Google Cloud AWS

Setup FTP on Google Cloud/AWS with VSFTP on Ubuntu 18.04

Disclosure: This post may contain affiliate links, which means we may receive a commission if you click a link and purchase something that we recommended.

Pinterest LinkedIn Tumblr

Setup FTP on Google Cloud with VSFTP on Ubuntu 18.04. In this guide you are going to learn how to setup a FTP server and provide access to particular directory as chroot for a user.

This setup is tested on Google Compute Engine VM Instance running Ubuntu 18.04 LTS. This post also works fine for AWS EC2 Instance or DigitalOcean Droplet or Kamatera or Vultr or any other cloud hosting servers or VPS or Dedicated.

Prerequisites for Google Cloud

If you are using Google Cloud Platform to setup FTP you need the following steps to be done.

  1. A running Compute Engine, see the Setting up Compute Engine Instance with Ubuntu 18.04.
  2. Completed the initial Ubuntu server setup.

Prerequisites for AWS

  1. A running EC2 Instance. Learn how to create an AWS EC2 instance.
  2. Assigned a Elastic IP to your EC2 Instance.
  3. Successful SSH connection to your EC2 Instance.

SSH to your EC2 Instance and perform the steps listed below.

Steps to setup FTP on Google Cloud/AWS

  1. Setup you Virtual Machine Instance
  2. Completing the initial server setup
  3. Configure Firewall rules
  4. Create a new user
  5. Install VSFTP FTP server
  6. Configure FTP
  7. Verify the setup

I assume you have your server setup and configured.

Setup Firewall rules

You can configire FTP on any port you wish, now you will configure it in the default port 21, so you need to create a firewall rule to provide access to these ports.

We also open ports 40000 – 50000 for passive mode connections.

Go to VPC Network >> Firewall rules and click Create Firewall rules.

In Name enter ftp

In Targets select All instances in the network

In Source filter select IP ranges

In Source IP ranges enter

In Protocols and ports check TCP and enter 20, 21, 990, 40000-50000.

Click Create.

Allow FTP ports in UFW

If you are using UFW in your server make sure to open the port to allow connections to your server otherwise you cannot connect.

sudo ufw allow 20/tcp
sudo ufw allow 21/tcp
sudo ufw allow 990/tcp
sudo ufw allow 40000:50000/tcp

Create a new user

Now you can create a new user using the following command to test the FTP.

sudo useradd -m -c "Name, Role" -s /bin/bash username

Setup a password for that user.

sudo passwd username

Install VSFTP server

VSFTP is a Very Secure File Transfer Protocol for Linux based systems. By default AWS or Google Cloud won’t allow password based authentication to the Virtual Machine instances.

With VSFTP you can run your own FTP server and create users and assign them to any directory and prevent access to other directories using chroot also.

Now you can install VSFTP using the following command.

sudo apt install vsftpd

Once the installation is completed you can configure VSFTP.

Configure VSFTP

Start by creating a backup of the original VSFTP configuration file.

sudo cp /etc/vsftpd.conf /etc/vsftpd.conf.orig

Edit the vsftpd.conf file and make the following changes.

sudo nano /etc/vsftpd.conf

Modify the following directives.


Uncomment the following directives.


Add these configurations to the last.


Here you have configured a userlist_file which holds the list of FTP users and user_config_dir to hold the user specific configurations.

Add the user you have created before in the userlist file.

echo "username" | sudo tee -a /etc/vsftpd.userlist

This command will create a file with the name vsftpd.userlist and add the user to it and outputs the added user in the terminal.

Create a directory with the name user_config_dir to hold the user specific configurations.

sudo mkdir -p /etc/vsftpd/user_config_dir

Create a new file with the name same as the username inside this directory.

sudo nano /etc/vsftpd/user_config_dir/username

Add the following line to that file.


Save the file and exit the editor.

Finally restart VSFTP.

sudo systemctl restart vsftpd

Prevent SSH Access

Now you need to prevent SSH access to the newly created user by adding the DenyUsers directive in your sshd_config.

sudo nano /etc/ssh/sshd_config

Add the following line to the bottom of the file.

DenyUsers username other-user

You can add multiple users separated by a space.

Restart SSH.

sudo systemctl restart ssh

Prepare yourself for a role working as an Information Technology Professional with Linux operating system

Verify the Setup

Now open your FTP client and enter your server external IP address as hostname, Port as 21, username with the username you created before and with the password.

Now you will be logged in to the server and you can only access the folder that is assigned to you.


Now you have learned how to setup FTP on your VM instance on Google Cloud Platform.

Thanks for your time. If you face any problem or any feedback, please leave a comment below.


  1. Thanks a lot for the descriptive guide.
    I have followed up till the “Go to VPC Network >> Firewall rules and click Create Firewall rules” section in the tutorial.
    It seems I can’t find the appropriate section in my AWS dashboard.
    Rather, this is what I have under my VPC dashboard:
    VPC – AWS Network Firewall – Firewalls; Firewall policies; Network Firewall rule groups.

    I seem not to be able to find the appropriate section:

    In Name enter ftp

    In Targets select All instances in the network

    In Source filter select IP ranges.

    However, I created a firewall and named it ftp. The challenge is that I can’t find any Targets to select all instances in the network.

    Any help pls?

Write A Comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.