How do I set up an FTP server and an FTP user on my Lightsail instance?
I want to set up an FTP server and FTP user on my Lightsail instance running Amazon Linux 2, CentOS, Ubuntu or Debian. How can I do this?
Resolution
Note: FTP transmits all data and passwords as plain text. SFTP is a more secure way to connect to your instance and transmit data. For information on using SFTP, see Connecting to your Linux or Unix instance in Amazon Lightsail using SFTP. For information on creating an SFTP user, see How do I create an SFTP user on my Lightsail instance?
1. Run the following command to install the VSFTPD package:
Amazon Linux 2 and CentOS
sudo yum install vsftpd -y
Ubuntu and Debian
sudo apt install vsftpd -y
2. Edit the vsftpd.config file to change the variables needed for your environment.
The vsftpd.config file location varies depending on your operating system:
- Amazon Linux 2 and CentOS: /etc/vsftpd/vsftpd.conf
- Debian and Ubuntu: /etc/vsftpd.conf
Change the variables in the following example as needed for your environment:
anonymous_enable=NO
local_enable=YES
write_enable=YES
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=NO
xferlog_std_format=YES
chroot_local_user=YES
allow_writeable_chroot=YES
chroot_list_file=/etc/vsftpd/chroot_list
listen=YES
pam_service_name=vsftpd
userlist_enable=YES
userlist_file=/etc/vsftpd/user_list
userlist_deny=NO
listen_port=10021
pasv_enable=YES
pasv_min_port=21000
pasv_max_port=21999
pasv_addr_resolve=NO
Note: Port 21 is the default port for FTP. You can use port 21. However, in the preceding example, for security reasons custom port 10021 is the port for FTP. To customize the port, change the listen_port to the port that you want use and set connect_from_port_20 to NO. Make sure that you activate the ports that you’re planning to use for FTP on your instance firewall. For the preceding example, ports 10021 and 21000-21999 are activated on the custom and Lightsail firewall.
3. Run the following command to add the FTP user:
sudo adduser --home /home/ftp_user ftp_user
Note: In the preceding example, replace ftp_user with a user name of your choice.
4. Run the following command to create a password for the user:
sudo passwd ftp_user
5. Run the following command to change the ownership of the /home/ftp_user file. This command makes ftp_user the file owner.
sudo chown ftp_user:ftp_user -R /home/ftp_user/
6. Run the following command to add the new user to the vsftpd user_list. Use the -a flag to append to the file.
Amazon Linux 2 and CentOS
sudo echo "ftp_user" | sudo tee -a /etc/vsftpd/user_list
Debian and Ubuntu
Run the following command to create the userlist file and add the new user to the file:
sudo echo "ftp_user" | sudo tee -a /etc/vsftpd.userlist
7. Restart the vsftpd service:
sudo systemctl restart vsftpd
8. Connect to the FTP server. The following example uses Filezilla plain FTP.
Status: Connecting to 54.xxx.xxx.x2:10021...
Status: Connection established, waiting for welcome message...
Status: Plain FTP is insecure. Please switch to FTP over TLS.
Status: Logged in
Status: Retrieving directory listing...
Status: Server sent passive reply with unroutable address. Using server address instead.
Status: Calculating timezone offset of server...
Status: Timezone offset of server is 0 seconds.
Status: Directory listing of "/" successful
Status: Connecting to 54.xxx.1xx.52:10021...
Status: Connection established, waiting for welcome message...
Status: Plain FTP is insecure. Please switch to FTP over TLS.
Status: Logged in
Status: Starting upload of C:\Users\Administrator\Documents\FTPtest.txt
Status: Server sent passive reply with unroutable address. Using server address instead.
Status: File transfer successful, transferred 10 bytes in 1 second
Status: Retrieving directory listing of "/"...
Status: Server sent passive reply with unroutable address. Using server address instead.
Status: Directory listing of "/" successful
Troubleshoot FTP server setup
Incorrect options in vsftpd.conf file can cause the vsftpd service go down. If you can’t start it, then run the following command to find which options aren’t configured correctly:
Amazon Linux 2 and CentOS
sudo /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf
Debian and Ubuntu
sudo /usr/sbin/vsftpd /etc/vsftpd.conf
Add passive listen ports
Custom | TCP |
21000 –> 21999
|
Custom | TCP |
21
|
Restart vsftd service in the server and connect now.