FTP and SFTP are great protocols for downloading files from a remote or local server, or uploading files onto the server. FTP will suffice for some situations, but for connections over the internet, SFTP is recommended. In other words, FTP is not secure to use over an internet connection, since your credentials and data are transmitted without encryption. The ‘S’ in SFTP stands for ‘Secure’ and tunnels the FTP protocol through SSH, providing the encryption needed to establish a secure connection.
In this guide, we’ll go over the step by step instructions to setup an FTP server through VSFTP software or SFTP server through OpenSSH on AlmaLinux. Then, we’ll see how to connect to the server from a client AlmaLinux system. Setting up FTP/SFTP is a common step after installing AlmaLinux or migrating from CentOS to AlmaLinux.
In this tutorial you will learn:
- How to setup an FTP server through VSFTPD
- How to setup an SFTP server through OpenSSH
- How to setup FTP and SFTP user accounts
- How to allow FTP and SFTP through firewalld
- How to connect to an FTP/SFTP server via command line
- How to connect to an FTP/SFTP server via GNOME GUI
|Category||Requirements, Conventions or Software Version Used|
|Other||Privileged access to your Linux system as root or via the
# – requires given linux commands to be executed with root privileges either directly as a root user or by use of
$ – requires given linux commands to be executed as a regular non-privileged user
Setup an FTP server through VSFTPD
There are various software packages that one can use to setup an FTP server, but one of the best is VSFTPD. This section will show you how to install and configure VSFTPD to setup an FTP server on AlmaLinux. If FTP is note secure enough for your scenario and you would prefer to setup SFTP, scroll down to the appropriate section below.
Install VSFTPD on your system by typing this command into the terminal:
$ sudo dnf install vsftpd
Configure FSFTPD server
- It’s always best practice to keep a backup copy of the original config file, just in case something goes wrong later. Let’s rename the default config file:
$ sudo mv /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf_orig
- Create a new VSFTPD configuration file using nano or whichever text editor you prefer:
$ sudo nano /etc/vsftpd/vsftpd.conf
- Copy the following base configuration into your file. This configuration will suffice for a basic FTP server, and can later be tweaked for the specific needs of your environment once you’ve verified this is working properly:
anonymous_enable=NO local_enable=YES write_enable=YES local_umask=022 dirmessage_enable=YES xferlog_enable=YES connect_from_port_20=YES xferlog_std_format=YES listen=NO listen_ipv6=YES pam_service_name=vsftpd userlist_enable=YES
Paste the above lines into your newly created
/etc/vsftpd/vsftpd.conffile, and then save changes and close the file.
- AlmaLinux’s default firewall (firewalld) will block FTP traffic by default, but the following command will create an exception to allow the traffic:
$ sudo firewall-cmd --zone=public --add-service=ftp --permanent $ sudo firewall-cmd --reload
- With the configuration file saved and the firewall rules updated, restart VSFTPD to apply the new changes:
$ sudo systemctl restart vsftpd
Create an FTP user
Our FTP server is ready to receive incoming connections, so now it’s time to create a new user account that we’ll use to connect to the FTP service.
- Use this first command to create a new account called
ftpuser, and the second command to set a password for the account:
$ sudo useradd -m ftpuser $ sudo passwd ftpuser New password: Retype new password: passwd: password updated successfully
- In order to verify that everything’s working properly, you should store at least one file in
ftpuser‘s home directory. This file should be visible when we login to FTP in the next steps.
$ sudo bash -c "echo FTP TESTING > /home/ftpuser/FTP-TEST"
Connect to FTP server via command line
Install the FTP command line utility with the following command:
$ sudo dnf install ftp
You should now be able to connect to your FTP server either by IP address or hostname. To connect from command line and verify that everything is working, open a terminal and use AlmaLinux’s
ftp command to connect to your loopback address (127.0.0.1).
$ ftp 127.0.0.1 Connected to 127.0.0.1 (127.0.0.1). 220 (vsFTPd 3.0.3) Name (127.0.0.1:root): ftpuser 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> ls 227 Entering Passive Mode (127,0,0,1,71,72). 150 Here comes the directory listing. -rw-r--r-- 1 0 0 12 Apr 03 01:11 FTP-TEST 226 Directory send OK. ftp>
Your output should look like the text above, indicating a successful login and a
ls command that reveals our test file we created earlier.
Connect to FTP server via GNOME GUI
You can also connect to your FTP server by GUI, if you prefer. There are many options for FTP clients, but the default GNOME GUI on AlmaLinux already comes with the ability to connect to FTP servers from the file manager. Here’s how to use it to connect to your FTP server.
- Open the file manager from within the Activities menu.
- Click on “Other Locations” and enter
ftp://127.0.0.1in the “Connect to server” box at the bottom of the window and click connect.
- Enter the FTP account’s credentials that we setup earlier and click connect.
- Upon a successful connection, you’ll see the test file you created earlier.
Setup an SFTP server through OpenSSH
If you already have OpenSSH installed and enabled on AlmaLinux, then you don’t need any extra software to run an SFTP server. Follow the instructions below to make the proper configuration edits, which will turn your system into an SFTP server.
Install and configure OpenSSH
- If it’s not already installed, use the following command to install OpenSSH.
$ sudo dnf install openssh-server openssh-clients
- Once SSH is installed, we need to make some changes to the SSHD configuration file. Use nano or your favorite text editor to open it:
$ sudo nano /etc/ssh/sshd_config
- Scroll to the bottom of the file and add the following 5 lines at the very end:
Match group sftp ChrootDirectory /home X11Forwarding no AllowTcpForwarding no ForceCommand internal-sftp
The lines above will allow users in the
sftpgroup to access their home directories via SFTP, but denies them normal SSH access, so they can never access a shell. After pasting those lines, save and close the configuration file.
- Restart the SSH service for these new changes to take effect:
$ sudo systemctl restart sshd
- AlmaLinux’s default firewall (firewalld) will block SFTP/SSH traffic by default, but the following command will create an exception to allow the traffic:
$ sudo firewall-cmd --zone=public --add-service=ssh --permanent $ sudo firewall-cmd --reload
Create SFTP user account
Now we need to create user accounts for anyone that we wish to grant SFTP access to.
- Create a new user group called
sftp. All of our SFTP users will need to belong to this group.
$ sudo groupadd sftp
- Next, create a new user. We’ll simply call ours
sftpuserin this example. Also be sure to add this user to the
$ sudo useradd -m sftpuser -g sftp
- Set a password for the newly created sftpuser:
$ sudo passwd sftpuser New password: Retype new password: passwd: password updated successfully
- Lastly, let’s grant full access to the user on their own home directory, but deny access to the directory for all other users on the system:
$ sudo chmod 700 /home/sftpuser/
Our SFTP configuration is complete; now we can login to make sure everything is working properly.
Connect to SFTP server via command line
You can login via SFTP with either the hostname or IP address of your system. To test from the same system as the one you just configured SFTP on, connecting to the loopback address
will work just fine.
- Open a terminal and login using the sftp command:
$ sftp email@example.com The authenticity of host '127.0.0.1 (127.0.0.1)' can't be established. ECDSA key fingerprint is SHA256:VI1OabYHoVZyVtKtDwX5HflcFpBW2txOpdBAqLtP1K8. Are you sure you want to continue connecting (yes/no/[fingerprint])? yes Warning: Permanently added '127.0.0.1' (ECDSA) to the list of known hosts. firstname.lastname@example.org's password: Connected to email@example.com. sftp>
- Navigate to the user’s home directory, since that’s the only place it has permissions. In here, try making a new directory to confirm that everything is working as intended:
sftp> cd sftpuser sftp> mkdir sftp-test sftp> ls sftp-test sftp>
Connect to SFTP server via GNOME GUI
You can also connect to your SFTP server by GUI, if you prefer. There are many options for SFTP clients, but the default GNOME GUI on AlmaLinux already comes with the ability to connect to SFTP servers from the file manager. Here’s how to use it to connect to your SFTP server.
- Open the file manager from within the Activities menu.
- Click on “Other Locations” and enter
sftp://127.0.0.1in the “Connect to server” box at the bottom of the window and click connect.
- Enter the SFTP account’s credentials that we setup earlier and click connect.
- Upon a successful connection, you’ll be able to open your home directory, where you can upload and download files.
In this guide, we learned how to create an FTP or SFTP server on AlmaLinux. We also saw how to connect to the FTP/SFTP server via command line or GNOME GUI. We were able to accomplish this functionality through VSFTPD and OpenSSH, which allow us to host FTP or SFTP, respectively.