Learn how to install secure FTP server on CentOS 8 with our detailed guide. Follow step-by-step instructions to set up and configure an FTP server with enhanced security features for safe file transfers. #centlinux #linux #ftp
Table of Contents
What is FTP Server?
An FTP (File Transfer Protocol) server is a software application that facilitates the transfer of files between computers over a network. It operates based on the FTP protocol, which is a standard network protocol used for the transfer of files from one host to another over a TCP-based network, such as the Internet. Here are the key aspects of an FTP server:
Key Features of an FTP Server
- File Transfers:
- Allows users to upload (send) and download (receive) files between their local computer and the server.
- Supports various file types, including documents, images, videos, and software.
- User Authentication:
- Users typically need to provide a username and password to access the server.
- Can support anonymous access where users log in with a generic username like “anonymous.”
- Directory Management:
- Users can navigate through directories and subdirectories on the server.
- Allows for creating, deleting, and renaming directories and files.
- Access Control:
- Administrators can set permissions to control who can read, write, or execute files.
- Provides the ability to limit access to certain files or directories.
- Data Transfer Modes:
- Supports two main transfer modes: ASCII (text) and binary (non-text, such as images or videos).
- Ensures that files are transferred in the appropriate format without corruption.
- Security Features:
- Can be configured to use secure protocols like FTPS (FTP Secure) and SFTP (SSH File Transfer Protocol) to encrypt data and ensure secure file transfers.
- Protects sensitive information such as login credentials and transferred data.
Recommended Online Training: Learn Bash Shell in Linux for Beginners
Common Uses for FTP Servers
- Website Management: Web developers use FTP servers to upload and manage website files on their web hosting server.
- File Sharing: Organizations use FTP servers to share files with clients, partners, and employees securely.
- Backup and Storage: FTP servers are used for backing up important data and storing large files that need to be accessed remotely.
- Software Distribution: Software companies use FTP servers to distribute software updates and patches to users.
How an FTP Server Works
- Server Setup: The FTP server software is installed and configured on a server machine. Popular FTP server software includes vsftpd, ProFTPD, and FileZilla Server.
- Client Connection: Users connect to the FTP server using an FTP client application, such as FileZilla, WinSCP, or the command line FTP client.
- Authentication: Users authenticate with their username and password (or anonymously) to gain access to the server.
- File Operations: Once connected, users can upload, download, and manage files and directories on the server according to their permissions.
- Secure Transfers: If configured, data is transferred securely using encrypted protocols like FTPS or SFTP, protecting against interception and tampering.
Conclusion
FTP servers are essential tools for facilitating file transfers and managing data across networks. They are widely used in various industries for web development, file sharing, data backup, and software distribution. While traditional FTP is still common, secure variants like FTPS and SFTP are recommended for enhanced security.
In this lab, you will learn how to install Secure FTP server on CentOS 8 using vsftpd.
Instructions in this article are of advance level, if you are new in Linux world then we strongly recommend you to read Red Hat RHCSA 8 Cert Guide: EX200 (Certification Guide) (PAID LINK) by Pearson IT Certification. It will provides basic to intermediate knowledge about RHEL (Red Hat Enterprise Linux) 8 or CentOS 8.
Environment Specification
We are using a minimal installed CentOS 8 virtual machine with following specification.
FTP Server
- CPU – 3.4 Ghz (2 cores)
- Memory – 2 GB
- Storage – 20 GB
- Operating System – CentOS 8.0
- Hostname – ftp-server.sysadminlabs.com
- IP Address – 192.168.116.217 /24
FTP Client
- CPU – 3.4 Ghz (2 cores)
- Memory – 2 GB
- Storage – 20 GB
- Operating System – CentOS 8.0
- Hostname – ftp-client.sysadminlabs.com
- IP Address – 192.168.116.218 /24
Install vsftpd on CentOS 8
Connect with ftp-server.sysadminlabs.com as root user by using a ssh tool like PuTTY.
vsftpd (Very Secure FTP Daemon) is the software package that has been used since long for configuring FTP services on Linux. Here, we will use vsftpd to install secure FTP server.
vsftpd is available in default yum repositories and therefore it can be installed using a dnf command.
# dnf install -y vsftpd
Take backup of existing vsftpd.conf file.
# cp /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf.org
Now edit vsftpd configuration file.
# vi /etc/vsftpd/vsftpd.conf
Find and set following directives therein.
anonymous_enable=NO # disable anonymous users local_enable=YES # allow local users write_enable=YES # allow ftp write commands local_umask=022 # set default umask dirmessage_enable=YES # enable messages on change directory xferlog_enable=YES # enable logging of uploads and downloads connect_from_port_20=YES # ensure PORT transfer connections from port 20 (ftp-data) xferlog_std_format=YES # keep standard log format listen=NO # prevent vsftpd run in stand alone mode listen_ipv6=YES # allow vsftpd to listen on IPv6 socket pam_service_name=vsftpd # set PAM Service name to vsftpd
Configure User List in vsftpd
Users that are allowed/deny to use FTP service are listed in a user_list file.
Default user_list file is located at /etc/vsftpd/user_list, we can add or remove FTP users in this file.
By default, all the users in the user_list are denied to access FTP service.
We have to explicitly allow users in user_list by setting following directives in vsftpd.conf file.
userlist_enable=YES # enable vsftpd to load usernames userlist_deny=NO # allow access to users in userlist
Enable FTP Chroot Jail
To restrict FTP users in a chrooted environment, add following two directives in vsftpd.conf file.
chroot_local_user=YES # Create chrooted environment for users allow_writeable_chroot=YES # Allow write permission to user on chroot jail directory
Generate a TLS certificate:
The FTP service does not use encryption. Therefore, it transfers data and login credentials in plain text. This makes FTP service highly vulnerable to Sniffing and Men in the Middle attacks.
However, we can configure Secure FTP (FTPS), to encrypt the communication between server and clients.
Now, generate a TLS (Transport Layer Security) certificate by using following command.
# openssl req -x509 -nodes -keyout /etc/vsftpd/vsftpd.key -out /etc/vsftpd/vsftpd.pem -days 365 -newkey rsa:2048 Generating a RSA private key .............................+++++ ....................+++++ writing new private key to '/etc/vsftpd/vsftpd.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:PK State or Province Name (full name) []:Sindh Locality Name (eg, city) [Default City]:Karachi Organization Name (eg, company) [Default Company Ltd]:Ahmer's SysAdmin Recipes Organizational Unit Name (eg, section) []:IT LAB Common Name (eg, your name or your server's hostname) []:ftp-server.sysadminlabs.com Email Address []:root@ftp-server.sysadminlabs.com
Edit vsftpd.conf file to configure FTP service to use the TLS certificate.
# vi /etc/vsftpd/vsftpd.conf
Add following directives in this file.
ssl_enable=YES # Enable vsftpd Secure connections ssl_sslv2=NO # Disallow SSL v2 protocol connections ssl_sslv3=NO # Disallow SSL v3 protocol connections ssl_tlsv1_2=YES # Allow TLS v1.2 protocol connections rsa_cert_file=/etc/vsftpd/vsftpd.pem # Location of TLS certificate rsa_private_key_file=/etc/vsftpd/vsftpd.key # Location of Private Key allow_anon_ssl=NO # Disallow Anonymous Access force_local_data_ssl=YES # Force users to use SSL connection for data transfer force_local_logins_ssl=YES # Force users to use SSL connection for credentials require_ssl_reuse=NO # Disable SSL session reuse ssl_ciphers=HIGH pasv_min_port=30000 # Min port number to define a range for PASV connections pasv_max_port=31000 # Max port number to define a range for PASV connections debug_ssl=YES # Dump OpenSSL diagnostics in vsftpd log file
Allow Secure FTP (FTPS) and Passive FTP ports in Linux firewall.
# firewall-cmd --permanent --add-port=30000-31000/tcp success # firewall-cmd --permanent --add-port=990/tcp success # firewall-cmd --reload success
Start and enable vsftpd service.
# systemctl enable --now vsftpd.service Created symlink /etc/systemd/system/multi-user.target.wants/vsftpd.service รข /usr/lib/systemd/system/vsftpd.service.
Create a CentOS 8 User to access Secure FTP Service
Create a user for using Secure FTP service.
# useradd ahmer # passwd ahmer Changing password for user ahmer. New password: Retype new password: passwd: all authentication tokens updated successfully.
Add this user to allowed user_list.
# echo ahmer >> /etc/vsftpd/user_list
Our Secure FTP server has been configured successfully.
Test Secure FTP Server from CentOS 8 client
To connect to our Secure FTP server, we need a FTP client software.
There are many FTP clients are available in default yum repository of CentOS 8.
We are installing lftp: a sophisticated ftp/http file transfer program. By using lftp client we will test our Secure FTP server.
# dnf install -y lftp
Because our Secure FTP server uses a self-signed TLS certificate, therefore, the lftp client displays follow warning.
“Fatal error: Certificate verification: Not trusted”
To suppress this warning, we can add following directive in lftp configuration file.
# echo "set ssl:verify-certificate no" >> /etc/lftp.conf
Connect to Secure FTP service using lftp command.
# lftp ahmer@ftp-server Password: lftp ahmer@ftp-server:~>
Now test our Secure FTP server by executing some FTP commands.
lftp ahmer@ftp-server:~> ls -rw-r--r-- 1 1000 1000 91 Jan 29 16:45 resolv.conf lftp ahmer@ftp-server:/> put /etc/hosts 214 bytes transferred lftp ahmer@ftp-server:/> ls -rw-r--r-- 1 1000 1000 214 Jan 30 14:20 hosts -rw-r--r-- 1 1000 1000 91 Jan 29 16:45 resolv.conf lftp ahmer@ftp-server:/> exit
Our Secure FTP server on CentOS 8 is working fine.
Final Thoughts
Setting up a secure FTP server on CentOS 8 is essential for ensuring safe and efficient file transfers within your network. By following the correct installation and configuration steps, you can protect your data and maintain robust security for your file transfer operations.
For a detailed, step-by-step guide on how to install a secure FTP server on CentOS 8, check out my Fiverr gig: Install & Configure Secure FTP Server. I offer expert assistance to help you set up and configure your FTP server securely and effectively.
If you have any questions or need additional support, feel free to reach out!