Install FTP over SSL in Ubuntu / KodiBuntu

Install FTP over SSL in Ubuntu / KodiBuntu

We will explore how to install a FTP server on your HTPC and secure it with an encrypted connection via OpenSSL. You will be able to transfer some files world wide directly into your HTPC and everything will be unreadable to anyone who try to intercept data between your client/server connection. In order world, it will avoid anyone to access your username and password or anything you don’t want them to see in you HTPC.

1. FTP via VSFTPD on Ubuntu and KodiBuntu

Here is how to install, configure and restart vsftpd on Ubuntu and Kodibuntu.

Install:

sudo apt-get install vsftpd

Start / Stop / Restart :

start : sudo start vsftpd

stop: sudo stop vsftpd

restart: sudo restart vsftpd

Disable vsftpd on BOOT:

By default vsftpd will be enabled on boot. You can locate a file that should be located here: /etc/init/vsftpd.conf. Just move this file to another location to keep the backup and it will no longer boot on Kodibuntu startup.

Config File:

Backup the config file before doing anything on it: cp /etc/vsftpd.conf /etc/vsftpd.original

Edit vsftpd config file: nano /etc/vsftpd.conf

Read the Manual: man vsftpd.conf

Jail CHROOT / User List:

We strongly suggest to enable the jail chroot in order to avoid any user to reach all the files on the system. If no jail is setup, every user will be able to climb up to the root folder ( / ) and acces all the files.

In order to tell what directory is jailed per user we need a userlist:

  1. create a folder:
    sudo mkdir -p /etc/vsftpd/users
  2. Add this to the config file
    sudo nano /etc/vsftpd.conf

    #Enable a user list to restraint user access
    userlist_enable=YES
    userlist_deny=NO
    user_config_dir=/etc/vsftpd/users
    
    #Enable the jail chroot for the users
    chroot_local_user=YES
    allow_writeable_chroot=YES
    
    #some extra permissions
    local_enable=YES
    write_enable=YES
    local_umask=022
  3. Create a vsftpd.user_list file and grant users to it:
    sudo echo "user01" | sudo tee /etc/vsftpd.user_list
  4. goto the folder you created:
    cd /etc/vsftpd/users
  5. create a file with named with the username you want to grand access to:
    sudo touch user01
  6. Change permission:
    sudo chmod 740 user01
  7. Edit file:
    sudo nano /etc/vsftpd/users

    #grant write access to this user
    write_enable=YES
    
    #jailed folder:
    local_root=/home/user01
    
    #the mask for new file created
    local_umask=022
    
  8. Restart vsftpd: sudo restart vsftpd

 

Secure your ftp with openssl:

To avoid someone who is sniffing your connection to grap data such as your ftp username / password, you can encrypt everything between your ftp server and client. To do so, you’ll need a custom SSL certificate and hook it up in your vsftpd config.

  1. Create your SSL certificate: Create SSL certficates to secure your HTPC servers
  2. Add this to the config file
    sudo nano /etc/vsftpd.conf

    #Enable SSL
    ssl_enable=YES
    
    #If you don't wan't anonymous
    allow_anon_ssl=NO
    
    #force SSL connections
    force_local_logins_ssl=YES
    
    #you should at least enable this if you enable ssl...
    ssl_tlsv1=YES
    ssl_sslv2=NO
    ssl_sslv3=NO
    #set the path of the pem file (you could always set 
    #the path the the crt and key file separetly)
    rsa_cert_file=/etc/ssl/custom/server.pem
    rsa_private_key_file=/etc/ssl/custom/server.pem
    

 

 2. Connect to your secure ftp via FilleZilla:

Create a new site via the site manager as shown in the image below:

  1. Click the Open the site Manager button
  2. Create New Site Button
  3. Host: Enter server ip address
  4. Change the protocol to: FTP – File Transfer Protocol
  5. Change the Encryption to: Require explicit FTP over TLS
  6. Logon Type : Ask for password
  7. User: your linux username

filezille_sslconnection