Setup FTP on Google Cloud with VSFTP on Ubuntu 18.04. In this guide you are going to learn how to setup a FTP server and provide access to particular directory as chroot for a user.
This setup is tested on Google Compute Engine VM Instance running Ubuntu 18.04 LTS. This post also works fine for AWS EC2 Instance or DigitalOcean Droplet or Kamatera or Vultr or any other cloud hosting servers or VPS or Dedicated.
Prerequisites for Google Cloud
If you are using Google Cloud Platform to setup FTP you need the following steps to be done.
- A running Compute Engine, see the Setting up Compute Engine Instance with Ubuntu 18.04.
- Completed the initial Ubuntu server setup.
Prerequisites for AWS
- A running EC2 Instance. Learn how to create an AWS EC2 instance.
- Assigned a Elastic IP to your EC2 Instance.
- Successful SSH connection to your EC2 Instance.
SSH to your EC2 Instance and perform the steps listed below.
Steps to setup FTP on Google Cloud/AWS
- Setup you Virtual Machine Instance
- Completing the initial server setup
- Configure Firewall rules
- Create a new user
- Install VSFTP FTP server
- Configure FTP
- Verify the setup
I assume you have your server setup and configured.
Setup Firewall rules
You can configire FTP on any port you wish, now you will configure it in the default port 21, so you need to create a firewall rule to provide access to these ports.
We also open ports 40000 – 50000 for passive mode connections.
Go to VPC Network >> Firewall rules and click Create Firewall rules.
In Name enter ftp
In Targets select All instances in the network
In Source filter select IP ranges
In Source IP ranges enter 0.0.0.0/0
In Protocols and ports check TCP and enter 20, 21, 990, 40000-50000.
Click Create.
Allow FTP ports in UFW
If you are using UFW in your server make sure to open the port to allow connections to your server otherwise you cannot connect.
sudo ufw allow 20/tcp sudo ufw allow 21/tcp sudo ufw allow 990/tcp sudo ufw allow 40000:50000/tcp
Create a new user
Now you can create a new user using the following command to test the FTP.
sudo useradd -m -c "Name, Role" -s /bin/bash username
Setup a password for that user.
sudo passwd username
Install VSFTP server
VSFTP is a Very Secure File Transfer Protocol for Linux based systems. By default AWS or Google Cloud won’t allow password based authentication to the Virtual Machine instances.
With VSFTP you can run your own FTP server and create users and assign them to any directory and prevent access to other directories using chroot also.
Now you can install VSFTP using the following command.
sudo apt install vsftpd
Once the installation is completed you can configure VSFTP.
Configure VSFTP
Start by creating a backup of the original VSFTP configuration file.
sudo cp /etc/vsftpd.conf /etc/vsftpd.conf.orig
Edit the vsftpd.conf file and make the following changes.
sudo nano /etc/vsftpd.conf
Modify the following directives.
listen=YES listen_ipv6=NO
Uncomment the following directives.
write_enable=YES local_umask=022 chroot_local_user=YES
Add these configurations to the last.
seccomp_sandbox=NO allow_writeable_chroot=YES userlist_enable=YES userlist_file=/etc/vsftpd.userlist userlist_deny=NO tcp_wrappers=YES user_sub_token=$USER user_config_dir=/etc/vsftpd/user_config_dir pasv_min_port=40000 pasv_max_port=50000
Here you have configured a userlist_file which holds the list of FTP users and user_config_dir to hold the user specific configurations.
Add the user you have created before in the userlist file.
echo "username" | sudo tee -a /etc/vsftpd.userlist
This command will create a file with the name vsftpd.userlist and add the user to it and outputs the added user in the terminal.
Create a directory with the name user_config_dir to hold the user specific configurations.
sudo mkdir -p /etc/vsftpd/user_config_dir
Create a new file with the name same as the username inside this directory.
sudo nano /etc/vsftpd/user_config_dir/username
Add the following line to that file.
local_root=/path/to/your/directory
Save the file and exit the editor.
Finally restart VSFTP.
sudo systemctl restart vsftpd
Prevent SSH Access
Now you need to prevent SSH access to the newly created user by adding the DenyUsers directive in your sshd_config.
sudo nano /etc/ssh/sshd_config
Add the following line to the bottom of the file.
DenyUsers username other-user
You can add multiple users separated by a space.
Restart SSH.
sudo systemctl restart ssh
Prepare yourself for a role working as an Information Technology Professional with Linux operating system
Verify the Setup
Now open your FTP client and enter your server external IP address as hostname, Port as 21, username with the username you created before and with the password.
Now you will be logged in to the server and you can only access the folder that is assigned to you.
Conclusion
Now you have learned how to setup FTP on your VM instance on Google Cloud Platform.
Thanks for your time. If you face any problem or any feedback, please leave a comment below.
2 Comments
Thanks a lot for the descriptive guide.
I have followed up till the “Go to VPC Network >> Firewall rules and click Create Firewall rules” section in the tutorial.
It seems I can’t find the appropriate section in my AWS dashboard.
Rather, this is what I have under my VPC dashboard:
VPC – AWS Network Firewall – Firewalls; Firewall policies; Network Firewall rule groups.
I seem not to be able to find the appropriate section:
In Name enter ftp
In Targets select All instances in the network
In Source filter select IP ranges.
However, I created a firewall and named it ftp. The challenge is that I can’t find any Targets to select all instances in the network.
Any help pls?
In AWS you need add the rules in the Security Group