Gabriel Logo
Contact
Gabriel Logo
Contact

Installing FTP server (vsFTPd) on an Amazon EC2 Ubuntu 14.04 host

Nov 30, 2014 | Technology | 5 comments

Intro

When I tried to do this seemingly simple task, I could not find any one guide on the web which told me everything I needed to do, so I write it myself :-) I also ran into a bug in Ubuntu that at least shows up on Amazon: Authentication fails every time even though you are 100% sure you have the right credentials. This is tested on Ubuntu 14.04 on an Amazon EC2 instance, but it will probably work on other versions as well.

So here is what you need to do:

Step 1: Install vsFTPd

sudo apt-get update
sudo apt-get install vsftpd

Step 2: Configure vsFTPd

sudo vi /etc/vsftpd.conf

Uncomment the following lines:

write_enable=YES
local_umask=022

Step 3: Configure chroot

Enabling chroot keeps FTP users confined to their hone directory tree. This usually a recommended security practice. To do this, edit the vsftd config file again:

sudo vi /etc/vsftpd.conf

Uncomment the following line:

chroot_local_user=YES

and add this line at the end of the file:

allow_writeable_chroot=YES

Step 4: Enable Passive Mode

Usually you want to enable passive mode on an FTP server. You set aside a range of ports to use for passive FTP connections. In the example below, I use port 40000 to 40100. To enabl;e passive mode, edit the vsftpd.conf config file again:

sudo vi /etc/vsftpd.conf

Append the following lines:

pasv_enable=YES
pasv_min_port=40000
pasv_max_port=40100
port_enable=YES

Passive address resolve

Passive connections require using a routable IP address from the remote host.

Do you have a fixed IP address on your server?  If so configure by appending these lines:

pasv_addr_resolve=NO
pasv_address=<SERVER_IP_ADDRESS>

If you do not have a fixed IP address and would like to user a hostname instead, append these lines:

pasv_addr_resolve=YES
pasv_address=<SERVER_FQDN>

 

SERVER_FQDN is the fully qualified hostname of the server that remote clients can find, such as ftp.mydomain.com

Step 5: Ubuntu vsFTPd authentication bug workaround

I ran into a bug where I could not authenticate into FTP even though I was sure I was using the correct credentials. I do not know ifd this is a general bug in Ubuntu, or only affects Ubuntu on Amazon. This is how to fix the problem if you are affected as well:

sudo apt-get remove vsftpd
sudo rm /etc/pam.d/vsftpd
sudo apt-get install vsftpd

This fixed the problem for me, and it was not a problem to run these steps after configuring vsFTPd.

Step 6: Open ports in the AWS EC2 control panel

You need the following ports open in the AWS security group: TCP 20 to 21

If you configured passive mode, then you need to open up that range of ports as well, in the example above I used ports 40000 to 40100

Step 7: Restart the vsFTPd service

Finally, you should have everything you need in order to connect via FTP to your server:

sudo service vsftpd restart