Setting up FTP on Amazon Cloud Server

Question

I am trying to set up FTP on Amazon Cloud Server  but without luck  I search over net and there is no concrete steps how to do it   I found those commands to run     yum install vsftpd   ec2-authorize default -p 20-21   ec2-authorize default -p 1024-1048   vi  etc vsftpd vsftpd conf   lt em gt ---Add following lines at the end of file--- lt  em gt      pasv enable YES     pasv min port 1024     pasv max port 1048     pasv address  lt Public IP of your instance gt     etc init d vsftpd restart   But I don t know where to write them

User · Answer

To enable passive ftp on an EC2 server  you need to configure the ports that your ftp server should use for inbound connections  then open a list of available ports for the ftp client data connections     I m not that familiar with linux  but the commands you posted are the steps to install the ftp server  configure the ec2 firewall rules  through the AWS API   then configure the ftp server to use the ports you allowed on the ec2 firewall   So this step installs the ftp client  VSFTP    gt  yum install vsftpd  These steps configure the ftp client   gt  vi  etc vsftpd vsftpd conf --    Add following lines at the end of file --      pasv enable YES      pasv min port 1024      pasv max port 1048      pasv address  lt Public IP of your instance gt    gt   etc init d vsftpd restart   but the other two steps are easier done through the amazon console under EC2 Security groups   There you need to configure the security group that is assigned to your server to allow connections on ports 20 21  and 1024-1048

User · Answer

Great Article    worked like a breeze on Amazon Linux AMI   Two more useful commands   To change the default FTP upload folder  Step 1    edit  etc vsftpd vsftpd conf   Step 2  Create a new entry at the bottom of the page   local root  var www html   To apply read  write  delete permission to the files under folder so that you can manage using a FTP device  find  var www html -type d -exec chmod 777

User · Answer

In case you have ufw enabled  remember add ftp    gt  sudo ufw allow ftp   It took me 2 days to realise that I enabled ufw

User · Answer

In case you are getting 530 password incorrect   1 more step needed   in file  etc shells  Add the following line   bin false

User · Answer

I followed clone45 s answer all the way to the end  A great article  Since I needed the FTP access to install plug-ins to one of my wordpress sites  I changed the home directory to  var www mysitename  Then I continued to add my ftp user to the apache or www  group like this   sudo usermod -a -G apache myftpuser   After this I still saw this error on WP s plugin installation page   Unable to locate WordPress Content directory  wp-content    Searched and found this solution on a wp org Q amp A session  https   wordpress org support topic unable-to-locate-wordpress-content-directory-wp-content and added the following to the end of wp-config php   if is admin          add filter  filesystem method   create function   a    return  direct            define   FS CHMOD DIR   0751        After this my WP plugin was installed successfully

User · Answer

Thanks  clone45 for the nice solution  But I had just one important problem with Appendix b of his solution  Immediately after I changed the home directory to var www html then I couldn t connect to server through ssh and sftp because it always shows following errors   permission denied  public key    or in FileZilla I received this error   No supported authentication methods available  server  public key    But I could access the server through normal FTP connection   If you encountered to the same error then just undo the appendix b of  clone45 solution by set the default home directory for the user   sudo usermod -d  home username  username   But when you set user s default home directory then the user have access to many other folders outside  var www http  So to secure your server then follow these steps   1- Make sftponly group Make a group for all users you want to restrict their access to only ftp and sftp access to var www html  to make the group   sudo groupadd sftponly   2- Jail the chroot To restrict access of this group to the server via sftp you must jail the chroot to not to let group s users to access any folder except html folder inside its home directory  to do this open  etc ssh sshd config in the vim with sudo  At the end of the file please comment this line   Subsystem sftp  usr libexec openssh sftp-server   And then add this line below that   Subsystem sftp internal-sftp   So we replaced subsystem with internal-sftp  Then add following lines below it    Match Group sftponly         ChrootDirectory  var www         ForceCommand internal-sftp         AllowTcpForwarding no   After adding this line I saved my changes and then restart ssh service by   sudo service sshd restart   3- Add the user to sftponly group Any user you want to restrict their access must be a member of sftponly group  Therefore we join it to sftponly by  sudo usermod -G sftponly username  4- Restrict user access to just var www html To restrict user access to just var www html folder we need to make a directory in the home directory  with name of  html   of that user and then mount  var www to  home username html as follow   sudo mkdir  home username html sudo mount --bind  var www  home username html   5- Set write access  If the user needs write access to  var www html  then you must jail the user at  var www which must have root root ownership and permissions of 755  You then need to give  var www html ownership of root sftponly and permissions of 775 by adding following lines   sudo chmod 755  var www sudo chown root root  var www sudo chmod 775  var www html sudo chown root www  var www html   6- Block shell access If you want restrict access to not access to shell to make it more secure then just change the default shell to bin false as follow   sudo usermod -s  bin false username

User · Answer

Jaminto did a great job of answering the question  but I recently went through the process myself and wanted to expand on Jaminto s answer   I m assuming that you already have an EC2 instance created and have associated an Elastic IP Address to it    Step  1  Install vsftpd  SSH to your EC2 server   Type    gt  sudo yum install vsftpd   This should install vsftpd    Step  2  Open up the FTP ports on your EC2 instance  Next  you ll need to open up the FTP ports on your EC2 server   Log in to the AWS EC2 Management Console and select Security Groups from the navigation tree on the left   Select the security group assigned to your EC2 instance   Then select the Inbound tab  then click Edit     Add two Custom TCP Rules with port ranges 20-21 and 1024-1048   For Source  you can select  Anywhere    If you decide to set Source to your own IP address  be aware that your IP address might change if it is being assigned via DHCP       Step  3  Make updates to the vsftpd conf file  Edit your vsftpd conf file by typing    gt  sudo vi  etc vsftpd vsftpd conf   Disable anonymous FTP by changing this line   anonymous enable YES   to   anonymous enable NO   Then add the following lines to the bottom of the vsftpd conf file   pasv enable YES pasv min port 1024 pasv max port 1048 pasv address  lt Public IP of your instance gt     Your vsftpd conf file should look something like the following - except make sure to replace the pasv address with your public facing IP address     To save changes  press escape  then  type  wq  then hit enter     Step  4  Restart vsftpd  Restart vsftpd by typing    gt  sudo  etc init d vsftpd restart   You should see a message that looks like      If this doesn t work  try    gt  sudo  sbin service vsftpd restart     Step  5  Create an FTP user  If you take a peek at  etc vsftpd user list  you ll see the following     vsftpd userlist   If userlist deny NO  only allow users in this file   If userlist deny YES  default   never allow users in this file  and   do not even prompt for a password    Note that the default vsftpd pam config also checks  etc vsftpd ftpusers   for users that are denied  root bin daemon adm lp sync shutdown halt mail news uucp operator games nobody   This is basically saying   Don t allow these users FTP access    vsftpd will allow FTP access to any user not on this list   So  in order to create a new FTP account  you may need to create a new user on your server    Or  if you already have a user account that s not listed in  etc vsftpd user list  you can skip to the next step    Creating a new user on an EC2 instance is pretty simple   For example  to create the user  bret   type    gt  sudo adduser bret  gt  sudo passwd bret   Here s what it will look like       Step  6  Restricting users to their home directories  At this point  your FTP users are not restricted to their home directories  That s not very secure  but we can fix it pretty easily     Edit your vsftpd conf file again by typing    gt  sudo vi  etc vsftpd vsftpd conf   Un-comment out the line   chroot local user YES   It should look like this once you re done      Restart the vsftpd server again like so    gt  sudo  etc init d vsftpd restart   All done     Appendix A  Surviving a reboot  vsftpd doesn t automatically start when your server boots   If you re like me  that means that after rebooting your EC2 instance  you ll feel a moment of terror when FTP seems to be broken - but in reality  it s just not running    Here s a handy way to fix that    gt  sudo chkconfig --level 345 vsftpd on   Alternatively  if you are using redhat  another way to manage your services is by using this nifty graphic user interface to control which services should automatically start    gt   sudo ntsysv     Now vsftpd will automatically start up when your server boots up     Appendix B  Changing a user s FTP home directory    NOTE  Iman Sedighi has posted a more elegant solution for restricting users access to a specific directory   Please refer to his excellent solution posted as an answer    You might want to create a user and restrict their FTP access to a specific folder  such as  var www   In order to do this  you ll need to change the user s default home directory    gt  sudo usermod -d  var www  username   In this specific example  it s typical to give the user permissions to the  www  group  which is often associated with the  var www folder      gt  sudo usermod -a -G www username

User · Answer

I ve simplified clone45 steps   Open the ports as he mentioned  sudo su sudo yum install vsftpd echo -n  Public IP of your instance     amp  amp  read publicip echo -e  anonymous enable NO npasv enable YES npasv min port 1024 npasv max port 1048 npasv address  publicip nchroot local user YES   gt  gt   etc vsftpd vsftpd conf sudo  etc init d vsftpd restart

User · Answer

Don t forget to update your iptables firewall if you have one to allow the 20-21 and 1024-1048 ranges in   Do this from  etc sysconfig iptables   Adding lines like this      -A INPUT -m state --state NEW -m tcp -p tcp --dport 20 21 -j ACCEPT      -A INPUT -m state --state NEW -m tcp -p tcp --dport 1024 1048 -j ACCEPT   And restart iptables with the command      sudo service iptables restart

User · Answer

FileZila is good FTP tool to setup with Amazon Cloud     Download FileZila client from https   filezilla-project org  Click on File  -  Site Manager -    New Site     Provide Host Name IP address of your amazon cloud location  Port if any  Protocol - SFTP  May change based on your requirement  Login Type - Normal  So system will not ask for password each time  Provide user name and password   Connect     You need to do these step only 1 time  later it will upload content to the same IP address and same site

User · Answer

It will not be ok until you add your user to the group www by the following commands   sudo usermod -a -G www  lt USER gt    This solves the permission problem   Set the default path by adding this   local root  var www html

User · Answer

maybe worth mentioning in addition to clone45 s answer       Fixing Write Permissions for Chrooted FTP Users in vsftpd      The vsftpd version that comes with Ubuntu 12 04 Precise does not   permit chrooted local users to write by default  By default you will   have this in  etc vsftpd conf   chroot local user YES write enable YES       In order to allow local users to write  you need to add the following parameter   allow writeable chroot YES    Note  Issues with write permissions may show up as following FileZilla errors   Error  GnuTLS error -15  An unexpected TLS packet was received  Error  Could not connect to server   References  Fixing Write Permissions for Chrooted FTP Users in vsftpd VSFTPd stopped working after update

[linux] Setting up FTP on Amazon Cloud Server

Examples related to linux

Examples related to amazon-web-services

Examples related to amazon-s3

Examples related to amazon-ec2

Examples related to ftp