Introduce

The file transfer protocol (FTP) and secure file transfer protocol (SFTP) or SSH File Transfer Protocol are popular protocols that are used to download files from a remote or local server or upload files onto the server.

FTP is not recommended for connections over the internet because it relies on plain text passwords for authentication and does not use encryption. SFTP is usable instead of FTP since it tunnels the FTP protocol through SSH, providing the encryption needed to establish a secure connection.

This article provides step-by-step instructions to create an FTP server and account through VSFTP software or an SFTP server through OpenSSH on AlmaLinux.

1. Install vsftpd on AlmaLinux 8

The first thing we need to do is to install the Very Secure FTP Daemon which is available in the default AlmaLinux 8 repositories.

dnf update
dnf install vsftpd -y

Once the installation is successful, verify the installed version of Vsftpd as below.

rpm -qi vsftpd 

Once the installation is complete, We start the vsftpd service and enable it to start automatically at system boot.

systemctl start vsftpd
systemctl enable vsftpd

Check the status of the service.

systemctl status vsftpd

2. Create the FTP User and User Directory

We need to create and grant dedicated user access to the FTP server. We will create the user as below.

adduser green
passwd green

With the user and password created as above, proceed and create the FTP directories with the necessary permissions.

mkdir -p /home/green/ftp_folder
chmod -R 750 /home/green/ftp_folder
chown green: /home/green/ftp_folder

To grant the user access to the Vsftpd server, add them to the /etc/vsftpd/user_list file.

bash -c 'echo green >> /etc/vsftpd/user_list'

3. Configure vsftpd on AlmaLinux 8.

We need to make some adjustments to the Vsftpd config file accessed as below.

nano /etc/vsftpd/vsftpd.conf

With the file opened, make the below adjustments:

• Allow remote access to local users then block anonymous users.

anonymous_enable = NO
local_enable = YES

• Grant user permission to run ant FTP commands.

write_enable = YES

• Restrict user access to their home directory only and grant the write permissions.

chroot_local_user=YES
allow_writeable_chroot=YES

• Set custom ports to enable passive FTP connections.

pasv_min_port=30000
pasv_max_port=31000

• Allow dedicated Vsftpd users in the user_list file to access the FTP server.

userlist_file=/etc/vsftpd/user_list
userlist_enable=YES
userlist_deny=NO

With the above changes made, restart the server.

systemctl restart vsftpd

4. Open FTP Ports on Firewalld

Based on the above configuration, we have set the passive communication port range between 30000-31000. We now need to allow these ports through the firewall. Also, we need to allow port range 20-21 for FTP data and traffic.

firewall-cmd --permanent --add-port=20-21/tcp
firewall-cmd --permanent --add-port=30000-31000/tcp

Apply the changes to the firewall daemon.

firewall-cmd --reload

 

5. Test FTP using FTP Client(Filezilla)

Finally test FTP connection using FileZilla or WinSCP Client softwares.

Input your Server’s IP or Hostname in the Host Field, Name of the FTP user created earlier in the Username Field and finally your Password.

If you have configured a different port for this, you wil have to mention in it in the Port Field.

Connect to FTP Server Via Command Line

First, we install the FTP command-line utility with the following command:

dnf install ftp

You should now be able to connect to your FTP server either by IP address or hostname:

ftp serverIP

Summary.

We triumphantly configured the Vsftpd FTP Server on AlmaLinux 8. You can now share files securely over the private tunnel. I hope this was significant to you.