Install and setup vsftpd on AWS server

  sonic0002        2015-02-02 02:20:27       10,119        0    

When developing websites, frequently we may need to upload source codes to the remote server. To ease of thew work, many website developers set up FTPs to upload the files. This post is a tutorial on how to install and setup vsftpd on a server. vsftpd is a very popular FTP service on Unix-like systems.

Open command terminal, then install the vftpd by issuing command

yum install vsftpd

or

sudo apt-get install vsftpd

After installing the vsftpd, the config file needs to be updated based on the operating mode preferred.

The first thing to be done is to disable the anonymous login in vsftpd.conf

# Disable anonymous_enable is optional.
anonymous_enable=NO

And also update whom to be allowed to access the server, usually local access is allowed, so update below

local_enable=YES

Next, you need to create a local FTP user to access specified folders on the server. This can be achieved by specifying command

useradd [username]
passwd [password]

When you connect using a FTP client, this username and password can be used to connect to the server. You can also constraint the directory accessed by this user. You can specify the home directory for the FTP user by issuing below command

usermod -d [home_directory] [username]

Then, more updates to be done in vsftpd.conf. There are two operating modes for FTP : Passive mode and active mode. For the differences of these two, please refer to FTP active mode and passive mode.

Passive mode is recommended when performing FTP connection. To enable passive mode, below settings need to be added in the /etc/vsftpd/vsftpd.conf:

pasv_enable=YES
pasv_min_port=41361
pasv_max_port=65534
pasv_address=xxx.xxx.xxx.xxx

The pasv_min_port and pasv_max_port restricts the port range which can be used for data connection. In some firewall settings, not all ports are allowed. So consult with the firewall policies before setting the correct port range. As for the pasv_address, it is the IP address for the public facing IP address of the server for servers behind Network Address Translation (NAT) firewalls. This enables vsftpd to hand out the correct return address for passive mode connections.

If somehow active mode is preferred, need to enable active mode by updating vsftpd.conf.

pasv_enable=NO

After updating the vsftpd.conf, the service needs to be restarted.

sudo service vsftpd restart

If you have configured the FTP server to allow connecting with passive mode and if your FTP client is using passive mode(which is default for many FTP clients), please ensure the port range between pasv_min_port and pasv_max_port in vsftpd.conf are open on the AWS server where the FTP server is configured. Otherwise, you would see director listing error.

FTP  VSFTPD  AWS  PASSIVE  ACTIVE 

       

  RELATED


  0 COMMENT


No comment for this article.



  RANDOM FUN

Cute Twitter release note