 |
VOOZH | about |
|
VOOZH | about |
We’re so glad you’re here. You can expect all the best TNS content to arrive Monday through Friday to keep you on top of the news and at the top of your game.
Check your inbox for a confirmation email where you can adjust your preferences and even join additional groups.
Follow TNS on your favorite social media networks.
Become a TNS follower on LinkedIn.
Check out the latest featured and trending stories while you wait for your first TNS newsletter.
For those not quite at the level of running a complete build system, the File Transfer Protocol (FTP) is still alive and an important part of the business technology landscape. You might think that going full-on cloud is the best bet, but what about those files and folders that house more sensitive data? Do you really want those being uploaded and downloaded to and from a third-party service that you don’t have control over?
The answer should be no.
You need to ensure those files are uploaded to a service you can trust and sometimes the only option is keeping it within your LAN.
If that sounds like a viable solution for you, Linux has your back (as it always does).
With the help of Secure Shell (SSH), you can deploy an FTP server in minutes. I want to show you how it’s done with AlmaLinux. With this taken care of, you’ll be able to move files back and forth with SFTP (Secure FTP) so you can trust the transmission of that data.
One thing to keep in mind is that if you want to use this FTP server outside of your LAN, you’ll need to configure your routing hardware to route the traffic to the hosting server, and you must allow SSH traffic into the network.
The only things you’ll need to follow along are a running instance of AlmaLinux (or a similar distribution, such as Red Hat Enterprise Linux, CentOS Stream or Oracle Linux) and a user with sudo privileges.
With those things at the ready, it’s time to configure.
By default, new users are not added to the admin group on AlmaLinux. Instead of changing to the root user for setting this up, which can be a security risk, your best bet is to add a standard to the necessary group. To do that, first change to the root user with the `su` command. Once you’ve done that, issue the command:
usermod -aG wheel USER
Where USER is the name of the user in question.
Once you’ve done that, exit from the root user with the exit command and then log out and log back in as your user. That user can now work with sudo.
We’re going to create a specific directory that will be used for FTP purposes. The best place to house this is in the `/svr` directory. Create a new directory with:
sudo mkdir /srv/ftp
Next, you’ll need to change the permissions of that directory to 701, which means:
Change the permission with the command:
sudo chmod -R 701 /srv/ftp
We’ll now create a new user and group that will have access to the new directory. Create the group with:
sudo groupadd ftp_users
Now, create a user with the following configuration:
/srv/ftp/update.The command for this is:
sudo useradd -g ftp_users -d /srv/ftp/upload -s /sbin/nologin USERNAME
Where USERNAME is the name of the user you want to add.
Give the new user a strong/unique password with:
passwd USERNAME
Where USERNAME is the name of the user you just created.
We’ll next create an upload directory for the new user. Let’s say the new user you created is ftpuser. To create the upload directory for that user, issue the command:
sudo mkdir -p /srv/ftp/ftpuser/upload
Change the ownership and permissions for the new directory with:
sudo chown -R root:ftp_users /srv/ftp/ftpuser
`sudo chown -R ftpuser:ftp_users /srv/ftp/ftpuser/upload`
What we’ve done above is change the ownership (for user and group) of `/srv/ftp/ftpuser` to root and `ftp_users` and then change the ownership (for user and group) of `/srv/ftp/ftpuser/upload` to `ftpuser and ftp_users`. Remember, in our case `ftp_users` is the group and `ftpuser` is the user. You can, of course, change those to anything you want/need.
We now have to configure SSH so it’s aware of the new FTP directory. Open the SSH daemon configuration file with:
sudo nano /etc/ssh/sshd_config
Paste the following at the bottom of the file:
Match Group ftp_users ChrootDirectory /srv/ftp/%u ForceCommand internal-sftp
Save and close the file.
Restart SSH with the command:
sudo systemctl restart sshd
SSH is now running and aware of the FTP directory. It’s time to test your new FTP server.
Go to another machine on your network and make sure that SSH is installed (or a client that includes SSH/SFTP such as PuTTY). From the terminal window, log in with ftpuser (or whatever you’ve named the new user) like so:
sftp ftpuser@SERVER
Where SERVER is the IP address of the FTP server.
You should be prompted for the ftpuser password, which you created above. If successful, you’ll see a prompt that looks like this:
sftp>
Change to the upload directory with:
cd upload
Let’s say you have a file on your local computer (named newstack.txt and located in your home directory) and you want to upload it to the FTP server. To do that, the command would be something like this:
put ~/newstack.txt
Or, say the newstack.txt file is in your upload directory on the FTP server and you want to download it to your home directory on the local machine. For that, the command is:
get newstack.txt
If you opt to use a GUI, one thing to keep in mind is that you’ll have to configure your connections with port 22, as that is the default SSH port.
Congratulations, you now have a working FTP server that uses SSH’s SFTP protocol to send and receive files securely.
