This will work for ubuntu server on AWS or any other cloud provider / Dedicated hosting.
🛠️ Step 1: Update Your System
Before installing anything, make sure your system is up to date:
📦 Step 2: Install VSFTPD
Install the FTP server package from Ubuntu’s official repository:
Once installed, check the service status:
You should see it running. If not, start it manually:
🔐 Step 3: Configure VSFTPD
Create a copy of configuration file for back up
Now create a new configuration file
..and paste the following in this
To save file and exit, press CTRL + X, press Y and then press ENTER.
Restart vsftpd
👤 Step 4: Create an FTP User
Now we need to create ftp user. Let us say ftp username is ftpuser
Set a password and follow the prompts. You may simply keep pressing enter for all prompts other than password.
Optional: Restrict ftpuser to FTP-only access
If you want to ensure that ftpuser can access the server only via FTP and not through SSH, you can disable their SSH login by adding their username to the SSH configuration blacklist. If SSH access is acceptable, feel free to skip to Step 4.
To edit the SSH configuration file, run:
If you have created more than one ftpusers then you may add all of them in same line separated by spaces like following
📁 Step 5: Set Up FTP Directory
We have now two options:
A.) Option-1 : Upload to web root directory (/var/www/html or /var/www/virtual-host-directory)
B.) Option-2 : Upload to home directory.
A.) Option-1: Upload to web root directory (/var/www/html or /var/www/virtual-host-directory)
If you have not created multiple virtual host, then your default web server root will be /var/www/html. We will make /var/www the home directory for our ftp user
Following will allow our FTP user to write and alter files in the document root directory.
B.) Option-2 : Upload to home directory.
If you'd prefer the user to upload files directly within their home directory, start by creating a folder named ftp inside their home directory, followed by a subfolder called files. In the example below, the username is ftpuser:
Set the ownership of the ftp directory to no nobody:nogroup.
Set directory permissions to comply with VSFTPD requirements
To ensure VSFTPD allows login, you must make the ftp directory non-writable for all users. Use the chmod command as shown below:
Next, let’s create a subdirectory inside /ftp where the user will be able to browse and upload files.
Assign ownership of this directory to our new FTP user otherwise they will not be able to write to it.
Now open config file again
And copy and paste following at the bottom
To save file and exit, press CTRL + X, press Y and then press ENTER.
Restart vsftpd
Step 6 : Configure Firewall
If you haven’t enabled the UFW firewall yet on Ubuntu , it’s strongly recommended to do so. However, before activating it, ensure you’ve added a rule to allow SSH connections—otherwise, you risk being locked out of your server if you're accessing it remotely. If you prefer not to configure a firewall, feel free to skip this step.
We'll begin by opening ports 20 and 21 to support standard FTP operations. Next, we'll allow the range 40000–50000 for passive FTP connections. Additionally, we'll open port 990 to prepare for TLS encryption, which will be configured in a later step.
Go ahead and enable the firewall if it’s not already active. If prompted about potential disruption to your SSH connection, simply press Y followed by ENTER to proceed.
Check firewall status
Note : If you are using AWS ec2, then instead of firewall, use security group to allow ports
Step 7: Test FTP
It's time to test vsftpd by attempting to log in with the user account you set up earlier. We suggest using FileZilla, a reliable FTP client compatible with Windows, macOS, and Linux.
Launch FileZilla, enter your server’s IP address, the FTP username and password you previously created, then click Quickconnect to initiate the connection.
Once connected, FileZilla should indicate a successful login. To verify that file permissions are correctly configured, try uploading files, creating folders, and editing content within your web root directory.
You may notice a warning in FileZilla stating: “Status: Insecure server, it does not support FTP over TLS.” To secure your FTP connection and protect login credentials and data, it’s strongly recommended to configure TLS at this stage.
If you encounter login issues, consult the vsftpd log for troubleshooting. To view the latest 200 entries, use the following command:
Step 8. Secure FTP with TLS (Recommended)
Keep in mind that FTP does not encrypt data by default, which means your login credentials and transferred files are exposed to potential interception. To secure your connection, it's recommended to use FTPS—FTP layered with SSL/TLS encryption—when accessing vsftpd.
To get started, we'll generate a new SSL certificate using the openssl tool.
Keep pressing enter when it asks to fill details like country, company name etc to use default.
With your private key successfully generated, the next step is to update the vsftpd configuration file to enable TLS support.
Open the configuration file using the nano editor:
Paste the following at bottom:
Save and exit (press CTRL + X, press Y, then press ENTER)
Restart vsftpd.
Now, test the connection again using FileZilla. Once connected, you should see a padlock icon at the bottom-right corner of FileZilla.
“By following this guide, you can successfully install and secure VSFTPD on Ubuntu 20.04/22.04. Whether on AWS, DigitalOcean, or a dedicated server, this setup ensures secure and reliable file transfers.”
That’s it—we’re all set! Feel free to drop any questions if you have them.
❓ Frequently Asked Questions (FAQ) about VSFTPD on Ubuntu
1. How do I connect to VSFTPD in Ubuntu?
You can connect to your VSFTPD server using an FTP client like FileZilla. Enter your server’s IP address, FTP username, and password, then click Quickconnect. Make sure ports 20, 21, and 40000–50000 are open in your firewall or cloud security group.
2. Is VSFTPD secure?
Yes. VSFTPD stands for Very Secure FTP Daemon and is considered one of the most secure FTP servers available. By enabling TLS/SSL encryption, you can protect login credentials and data during file transfers.
3. Which ports should I open for VSFTPD on Ubuntu?
You need to open:
- Port 20 & 21 → For FTP control and data
- Ports 40000–50000 → For passive FTP connections
- Port 990 → For FTPS (FTP over TLS/SSL)
If you’re on AWS, make sure to allow these ports in your EC2 security group.
4. How do I enable TLS in VSFTPD?
To enable TLS:
- Generate a new SSL certificate with
openssl. - Update
/etc/vsftpd.confwithssl_enable=YESand certificate paths. - Restart VSFTPD using:
After this, connect again with FileZilla—you should see a padlock icon confirming TLS is active.
5. What is the default VSFTPD configuration file in Ubuntu?
The main configuration file is located at:
It controls settings like anonymous access, passive ports, TLS, and user directory rules.
6. Can I restrict FTP users from accessing SSH?
Yes. If you want an FTP-only user, add their username in the SSH configuration blacklist:
Restart SSH with:
0 Comments