Setting Up FTP on AWS EC2 with vsftpd
At times, you might need to set up an FTP server on your Amazon Cloud EC2 instance. Using vsftpd (Very Secure FTP Daemon) is a popular choice due to its simplicity and security features. This guide will walk you through getting vsftpd up and running on your EC2 instance, complete with secure configurations.
Step 1: Install vsftpd
To start, you’ll need to SSH into your EC2 instance. If you’re not familiar with SSH, follow this AWS guide on connecting to your instance.
Once connected, install vsftpd by running:
sudo yum install vsftpd
This will fetch and install the package for you.
Step 2: Configure Security Group Rules
FTP uses specific ports, so you’ll need to adjust your EC2 Security Group settings to allow these ports. In the AWS Management Console:
- Navigate to EC2 > Security Groups.
- Select the security group associated with your instance.
- Choose the Inbound rules section and click on Edit.
Add the following Custom TCP rules:
- Port Range: 20-21
- Port Range: 1024-1048
For both, you can set the Source to ‘Anywhere’, although it’s more secure to limit it to specific IP addresses if possible.
Security consideration: Limiting access to specific IP addresses can help mitigate unauthorized access. However, if your IP is dynamically assigned, this can complicate access, so weigh the options carefully.
Step 3: Update the Configuration File
Edit the vsftpd configuration file using a text editor:
sudo vi /etc/vsftpd/vsftpd.conf
Disable anonymous FTP access for security:
anonymous_enable=NO
Enable passive mode and define your port range. Also, set the machine’s public IP:
pasv_enable=YES
pasv_min_port=1024
pasv_max_port=1048
pasv_address=<Your Elastic IP>
Ensure you replace <Your Elastic IP> with the actual Elastic IP address of your EC2 instance.
Step 4: Restart vsftpd
Restart the vsftpd service to apply your changes:
sudo systemctl restart vsftpd
If the above command doesn’t work, try using:
sudo service vsftpd restart
Step 5: Create an FTP User
You need a user account that vsftpd will manage. To create a new user, execute:
sudo adduser myftpuser
sudo passwd myftpuser
Be sure to substitute myftpuser with a username of your choice. You’ll be prompted to set a password, so choose a strong one.
Step 6: Secure User Access to Home Directories
By default, users may browse beyond their home directory. Restrict this by ensuring the following is set in the configuration file:
chroot_local_user=YES
Apply changes via another restart:
sudo systemctl restart vsftpd
Appendix A: Ensuring Service Starts on Boot
To make sure vsftpd starts with your system, use the command:
sudo systemctl enable vsftpd
This ensures peace of mind, knowing the FTP server will be up every time your EC2 instance restarts.
Appendix B: Change User’s FTP Home Directory
If you want to set a particular directory as the user’s FTP starting point, modify their home directory:
sudo usermod -d /path/to/directory myftpuser
And, optionally, add them to a relevant group:
sudo usermod -aG groupname myftpuser
These steps will help you establish a functional and secure FTP server on your EC2 instance using vsftpd. Feel free to delve into AWS Elastic IP documentation for more insights on setting up Elastic IPs if needed.