Setup ftp & sftp
3 min readFeb 24, 2021
Setting up ftp & sftp is old devops tasks. There are more mature protocol available. However, multiple companies yet using the old protocols. Let’s see how we can setup the environment.
ftp & sftp both protocol works with linux user creation process. We can add few configuration to avoid error while connecting throgh filezilla or winscp.
Create instance on google cloud
gcloud beta compute instances create ftpserver \
--project=my-dev --zone=asia-south1-a \
--machine-type=e2-medium \
--subnet=my-subnetwork --network-tier=PREMIUM --tags=ftpserver\
--maintenance-policy=MIGRATE \
--image=centos-7-v20210217 --image-project=centos-cloud \
--boot-disk-size=100GB --boot-disk-type=pd-balanced \
--boot-disk-device-name=ftpserver \
--no-shielded-secure-boot \
--shielded-vtpm --shielded-integrity-monitoring \
--reservation-affinity=anySetup network rule
gcloud compute firewall-rules create network-allow-ftp-sftp \
--project=my-dev --network=my-network \
--direction=INGRESS --priority=1000 --action=ALLOW \
--rules=tcp:21,22,1023 --source-ranges=0.0.0.0/0 \
--target-tags=ftpserverInstall & configure vsftp
sudo yum update
sudo yum install vsftpd
sudo systemctl start vsftpd
sudo systemctl enable vsftpd
sudo firewall-cmd --zone=public --permanent --add-port=21/tcp
sudo firewall-cmd --zone=public --permanent --add-service=ftp
sudo firewall-cmd –-reload
sudo firewall-cmd --reload
sudo cp /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf.default
sudo vi /etc/vsftpd/vsftpd.confChange in vsftpd configuration file
# Enable writing to the folders for linux usersanonymous_enable=NO
local_enable=YES
write_enable=YES# Create jail for user to his directory
chroot_local_user=YES
allow_writeable_chroot=YES# ssh user list
userlist_enable=YES
userlist_file=/etc/vsftpd/user_list
userlist_deny=NO
Script for creating ftp user
[root@ftpserver ~]# cat ftpuser.sh
echo creating user for $ftpuser
sudo adduser $ftpuser
sudo passwd $ftpuser
echo $ftpuser | sudo tee –a /etc/vsftpd/user_list
sudo mkdir -p /home/$ftpuser/ftp/upload
sudo chmod 550 /home/$ftpuser/ftp
sudo chmod 750 /home/$ftpuser/ftp/upload
sudo chown -R $ftpuser: /home/$ftpuser/ftp
sudo chmod a-w /home/$ftpuser
sudo systemctl restart vsftpdexport ftpuser=srikanth
sh +x ftpuser.sh
Setup sftp server configuration
vi /etc/ssh/sshd_config
# modify uncomment below
PasswordAuthentication yes# Add bottom of the configurationMatch Group sftp_users
ChrootDirectory /data/%u
ForceCommand internal-sftp
Restart services
#for ftp
systemctl restart vsftpd#for sftp
systemctl restart sshd
Script for creating sftp user
[root@ftpserver ~]# cat sftpuser.sh
echo creating user for $sftpuser
useradd -g sftp_users -d /upload -s /sbin/nologin $sftpuser
passwd $sftpuser
mkdir -p /data/$sftpuser/upload
chown -R root:sftp_users /data/$sftpuser
chown -R $sftpuser:sftp_users /data/$sftpuser/uploadexport sftpuser=mysftp
sh +x sftpuser.sh
This are traditional ways of ftp & sftp, now you can have ftp & sftp with cloud storage, check links below. You can have managed ftp or sftp instances too.
Reference:
