How to setup FTP/SFTP server and client on AlmaLinux

FTP and SFTP are great protocols for downloading files from a remote or local server, or uploading files onto the server. FTP will suffice for some situations, but for connections over the internet, SFTP is recommended. In other words, FTP is not secure to use over an internet connection, since your credentials and data are transmitted without encryption. The ‘S’ in SFTP stands for ‘Secure’ and tunnels the FTP protocol through SSH, providing the encryption needed to establish a secure connection.

In this guide, we’ll go over the step by step instructions to setup an FTP server through VSFTP software or SFTP server through OpenSSH on AlmaLinux. Then, we’ll see how to connect to the server from a client AlmaLinux system. Setting up FTP/SFTP is a common step after installing AlmaLinux or migrating from CentOS to AlmaLinux.

In this tutorial you will learn:

  • How to setup an FTP server through VSFTPD
  • How to setup an SFTP server through OpenSSH
  • How to setup FTP and SFTP user accounts
  • How to allow FTP and SFTP through firewalld
  • How to connect to an FTP/SFTP server via command line
  • How to connect to an FTP/SFTP server via GNOME GUI
How to setup an FTP/SFTP server on AlmaLinux

How to setup an FTP/SFTP server on AlmaLinux

Software Requirements and Linux Command Line Conventions
Category Requirements, Conventions or Software Version Used
System AlmaLinux
Software VSFTPD, OpenSSH
Other Privileged access to your Linux system as root or via the sudo command.
Conventions # – requires given linux commands to be executed with root privileges either directly as a root user or by use of sudo command
$ – requires given linux commands to be executed as a regular non-privileged user

Setup an FTP server through VSFTPD

There are various software packages that one can use to setup an FTP server, but one of the best is VSFTPD. This section will show you how to install and configure VSFTPD to setup an FTP server on AlmaLinux. If FTP is note secure enough for your scenario and you would prefer to setup SFTP, scroll down to the appropriate section below.

VSFTPD installation

Install VSFTPD on your system by typing this command into the terminal:

$ sudo dnf install vsftpd

Configure FSFTPD server

  1. It’s always best practice to keep a backup copy of the original config file, just in case something goes wrong later. Let’s rename the default config file:
    $ sudo mv /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf_orig
    
  2. Create a new VSFTPD configuration file using nano or whichever text editor you prefer:
    $ sudo nano /etc/vsftpd/vsftpd.conf
    
  3. Copy the following base configuration into your file. This configuration will suffice for a basic FTP server, and can later be tweaked for the specific needs of your environment once you’ve verified this is working properly:
    anonymous_enable=NO
    local_enable=YES
    write_enable=YES
    local_umask=022
    dirmessage_enable=YES
    xferlog_enable=YES
    connect_from_port_20=YES
    xferlog_std_format=YES
    listen=NO
    listen_ipv6=YES
    
    pam_service_name=vsftpd
    userlist_enable=YES

    Paste the above lines into your newly created /etc/vsftpd/vsftpd.conf file, and then save changes and close the file.



  4. AlmaLinux’s default firewall (firewalld) will block FTP traffic by default, but the following command will create an exception to allow the traffic:
    $ sudo firewall-cmd --zone=public --add-service=ftp --permanent
    $ sudo firewall-cmd --reload
    
  5. With the configuration file saved and the firewall rules updated, restart VSFTPD to apply the new changes:
    $ sudo systemctl restart vsftpd
    

Create an FTP user

Our FTP server is ready to receive incoming connections, so now it’s time to create a new user account that we’ll use to connect to the FTP service.

  1. Use this first command to create a new account called ftpuser, and the second command to set a password for the account:
    $ sudo useradd -m ftpuser
    $ sudo passwd ftpuser
    New password: 
    Retype new password: 
    passwd: password updated successfully
    
  2. In order to verify that everything’s working properly, you should store at least one file in ftpuser‘s home directory. This file should be visible when we login to FTP in the next steps.
    $ sudo bash -c "echo FTP TESTING > /home/ftpuser/FTP-TEST"
    

Connect to FTP server via command line

Install the FTP command line utility with the following command:

$ sudo dnf install ftp

You should now be able to connect to your FTP server either by IP address or hostname. To connect from command line and verify that everything is working, open a terminal and use AlmaLinux’s ftp command to connect to your loopback address (127.0.0.1).

$ ftp 127.0.0.1
Connected to 127.0.0.1 (127.0.0.1).
220 (vsFTPd 3.0.3)
Name (127.0.0.1:root): ftpuser
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
227 Entering Passive Mode (127,0,0,1,71,72).
150 Here comes the directory listing.
-rw-r--r--    1 0        0              12 Apr 03 01:11 FTP-TEST
226 Directory send OK.
ftp>

Your output should look like the text above, indicating a successful login and a ls command that reveals our test file we created earlier.

Connect to FTP server via GNOME GUI

You can also connect to your FTP server by GUI, if you prefer. There are many options for FTP clients, but the default GNOME GUI on AlmaLinux already comes with the ability to connect to FTP servers from the file manager. Here’s how to use it to connect to your FTP server.

  1. Open the file manager from within the Activities menu.
  2. Click on “Other Locations” and enter ftp://127.0.0.1 in the “Connect to server” box at the bottom of the window and click connect.
  3. Connect to FTP server with GNOME file manager

    Connect to FTP server with GNOME file manager
  4. Enter the FTP account’s credentials that we setup earlier and click connect.
  5. Enter FTP username and password

    Enter FTP username and password
  6. Upon a successful connection, you’ll see the test file you created earlier.
  7. Successful connection to FTP server

    Successful connection to FTP server

Setup an SFTP server through OpenSSH

If you already have OpenSSH installed and enabled on AlmaLinux, then you don’t need any extra software to run an SFTP server. Follow the instructions below to make the proper configuration edits, which will turn your system into an SFTP server.

Install and configure OpenSSH

  1. If it’s not already installed, use the following command to install OpenSSH.
    $ sudo dnf install openssh-server openssh-clients
    


  2. Once SSH is installed, we need to make some changes to the SSHD configuration file. Use nano or your favorite text editor to open it:
    $ sudo nano /etc/ssh/sshd_config
    
  3. Scroll to the bottom of the file and add the following 5 lines at the very end:
    Match group sftp
    ChrootDirectory /home
    X11Forwarding no
    AllowTcpForwarding no
    ForceCommand internal-sftp
    

    The lines above will allow users in the sftp group to access their home directories via SFTP, but denies them normal SSH access, so they can never access a shell. After pasting those lines, save and close the configuration file.

  4. Restart the SSH service for these new changes to take effect:
    $ sudo systemctl restart sshd
    
  5. AlmaLinux’s default firewall (firewalld) will block SFTP/SSH traffic by default, but the following command will create an exception to allow the traffic:
    $ sudo firewall-cmd --zone=public --add-service=ssh --permanent
    $ sudo firewall-cmd --reload
    

Create SFTP user account

Now we need to create user accounts for anyone that we wish to grant SFTP access to.

  1. Create a new user group called sftp. All of our SFTP users will need to belong to this group.
    $ sudo groupadd sftp
    
  2. Next, create a new user. We’ll simply call ours sftpuser in this example. Also be sure to add this user to the sftp group.
    $ sudo useradd -m sftpuser -g sftp
    
  3. Set a password for the newly created sftpuser:
    $ sudo passwd sftpuser
    New password: 
    Retype new password: 
    passwd: password updated successfully
    
  4. Lastly, let’s grant full access to the user on their own home directory, but deny access to the directory for all other users on the system:
    $ sudo chmod 700 /home/sftpuser/
    

Our SFTP configuration is complete; now we can login to make sure everything is working properly.

Connect to SFTP server via command line

You can login via SFTP with either the hostname or IP address of your system. To test from the same system as the one you just configured SFTP on, connecting to the loopback address

127.0.0.1

will work just fine.



  1. Open a terminal and login using the sftp command:
    $ sftp sftpuser@127.0.0.1
    The authenticity of host '127.0.0.1 (127.0.0.1)' can't be established.
    ECDSA key fingerprint is SHA256:VI1OabYHoVZyVtKtDwX5HflcFpBW2txOpdBAqLtP1K8.
    Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
    Warning: Permanently added '127.0.0.1' (ECDSA) to the list of known hosts.
    sftpuser@127.0.0.1's password: 
    Connected to sftpuser@127.0.0.1.
    sftp>
    
  2. Navigate to the user’s home directory, since that’s the only place it has permissions. In here, try making a new directory to confirm that everything is working as intended:
    sftp> cd sftpuser
    sftp> mkdir sftp-test
    sftp> ls
    sftp-test          
    sftp>
    

Connect to SFTP server via GNOME GUI

You can also connect to your SFTP server by GUI, if you prefer. There are many options for SFTP clients, but the default GNOME GUI on AlmaLinux already comes with the ability to connect to SFTP servers from the file manager. Here’s how to use it to connect to your SFTP server.

  1. Open the file manager from within the Activities menu.
  2. Click on “Other Locations” and enter sftp://127.0.0.1 in the “Connect to server” box at the bottom of the window and click connect.
  3. Connect to SFTP server with GNOME file manager

    Connect to SFTP server with GNOME file manager
  4. Enter the SFTP account’s credentials that we setup earlier and click connect.
  5. Enter SFTP username and password

    Enter SFTP username and password
  6. Upon a successful connection, you’ll be able to open your home directory, where you can upload and download files.
  7. Successful connection to SFTP server

    Successful connection to SFTP server

Closing Thoughts

In this guide, we learned how to create an FTP or SFTP server on AlmaLinux. We also saw how to connect to the FTP/SFTP server via command line or GNOME GUI. We were able to accomplish this functionality through VSFTPD and OpenSSH, which allow us to host FTP or SFTP, respectively.