How to set up a Secure File Transfer Protocol

How to set up a Secure File Transfer Protocol

Week 6 with Altschool

Week 6

This week was a slow week, more like, a lazy week. I don't know where the spirit of laziness came from but its stench was all over me. I hope to overcome it in week 7, because there's no room for laziness on this journey. Notwithstanding, I learnt the following this week.

I leant about Systemd. This was kind of a tricky topic to understand for me, I'm still not exactly sure how to navigate it, but i am thankful for Google and Youtube for further research. I also learnt about Security and CIS Benchmarks, Firewalls (Uncomplicated Firewall (ufw), and iptables. We were given a task at the end of the LMS session to play around the benchmark and see if we can implement at least 10 of them from the bulk.

Further into the week, I learnt how to install an sftp server; This is a Secure File Transfer Protocol service used in transferring files between clients and servers over the internet. sftpd has its own protocols

How to set up a Secure File Transfer Protocol

To do this, type the following commands on your terminal step by step:

apt install vsftpd this will install the service. vsftp means Very Secure File Transfer Protocol

systemctl status vsftpd to confirm the status is active and running

systemctl enable --now vsftpd to enable it run on boot

you have to allow the service on ufw using the following commands to enable the following ports.

ufw allow 20/tcp

ufw allow 21/tcp

ufw allow 990/tcp

ufw allow 5000:10000/tcp this will allow ports from the range 5000-10000. we allowed this because we want to allow passive mode.

create a user "ftpuser" using adduser ftpuser command

Edit /etc/ssh/sshd file and deny ftpuser permission/access to ssh, meaning that the user cannot use ssh to communicate.

DenyUsers ftpuser: this is what i typed at the bottom of the file using vi, nano can be used too


Restart the system using the command systemctl restart sshd then create a directory ftp for the user mkdir ftp

Edit the configuration file nano /etc/vsftpd.conf and edit passive mode. This is just making the file production ready for sftp connection with a server. The connection will be done with port 21 but it will remain open on a passive mode. Add this configuration in your file `#Passive Mode for VSFTP communication with our server pasv_min_port=5000 pasv-max-port=10000

#Location to store the files on sftp server local_root=/home/vagrant/ftp`


then restart system systemctl restart --now vsftpd

You can make a direct ftp connection to the server using fileZilla server, To do this

Change owner of the file with this command chown ftpuser ftp to enable the connection then nano /etc/vsftpd.conf and include to your file allow write_enable=YES anon_mkdir_write_enabled


Then restart again with systemctl restart --now vsftpd

I wasn't able to practice using fileZilla because for some reasons yet unknown , I can't seem to access filezilla page from my browser. However, if you followed the steps to this point, you have succeeded in installing vsftp, making a user, done some configuration to the file and given only that user access to the folder. If you didn't and you have any questions, please ask your questions in the comment section.

Thank you for reading