How to Create an FTP Account on Your VPS: Complete Guide

Table of Contents

• Introduction
• Prerequisites
• What is FTP and Why Use It
• Installing vsftpd on Your VPS
• Configuring vsftpd for Security
• Creating Your First FTP Account
• Restricting Users to Specific Directories
• Configuring Firewall Rules
• Testing Your FTP Connection
• Automating FTP Account Creation
• Security Best Practices
• Common Issues and Troubleshooting
• SFTP vs FTP: When to Use Each
• Conclusion

Introduction

Setting up FTP (File Transfer Protocol) accounts on your Virtual Private Server (VPS) is a fundamental skill for web developers and system administrators. Whether you're managing client websites, sharing files with team members, or setting up automated file transfers, understanding how to properly configure FTP access is essential for efficient server management.

In this comprehensive guide, you'll learn how to install and configure vsftpd (Very Secure FTP Daemon) on a Linux VPS, create restricted FTP accounts, implement security best practices, and automate the account creation process. By the end of this tutorial, you'll have a production-ready FTP server with properly configured user access controls.

For more server management tips and DevOps tutorials, visit cherradix.dev where we cover everything from Laravel deployment to advanced server configurations.

Prerequisites

Before getting started, ensure you have:

• A Linux VPS (Ubuntu 20.04/22.04 or Debian-based distribution)
• SSH access with sudo privileges
• Basic command-line knowledge
• A domain name or server IP address
• Approximately 15-20 minutes for setup

All commands in this tutorial are tested on Ubuntu 22.04 LTS, but they should work with minimal modifications on other Debian-based distributions.

What is FTP and Why Use It

FTP (File Transfer Protocol) is a standard network protocol used to transfer files between a client and server over a TCP-based network. Despite being an older protocol, FTP remains widely used for several reasons:

Common Use Cases:

• Website Management: Uploading and managing website files
• File Sharing: Sharing large files with clients or team members
• Automated Backups: Scheduled file transfers and backups
• Legacy System Integration: Connecting with older systems that require FTP
• Bulk File Operations: Managing large numbers of files efficiently

Advantages of FTP:

• Simple to set up and use
• Wide client support (FileZilla, WinSCP, etc.)
• Efficient for bulk file transfers
• Platform-independent
• Resumable transfers for large files

Limitations to Consider:

• Unencrypted by default (credentials sent in plain text)
• Not suitable for sensitive data without encryption
• Firewall complexity with passive mode
• Less secure than modern alternatives like SFTP

For sensitive data transfers, consider using SFTP (SSH File Transfer Protocol) instead, which we'll discuss later in this article. For more security-focused tutorials, check out cherradix.dev for comprehensive guides on server hardening and secure file transfer methods.

Installing vsftpd on Your VPS

vsftpd (Very Secure FTP Daemon) is the most popular FTP server for Linux systems, known for its security, performance, and stability. Let's install and set it up.

Step 1: Update System Packages

First, ensure your system packages are up to date:

sudo apt update
sudo apt upgrade -y

Step 2: Install vsftpd

Install vsftpd using the package manager:

sudo apt install vsftpd -y

Step 3: Verify Installation

Check that vsftpd is installed and running:

sudo systemctl status vsftpd

You should see output indicating that the service is active and running. If it's not running, start it with:

sudo systemctl start vsftpd
sudo systemctl enable vsftpd

The enable command ensures vsftpd starts automatically on system boot.

Step 4: Backup Default Configuration

Before making changes, create a backup of the default configuration file:

sudo cp /etc/vsftpd.conf /etc/vsftpd.conf.backup

This backup allows you to restore the original configuration if needed.

Configuring vsftpd for Security

Proper configuration is crucial for a secure FTP server. Let's set up vsftpd with security-focused settings.

Edit the Configuration File

Open the vsftpd configuration file:

sudo nano /etc/vsftpd.conf

Recommended Configuration Settings

Replace or modify the following settings in the configuration file:

# Disable anonymous access
anonymous_enable=NO
 
# Enable local users to log in
local_enable=YES
 
# Allow users to write/upload files
write_enable=YES
 
# Set default file creation mask
local_umask=022
 
# Enable directory messages
dirmessage_enable=YES
 
# Use local time instead of UTC
use_localtime=YES
 
# Enable transfer logging
xferlog_enable=YES
 
# Use standard FTP port 20 for data transfers
connect_from_port_20=YES
 
# Restrict users to their home directories (chroot)
chroot_local_user=YES
 
# Allow writable chroot directories
allow_writeable_chroot=YES
 
# Security: Empty directory for vsftpd
secure_chroot_dir=/var/run/vsftpd/empty
 
# PAM service name
pam_service_name=vsftpd
 
# Disable SSL for now (can be enabled later)
ssl_enable=NO
 
# User restrictions
userlist_enable=YES
userlist_file=/etc/vsftpd.userlist
userlist_deny=NO
 
# Passive mode configuration (important for firewalls)
pasv_enable=YES
pasv_min_port=40000
pasv_max_port=40100
 
# Logging
xferlog_file=/var/log/vsftpd.log
log_ftp_protocol=YES

Understanding Key Configuration Options

Security Settings:

• anonymous_enable=NO: Prevents anonymous FTP access
• chroot_local_user=YES: Restricts users to their home directory
• allow_writeable_chroot=YES: Allows uploads in chroot environment
• userlist_enable=YES: Only allows users listed in vsftpd.userlist

Passive Mode Settings:

• pasv_min_port and pasv_max_port: Defines port range for passive connections
• Essential for proper firewall configuration

Logging:

• xferlog_enable=YES: Logs all file transfers
• log_ftp_protocol=YES: Logs FTP protocol details for debugging

Save and Apply Configuration

After editing, save the file (Ctrl+X, Y, Enter) and restart vsftpd:

sudo systemctl restart vsftpd

Verify the configuration is valid:

sudo systemctl status vsftpd

If you see any errors, check the configuration file for syntax issues.

Creating Your First FTP Account

Now that vsftpd is configured, let's create an FTP user account with restricted directory access.

Step 1: Create the User's Directory

First, create the directory structure where the user will have access:

sudo mkdir -p /var/ftp/username

Replace username with your desired username. This creates the directory with parent directories if they don't exist.

Step 2: Create the User Account

Create a new user with the directory as their home:

sudo useradd -d /var/ftp/username -s /bin/bash username

Command breakdown:

• -d /var/ftp/username: Sets the home directory
• -s /bin/bash: Sets the user's shell (required for FTP login)
• username: The username for the account

Step 3: Set the Password

Set a strong password for the user:

sudo passwd username

You'll be prompted to enter and confirm the password. Choose a strong password with:

• At least 12 characters
• Mix of uppercase and lowercase letters
• Numbers and special characters
• No dictionary words

Alternatively, set the password non-interactively:

echo "username:YourSecurePassword123!" | sudo chpasswd

Step 4: Set Directory Permissions

Configure proper ownership and permissions:

# Set ownership to the FTP user
sudo chown -R username:username /var/ftp/username
 
# Set directory permissions
sudo chmod 755 /var/ftp/username

Permission explanation:

• 755: Owner can read/write/execute, others can read/execute
• chown -R: Recursively changes ownership of all files and subdirectories

Step 5: Add User to Allowed List

Add the user to the vsftpd allowed users list:

echo "username" | sudo tee -a /etc/vsftpd.userlist

Verify the user was added:

cat /etc/vsftpd.userlist

Step 6: Restart vsftpd

Apply the changes:

sudo systemctl restart vsftpd

Your FTP account is now ready to use! For more advanced user management techniques and server administration tips, explore cherradix.dev for comprehensive DevOps tutorials.

Restricting Users to Specific Directories

One of the most important security features is restricting FTP users to their designated directories, preventing them from accessing system files or other users' data.

Understanding Chroot Jails

A chroot jail confines users to a specific directory tree, making that directory appear as the root directory to the user. This prevents navigation to parent directories.

Verify Chroot Configuration

Ensure these settings are in your /etc/vsftpd.conf:

chroot_local_user=YES
allow_writeable_chroot=YES

Testing Directory Restrictions

After creating a user, test the restrictions:

1. Log in via FTP client
2. Attempt to navigate to parent directories using cd ..
3. Verify you cannot access directories outside the user's home

Creating Subdirectories

Users can create subdirectories within their home:

# As the FTP user, create subdirectories
mkdir uploads
mkdir downloads
mkdir documents

Setting Up Read-Only Areas

To create read-only directories within a user's home:

# Create a read-only directory
sudo mkdir /var/ftp/username/readonly
 
# Set permissions to read and execute only
sudo chmod 555 /var/ftp/username/readonly
 
# Add content
sudo cp important-files/* /var/ftp/username/readonly/

Multiple Users with Shared Directories

For shared directories between multiple FTP users:

# Create a shared group
sudo groupadd ftpshared
 
# Create shared directory
sudo mkdir -p /var/ftp/shared
 
# Set group ownership
sudo chgrp ftpshared /var/ftp/shared
 
# Set permissions (group writable)
sudo chmod 775 /var/ftp/shared
 
# Add users to the shared group
sudo usermod -a -G ftpshared user1
sudo usermod -a -G ftpshared user2

This configuration allows multiple users to collaborate while maintaining individual home directories.

Configuring Firewall Rules

Proper firewall configuration is essential for FTP to function correctly while maintaining security.

Check Current Firewall Status

First, check if UFW (Uncomplicated Firewall) is active:

sudo ufw status

Configure FTP Ports

FTP requires multiple ports to be open:

# Allow FTP control port
sudo ufw allow 21/tcp
 
# Allow FTP data port
sudo ufw allow 20/tcp
 
# Allow passive mode port range
sudo ufw allow 40000:40100/tcp
 
# Allow SSH (if not already allowed)
sudo ufw allow 22/tcp

Enable UFW

If UFW isn't enabled, activate it:

sudo ufw enable

Warning: Always ensure SSH port 22 is allowed before enabling UFW to avoid locking yourself out.

Verify Firewall Rules

Check that all rules are properly configured:

sudo ufw status verbose

You should see rules for ports 20, 21, and 40000-40100.

Port Explanation

FTP Port Usage:

• Port 21: Control connection (commands)
• Port 20: Data transfer in active mode
• Ports 40000-40100: Passive mode data transfer

Cloud Provider Firewall

If your VPS is hosted on a cloud provider (AWS, DigitalOcean, Google Cloud), you may also need to configure their firewall/security groups:

DigitalOcean:

• Add inbound rules in the Networking section
• Allow TCP ports 20-21 and 40000-40100

AWS EC2:

• Edit security group inbound rules
• Add custom TCP rules for required ports

Google Cloud:

• Configure VPC firewall rules
• Allow ingress traffic on FTP ports

For more detailed firewall configuration and security hardening, visit cherradix.dev for comprehensive server security guides.

Testing Your FTP Connection

After configuration, it's crucial to test that everything works correctly.

Test from Command Line

Test FTP connection directly from your VPS:

ftp localhost

When prompted:

• Enter your username
• Enter your password

Successful login should show:

230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>

Basic FTP commands to test:

# List files
ls
 
# Show current directory
pwd
 
# Create a test file
!echo "test" > test.txt
 
# Upload the file
put test.txt
 
# Download the file
get test.txt
 
# Quit
quit

Test with FileZilla

FileZilla is the most popular FTP client. Configure it with:

Quick Connect:

• Host: your-server-ip
• Username: your-ftp-username
• Password: your-password
• Port: 21

Site Manager (recommended):

1. Open FileZilla
2. File → Site Manager (Ctrl+S)
3. Click "New Site"
4. Configure:
   • Protocol: FTP - File Transfer Protocol
   • Host: your-server-ip
   • Port: 21
   • Encryption: Only use plain FTP (insecure)
   • Logon Type: Normal
   • User: your-username
   • Password: your-password
5. Click "Connect"

Expected Results

Successful Connection:

• Status shows "Connected" and "Directory listing successful"
• Right panel displays your FTP directory contents
• You can only see files in your restricted directory
• File uploads and downloads work correctly

Verify Restrictions:

• Try navigating to parent directory (cd ..)
• Should remain in your home directory
• Cannot access system files or other users' directories

Test from Windows Command Prompt

ftp your-server-ip

Test from Linux/Mac Terminal

ftp your-server-ip

Or use lftp for advanced testing:

lftp -u username,password your-server-ip

Automating FTP Account Creation

Managing multiple FTP accounts manually becomes tedious. Let's create a script to automate the process.

Create the Automation Script

Create a new script file:

nano ~/create-ftp-account.sh

Add the following script:

#!/bin/bash
 
#############################################
# FTP Account Creation Script
# Usage: ./create-ftp-account.sh <username> <password> <folder_name>
#############################################
 
# Color codes for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m' # No Color
 
# Check if all arguments are provided
if [ "$#" -ne 3 ]; then
    echo -e "${RED}Error: Invalid number of arguments${NC}"
    echo "Usage: $0 <username> <password> <folder_name>"
    echo "Example: $0 johndoe SecurePass123! johndoe_files"
    exit 1
fi
 
# Variables
USERNAME=$1
PASSWORD=$2
FOLDER_NAME=$3
BASE_PATH="/var/ftp"
FULL_PATH="${BASE_PATH}/${FOLDER_NAME}"
 
echo -e "${YELLOW}======================================${NC}"
echo -e "${YELLOW}FTP Account Creation Script${NC}"
echo -e "${YELLOW}======================================${NC}"
echo ""
echo "Username: $USERNAME"
echo "Folder: $FULL_PATH"
echo ""
 
# Check if running as root/sudo
if [ "$EUID" -ne 0 ]; then
    echo -e "${RED}Error: This script must be run with sudo${NC}"
    exit 1
fi
 
# Create the directory
echo -e "${YELLOW}[1/7]${NC} Creating directory..."
mkdir -p "$FULL_PATH"
if [ $? -eq 0 ]; then
    echo -e "${GREEN}✓ Directory created${NC}"
else
    echo -e "${RED}✗ Failed to create directory${NC}"
    exit 1
fi
 
# Check if user already exists
if id "$USERNAME" &>/dev/null; then
    echo -e "${RED}✗ Error: User $USERNAME already exists!${NC}"
    exit 1
fi
 
# Create the user with bash shell
echo -e "${YELLOW}[2/7]${NC} Creating user account..."
useradd -d "$FULL_PATH" -s /bin/bash "$USERNAME"
if [ $? -eq 0 ]; then
    echo -e "${GREEN}✓ User created${NC}"
else
    echo -e "${RED}✗ Failed to create user${NC}"
    exit 1
fi
 
# Set the password
echo -e "${YELLOW}[3/7]${NC} Setting password..."
echo "$USERNAME:$PASSWORD" | chpasswd
if [ $? -eq 0 ]; then
    echo -e "${GREEN}✓ Password set${NC}"
else
    echo -e "${RED}✗ Failed to set password${NC}"
    exit 1
fi
 
# Set ownership
echo -e "${YELLOW}[4/7]${NC} Setting ownership..."
chown -R "$USERNAME:$USERNAME" "$FULL_PATH"
if [ $? -eq 0 ]; then
    echo -e "${GREEN}✓ Ownership configured${NC}"
else
    echo -e "${RED}✗ Failed to set ownership${NC}"
    exit 1
fi
 
# Set permissions
echo -e "${YELLOW}[5/7]${NC} Setting permissions..."
chmod 755 "$FULL_PATH"
if [ $? -eq 0 ]; then
    echo -e "${GREEN}✓ Permissions configured${NC}"
else
    echo -e "${RED}✗ Failed to set permissions${NC}"
    exit 1
fi
 
# Add to allowed FTP users list
echo -e "${YELLOW}[6/7]${NC} Adding to FTP userlist..."
if ! grep -q "^$USERNAME$" /etc/vsftpd.userlist 2>/dev/null; then
    echo "$USERNAME" >> /etc/vsftpd.userlist
    echo -e "${GREEN}✓ User added to FTP userlist${NC}"
else
    echo -e "${YELLOW}! User already in FTP userlist${NC}"
fi
 
# Restart vsftpd
echo -e "${YELLOW}[7/7]${NC} Restarting vsftpd service..."
systemctl restart vsftpd
if [ $? -eq 0 ]; then
    echo -e "${GREEN}✓ vsftpd restarted${NC}"
else
    echo -e "${RED}✗ Failed to restart vsftpd${NC}"
    exit 1
fi
 
# Success message
echo ""
echo -e "${GREEN}======================================${NC}"
echo -e "${GREEN}✓ FTP Account Created Successfully!${NC}"
echo -e "${GREEN}======================================${NC}"
echo ""
echo "Connection Details:"
echo "-------------------"
echo "Protocol: FTP"
echo "Host: $(hostname -I | awk '{print $1}')"
echo "Port: 21"
echo "Username: $USERNAME"
echo "Password: $PASSWORD"
echo "Directory: $FULL_PATH"
echo ""
echo -e "${YELLOW}Security Note:${NC} FTP sends credentials in plain text."
echo "Consider using SFTP for sensitive data."
echo ""
 
# Verify user creation
echo "User Verification:"
id "$USERNAME"

Make the Script Executable

chmod +x ~/create-ftp-account.sh

Using the Script

Create FTP accounts with a single command:

sudo ~/create-ftp-account.sh johndoe SecurePass123! johndoe_files

Script parameters:

1. Username
2. Password
3. Folder name (created under /var/ftp/)

Script Features

The automation script provides:

• Input validation: Checks for correct number of arguments
• User existence check: Prevents duplicate user creation
• Colored output: Visual feedback on each step
• Error handling: Exits on failures with clear messages
• Automatic configuration: Sets up everything automatically
• Connection details: Displays login information after creation
• Verification: Shows user details for confirmation

Managing Multiple Accounts

To create multiple accounts, run the script for each user:

sudo ~/create-ftp-account.sh user1 Pass1! user1_data
sudo ~/create-ftp-account.sh user2 Pass2! user2_data
sudo ~/create-ftp-account.sh user3 Pass3! user3_data

System-Wide Installation

To make the script accessible from anywhere:

sudo cp ~/create-ftp-account.sh /usr/local/bin/create-ftp-account
sudo chmod +x /usr/local/bin/create-ftp-account

Now run it from any directory:

sudo create-ftp-account username password folder

For more automation scripts and server management tools, explore cherradix.dev where we share productivity-boosting DevOps solutions.

Security Best Practices

Implementing proper security measures is critical when running an FTP server exposed to the internet.

1. Use Strong Passwords

Enforce strong password policies:

# Install password quality checking library
sudo apt install libpam-pwquality
 
# Configure password requirements in /etc/security/pwquality.conf
sudo nano /etc/security/pwquality.conf

Add these settings:

minlen = 12
dcredit = -1
ucredit = -1
ocredit = -1
lcredit = -1

2. Implement Rate Limiting

Protect against brute-force attacks by limiting connection attempts:

Add to /etc/vsftpd.conf:

# Limit login attempts
max_clients=50
max_per_ip=5

3. Enable FTP over TLS (FTPS)

Encrypt FTP connections using SSL/TLS:

Generate SSL certificate:

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
  -keyout /etc/ssl/private/vsftpd.key \
  -out /etc/ssl/certs/vsftpd.crt

Update vsftpd.conf:

ssl_enable=YES
rsa_cert_file=/etc/ssl/certs/vsftpd.crt
rsa_private_key_file=/etc/ssl/private/vsftpd.key
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
require_ssl_reuse=NO
ssl_ciphers=HIGH

4. Monitor FTP Logs

Regularly review FTP activity:

# View recent FTP activity
sudo tail -f /var/log/vsftpd.log
 
# Check authentication logs
sudo grep vsftpd /var/log/auth.log
 
# Monitor failed login attempts
sudo grep "FAIL LOGIN" /var/log/vsftpd.log

5. Implement Fail2Ban

Automatically ban IPs with repeated failed login attempts:

# Install Fail2Ban
sudo apt install fail2ban
 
# Create vsftpd jail
sudo nano /etc/fail2ban/jail.local

Add this configuration:

[vsftpd]
enabled = true
port = ftp,ftp-data,ftps,ftps-data
logpath = /var/log/vsftpd.log
maxretry = 3
bantime = 3600
findtime = 600

Restart Fail2Ban:

sudo systemctl restart fail2ban

6. Restrict Access by IP

Limit FTP access to specific IP addresses:

# Using TCP wrappers
sudo nano /etc/hosts.allow

Add:

vsftpd: 192.168.1.0/24
vsftpd: 10.0.0.50

Then in /etc/hosts.deny:

vsftpd: ALL

7. Disable Root Login

Ensure root cannot log in via FTP:

In /etc/ftpusers, ensure this line exists:

root

8. Regular Updates

Keep vsftpd updated:

sudo apt update
sudo apt upgrade vsftpd

9. Use Non-Standard Ports

Consider changing the default FTP port:

In /etc/vsftpd.conf:

listen_port=2121

Update firewall accordingly:

sudo ufw allow 2121/tcp

10. Implement Disk Quotas

Prevent users from filling up disk space:

# Install quota tools
sudo apt install quota
 
# Enable quotas on filesystem
# Edit /etc/fstab and add usrquota,grpquota options
 
# Set quota for user
sudo setquota -u username 5G 10G 0 0 /

For comprehensive security hardening guides and best practices, visit cherradix.dev for expert-level DevOps and security tutorials.

Common Issues and Troubleshooting

Here are solutions to frequent FTP setup problems.

530 Login Incorrect Error

Symptoms: User cannot log in despite correct credentials.

Causes and Solutions:

1. Invalid shell:

# Check user's shell
grep username /etc/passwd
 
# Set valid shell
sudo usermod -s /bin/bash username

2. User not in userlist:

# Add user to userlist
echo "username" | sudo tee -a /etc/vsftpd.userlist

3. PAM authentication issue:

# Check PAM configuration
cat /etc/pam.d/vsftpd
 
# Ensure it contains:
@include common-account
@include common-session
@include common-auth

500 OOPS: vsftpd refusing to run with writable root

Solution:

Add to /etc/vsftpd.conf:

allow_writeable_chroot=YES

Restart vsftpd:

sudo systemctl restart vsftpd

Connection Timeout in Passive Mode

Symptoms: Client connects but directory listing fails.

Solution:

1. Configure passive mode ports:

# In /etc/vsftpd.conf
pasv_enable=YES
pasv_min_port=40000
pasv_max_port=40100

2. Update firewall:

sudo ufw allow 40000:40100/tcp

3. Configure external IP for passive mode:

# Add to /etc/vsftpd.conf
pasv_address=YOUR_SERVER_IP

Cannot Upload Files (550 Permission Denied)

Solution:

1. Check directory permissions:

ls -la /var/ftp/username

2. Fix ownership:

sudo chown -R username:username /var/ftp/username
sudo chmod 755 /var/ftp/username

3. Verify write_enable:

# In /etc/vsftpd.conf
write_enable=YES

vsftpd Service Won't Start

Diagnosis:

# Check service status
sudo systemctl status vsftpd
 
# View error logs
sudo journalctl -u vsftpd -n 50
 
# Check configuration syntax
sudo vsftpd -v

Common causes:

1. Configuration syntax error: Review /etc/vsftpd.conf for typos
2. Port already in use: Check if another service uses port 21
3. SSL certificate issues: Verify certificate paths if SSL is enabled

User Can Access Parent Directories

Solution:

Ensure chroot is properly configured:

# In /etc/vsftpd.conf
chroot_local_user=YES
allow_writeable_chroot=YES

Slow Directory Listings

Solution:

Disable reverse DNS lookups:

# Add to /etc/vsftpd.conf
reverse_lookup_enable=NO

FileZilla Shows "Insecure Server" Warning

This is expected when using plain FTP. To resolve:

Option 1: Accept the warning (for non-sensitive data)

Option 2: Enable FTP over TLS (see Security Best Practices section)

Option 3: Use SFTP instead (see next section)

SFTP vs FTP: When to Use Each

Understanding the differences between FTP and SFTP helps you choose the right protocol.

What is SFTP?

SFTP (SSH File Transfer Protocol) is a secure file transfer protocol that runs over SSH, providing encryption for both commands and data.

Key Differences

| Feature | FTP | SFTP | | ------------------ | ------------------------ | -------------------- | | Encryption | No (unless FTPS) | Yes (SSH-based) | | Ports | 20, 21, + passive | 22 (SSH) | | Authentication | Username/password | SSH keys or password | | Firewall | Complex (multiple ports) | Simple (single port) | | Setup | Requires vsftpd | Built into SSH | | Performance | Slightly faster | Minimal overhead | | Legacy Support | Excellent | Good |

When to Use FTP

Choose FTP when:

• Working with legacy systems that only support FTP
• Transferring non-sensitive data
• Need maximum compatibility with older clients
• Performance is critical for large bulk transfers
• Working in controlled, trusted networks

When to Use SFTP

Choose SFTP when:

• Transferring sensitive data
• Security is a priority
• You already have SSH access configured
• Want simplified firewall configuration
• Need encrypted credentials and data
• Working over public internet

Setting Up SFTP (Quick Guide)

SFTP is already available if you have SSH access. To create an SFTP-only user:

# Create user
sudo useradd -m -d /var/sftp/username -s /bin/bash username
sudo passwd username
 
# Configure SSH for SFTP-only access
sudo nano /etc/ssh/sshd_config

Add at the end:

Match User username
    ChrootDirectory /var/sftp/username
    ForceCommand internal-sftp
    AllowTcpForwarding no
    X11Forwarding no

Set permissions:

sudo chown root:root /var/sftp/username
sudo chmod 755 /var/sftp/username
 
# Create writable directory
sudo mkdir /var/sftp/username/uploads
sudo chown username:username /var/sftp/username/uploads

Restart SSH:

sudo systemctl restart sshd

Connect using SFTP clients (FileZilla, WinSCP) on port 22.

Hybrid Approach

You can run both FTP and SFTP simultaneously:

• FTP: For legacy systems and bulk transfers
• SFTP: For secure administrative access

This gives you flexibility while maintaining security where needed.

For more detailed comparisons and protocol selection guides, check out cherradix.dev for comprehensive networking and security tutorials.

Conclusion

Setting up FTP accounts on your VPS is a fundamental system administration skill that enables efficient file management and client access. Throughout this guide, we've covered the complete process from installing vsftpd to implementing security best practices and automating account creation.

Key Takeaways

What You've Learned:

• How to install and configure vsftpd on a Linux VPS
• Creating restricted FTP accounts with directory isolation
• Implementing chroot jails for security
• Configuring firewall rules for FTP access
• Automating FTP account creation with bash scripts
• Security best practices including FTPS, Fail2Ban, and monitoring
• Troubleshooting common FTP issues
• Understanding when to use FTP vs SFTP

Security Reminders

Always remember:

• FTP transmits credentials in plain text - use FTPS or SFTP for sensitive data
• Implement strong password policies
• Enable logging and monitor for suspicious activity
• Keep vsftpd updated with security patches
• Use chroot to restrict user access
• Consider Fail2Ban for brute-force protection

Next Steps

Now that you have a working FTP server, consider:

1. Enabling FTPS: Add SSL/TLS encryption for secure transfers
2. Implementing automation: Integrate FTP account creation with your user management system
3. Setting up monitoring: Use tools like Monit or Nagios to monitor FTP service health
4. Creating backups: Automate FTP directory backups to prevent data loss
5. Migrating to SFTP: For new projects, consider using SFTP from the start

Additional Resources

For more server management tutorials, Laravel deployment guides, and DevOps best practices, visit cherradix.dev. We regularly publish in-depth technical articles covering:

• VPS configuration and optimization
• Laravel application deployment
• Database management and backups
• Security hardening techniques
• Automation and scripting
• Performance tuning

Whether you're managing client websites, deploying applications, or building infrastructure, understanding FTP setup is an essential skill in your DevOps toolkit. With the knowledge from this guide, you're equipped to create secure, efficient file transfer systems on your VPS.

Have questions or run into issues? The cherradix.dev community is here to help - visit our blog for more tutorials and join the discussion in the comments section.

Happy file transferring!

This article was published on cherradix.dev - Your resource for Laravel development, DevOps tutorials, and modern web development practices.