP server and the SSL connection.

Restart the VSFTPD server with this command:

sudo systemctl restart vsftpd

Step 6. Configure the firewall

Once everything is set up, we need to configure the firewall to allow FTP connections. You can skip this step if you have firewalld/iptables disabled on your server.

Otherwise, that can be done with following command:

sudo firewall-cmd –permanent –add-port=20-21/tcp

sudo firewall-cmd –permanent –add-port=30000-31000/tcp

firewall-cmd –reload

What is your preferred FTP server? Have you set up VSFTPD before? Please leave your feedback in the comments section below!

I'm Jon Biloh and I own LowEndBox and LowEndTalk. I've spent my nearly 20 year career in IT building companies and now I'm excited to focus on building and enhancing the community at LowEndBox and LowEndTalk.

No Comments

    Leave a Reply

    Some notes on commenting on LowEndBox:

    • Do not use LowEndBox for support issues. Go to your hosting provider and issue a ticket there. Coming here saying "my VPS is down, what do I do?!" will only have your comments removed.
    • Akismet is used for spam detection. Some comments may be held temporarily for manual approval.
    • Use <pre>...</pre> to quote the output from your terminal/console, or consider using a pastebin service.

    Your email address will not be published. Required fields are marked *