Setting up FTP in Ubuntu Web Server(in MS Azure) using vsftpd

FTP(File Transfer Protocol) is a network protocol basically used for transferring files between a client and a server over a communication network. Various FTP clients with the capabilities of SFTP, FTPS are available. However, in this article we will be looking into plain old simple FTP.

In order for a sever to allow FTP access to its clients, it has to listen to client request on specific ports and the default port is 21. FTP may either run in active or passive mode.

In an active mode, client connects through port N(where N >1023) to the server on FTP server’s port 21. Then client starts listening on ports usually over N+1. Once client’s port is determined, server connects to the client from server’s local port that is 20.

In a passive mode, client initiates both connections to the server by opening two random ports N(N>1023) and N+1. The first port communicates with server’s port 21 and then sends a passive(PASV) command to the server and receives server’s IP address. Sending passive command informs server to open an unprivileged port (ports over 1023) and sends acknowledgement to the client. Finally client initiates the connection from port N+1 to server’s assigned unprivileged port. For this tutorial we will be using ports 40000 to 50000 as unprivileged ports for client to connect to the server.

Before we begin installing vsftpd, lets configure inbound port rules in the Virtual Machine in Microsoft Azure. The image below shows what rules are to be added.

Port range of 20-21 is added
Port range of 40000-50000 is added for the purpose of passive FTP. Any range of port above 1023 can be used for this case.

Once we are done setting up inbound port rules we can proceed with installing vsftpd

sudo apt install vsftpd

Check if firewall is setup in Ubuntu Web Server. If not we will enable firewall and add all the port rules we set up in MS Azure to our server. Following commands can be used

sudo ufw status

sudo ufw enable

sudo ufw allow 20:21/tcp

sudo ufw allow 40000:50000/tcp

Now, we have got the basics for FTP done. All we need now a FTP user and the path the user can access in the server. Its best practice to restrict a user to a specific directory and give control only to that directory and its sub directories and not the parent directory. So, we create user

sudo adduser ftpclient

And we create directory for the user to access. Here we are creating two directories using -p option. mysite is the parent directory and public_html – the child directory are two new directories created

sudo mkdir -p /var/www/mysite/public_html

We would restrict the ftpclient user to only public_html directory so we set some permission for that user

sudo chown ftpclient:ftpclient /var/www/mysite

sudo chown ftpclient:ftpclient /var/www/mysite/public_html

sudo chmod 755 /var/www/mysite/public_html

Now lets create a file where we write in the user that we have created. So this file should contain ftpclient in a single line. You will realize why we are doing this in upcoming steps. For now lets get on with it.

sudo nano /etc/vsftpd.users

We have now created user and directories the use can access to. However, simple creating the structure is not enough. We now do the real deal, that is, configuring the FTP server. For this, we use vsftpd.conf file in /etc directory.

Note:It’s better to backup vsftpd.conf before editing

sudo nano /etc/vsftpd.conf

Following are the settings that need to be uncommented in this file

write_enable=YES
chroot_local_user=YES

Add following lines anywhere in the file

allow_writeable_chroot=YES

local_root=/var/www/ftpclient/public_html
pasv_min_port=40000
pasv_max_port=50000
userlist_enable=YES
userlist_file=/etc/vsftpd.users
userlist_deny=NO

After editing, save the file and restart vsftpd

sudo systemctl restart vsftpd

Then you can connect using FTP using username and password of the user ftpclient

ftp -p <ip_of_your_server>

Here is the video of vsftpd setup

Public Key Encryption Using SSH

Let’s look at what SSH means and why it’s one of the necessities towards securing communication between two remote machines. SSH, commonly known as Secure Socket Shell, is a network protocol that allow users a proper and secure communication mechanism with a remote computer over an unsecured network. One of its core functionalities include providing a secure channel- by authenticating and encrypting the channels between two computers that are usually connected over an open network.

In this article we will be looking as to how we can set up SSH in Linux and demonstrate a process of generating keys and implementing Public Key Encryption.

NOTE: ALL OF THIS IS PERFORMED IN CLIENT SIDE. YOU ONLY NEED TO COPY PUBLIC KEY TO THE SERVER USING ssh-copy-id

Let’s get started by installing ssh in our Linux distribution

sudo apt-get install ssh

And now the fun begins. Once installation is complete, we start ssh.

sudo service ssh start

ssh supports various key generation algorithms like RSA, ECDSA, DSA, . For this tutorial we will be using RSA method. In order to generate key we use

ssh-keygen -t rsa //ssh-keygen also generates rsa as its the default method

First, you will need to enter the path as suggested which you would need to save in .ssh directory.

Now, you will be prompted to enter a passphrase. Remember, it as you will need it to login to the server. Two types of keys are generated after a complete execution of the command. One is public key(which will be named as server.pub in this case as we have provided server as file name. Refer to the image above) and as the name suggests, this key is the one you will be handing the computer where you would want to log in. Another is a private key(named as server), which should be kept with you and only you(or your computer in this case). Combination of public key and private key will be used for authenticating your passphrase.

We then have to give the server our public key. We can copy our public key to the server directly using

ssh-copy-id server@server-ip-address

Note: For some reason, there may be an issue using this command. One of the general reasons is that server may not have .ssh directory in its home path. If the command doesn’t execute, you should manually create .ssh directory in by logging in to server.

You should now be able to login to server using passphrase you assigned while generating key.

ssh server@server-ip-address

Step by Step Guide for Setting up LAMP

For a basic complete web server implementation, various components needs to be installed namely – Apache, PHP and MySQL

Step 1: Installing Apache

Installing apache in various Linux distribution is same as installing any other package. You need to use apt-get command.

sudo apt-get install apache2

Step 2: Installing MySQL

Similar to installing Apache, following command will install MySQL

sudo apt-get install mysql-server

Securing MySQL is a priority. In order to do this with a password, use this command

sudo mysql_secure_installation

Executing this command will prompt for a password. This password would be required in order to access any database so be sure to use a strong and secure one.

In order to be able to execute any SQL commands such as creating databases, tables or adding any form of data, you need to be in SQL prompt. Thus, start MySQL server and then login as root providing the password entered during secure installation.

systemctl start mysql

sudo /usr/bin/mysql -u root -p

You should have mysql> as your prompt meaning that you are now able to execute any sql queries. Use exit; to return back to original linux path;

Step 3: Installing PHP

You would need several packages to install fully functional PHP. Install packages depending upon your requirement.

sudo apt-get install php-pear php-fpm php-dev php-zip php-mysql php-xmlrpc php-xml libapache2-mod-php

Once you are done installing, you should restart apache. To confirm if PHP has been installed or not, you can simply use a well known PHP function echo as shown below from linux terminal.

sudo service apache2 restart

php -r ‘echo “PHP should be working if this text is printed.\n”;’

That is all required for proper functioning of a web server. You can check by accessing ‘localhost’ in your machine. Try adding and accessing some PHP files in /var/www/html/ directory to ensure its working properly.

Note: Follow this link to check for any additional packages that may be required for PHP