Deployment of Linux FTP/SFTP File Services

Deployment of Linux FTP/SFTP File Services

In today’s digital age, file transfer is a core requirement for data exchange and collaboration in enterprises. As a representative of open-source server platforms, Linux supports efficient and secure file service deployment, with FTP (File Transfer Protocol) and SFTP (Secure File Transfer Protocol) being the most commonly used protocols. FTP is suitable for simple transfers but has low security; SFTP, based on SSH, provides encryption protection and is suitable for sensitive data. According to a 2025 report by DigitalOcean, the usage rate of SFTP has surpassed 70% of FTP, highlighting the importance of secure transmission. Properly deploying FTP/SFTP services can not only enhance data transfer efficiency but also ensure compliance and security.

1. Basics of FTP and SFTP

1.1 What is FTP?

FTP (File Transfer Protocol) is a standard network protocol used for transferring files between clients and servers. It is based on TCP/IP and supports functions such as uploading, downloading, and directory operations. FTP uses port 21 (control) and 20 (data) by default, but it has low security because it transmits data in plaintext, which can be intercepted.

Characteristics of FTP:

  • Easy to use: Supports anonymous access and user authentication.
  • Dual channel: Control channel for commands, data channel for transmission.
  • Modes: Active mode (server connects to client) and passive mode (client connects to server).
  • Limitations: No encryption, vulnerable to MITM (Man-in-the-Middle) attacks.

FTP is suitable for internal networks or non-sensitive data transfers.

1.2 What is SFTP?

SFTP (SSH File Transfer Protocol) is a file transfer protocol based on SSH, providing encrypted and secure file access. It uses port 22 of SSH, requiring no additional ports, and supports public key authentication and 2FA.

Characteristics of SFTP:

  • Security: Encrypted transmission and authentication.
  • Single channel: Transmission through SSH tunnel.
  • Rich functionality: Supports resume and directory synchronization.
  • Compatibility: Similar to SCP but more powerful.

SFTP is the standard for modern file transfers.

1.3 Differences between FTP and SFTP

Aspect FTP SFTP
Protocol TCP/IP SSH
Port 20/21 22
Security Plaintext, easily intercepted Encrypted, secure
Authentication User/password Public key/password/2FA
Mode Active/Passive Single channel
Usage Non-sensitive data Sensitive data

Choice: Use SFTP for security, use FTP for simplicity.

1.4 Importance of File Service Deployment

File service deployment is the foundation of Linux shared storage:

  • Data exchange: Internal/external file transfers.
  • Backup: Automated backups to servers.
  • Compliance: Encrypted transmission meets regulations.
  • Efficiency: Optimized bulk transfers.
  • Security: Prevent unauthorized access.

For example, in 2025, companies faced millions in fines due to data leaks from FTP plaintext transmissions.

1.5 Typical Deployment Scenarios

  • Internal sharing: Company file server.
  • Cloud backup: SFTP to AWS S3.
  • Development: SFTP access to Git repositories.
  • E-commerce: User file uploads.
  • IoT: Device logs reported via SFTP.

1.6 Challenges of Deployment

  • Security configuration: Encryption and authentication.
  • Performance: High concurrent transfers.
  • Compatibility: Diverse clients.
  • Monitoring: Log auditing.
  • Scalability: Multi-node clusters.

1.7 Goals of Deployment

  • Security: Encrypted transmission.
  • Efficiency: High speed, low latency.
  • User-friendly: Easy configuration.
  • Scalable: Supports clustering.
  • Compliance: Log recording.

2. Principles and Practices of FTP Service Deployment

2.1 FTP Principles

FTP uses a client-server model, with the control channel (21) sending commands and the data channel (20) transmitting files.

Active mode: Server connects to client. Passive mode: Client connects to server, suitable for firewalls.

FTPS: FTP + SSL/TLS encryption.

vsftpd: Very Secure FTP Daemon, a commonly used FTP server on Linux.

Principle: vsftpd authenticates via PAM and isolates users with chroot.

2.2 vsftpd Installation

Ubuntu:

sudo apt update
sudo apt install vsftpd
sudo systemctl enable vsftpd
sudo systemctl start vsftpd
sudo systemctl status vsftpd

CentOS:

sudo dnf install vsftpd
sudo systemctl enable vsftpd
sudo systemctl start vsftpd
sudo systemctl status vsftpd

2.3 vsftpd Configuration

Configuration file /etc/vsftpd.conf.

Basic Configuration:

anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
listen=NO
listen_ipv6=YES
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES

User Configuration:

  1. Create FTP user:

    sudo useradd -m -s /bin/false ftpuser
sudo passwd ftpuser

  2. Restrict user: Edit /etc/vsftpd.userlist:

    ftpuser

    Configuration:

    userlist_enable=YES
userlist_deny=NO

  3. chroot isolation:

    chroot_local_user=YES
allow_writeable_chroot=YES

  4. Restart:

    sudo systemctl restart vsftpd

2.4 FTPS Configuration

  1. Generate certificate:

    sudo mkdir /etc/ssl/private
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/vsftpd.key -out /etc/ssl/private/vsftpd.crt

  2. Configuration:

    ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
rsa_cert_file=/etc/ssl/private/vsftpd.crt
rsa_private_key_file=/etc/ssl/private/vsftpd.key

  3. Restart vsftpd.

Client: Use FileZilla to connect via FTPS.

2.5 FTP Monitoring

  • Log /var/log/vsftpd.log.

  • Check:

    tail -f /var/log/vsftpd.log

2.6 FTP Security Optimization

  • Firewall:

    sudo ufw allow 21/tcp
sudo ufw allow 20/tcp
sudo ufw allow 990/tcp  # FTPS

  • Limit IP: Edit vsftpd.conf:

    tcp_wrappers=YES

    /etc/hosts.allow:

    vsftpd: 192.168.1.0/24

  • Anonymous access: anonymous_enable=NO.

3. Principles and Practices of SFTP Service Deployment

3.1 SFTP Principles

SFTP is a subsystem of SSH, using the SSH channel to transfer files.

Principle: OpenSSH handles SFTP requests through sftp-server, supporting chroot isolation.

Advantages: Encrypted, secure, no additional ports required.

3.2 OpenSSH Installation

Ubuntu:

sudo apt update
sudo apt install openssh-server
sudo systemctl enable ssh
sudo systemctl start ssh
sudo systemctl status ssh

CentOS:

sudo dnf install openssh-server
sudo systemctl enable sshd
sudo systemctl start sshd
sudo systemctl status sshd

3.3 SFTP User Configuration

  1. Create user:

    sudo useradd -m -s /bin/false sftpuser
sudo passwd sftpuser

  2. Configure sshd_config:

    sudo nano /etc/ssh/sshd_config

    Add:

    Subsystem sftp internal-sftp
Match Group sftpgroup
    ChrootDirectory /home/%u
    ForceCommand internal-sftp
    AllowTcpForwarding no

  3. Create group and add user:

    sudo groupadd sftpgroup
sudo usermod -g sftpgroup sftpuser
sudo chown root:root /home/sftpuser
sudo chmod 755 /home/sftpuser
sudo mkdir /home/sftpuser/upload
sudo chown sftpuser:sftpgroup /home/sftpuser/upload
sudo chmod 755 /home/sftpuser/upload

  4. Restart SSH:

    sudo systemctl restart sshd

3.4 SFTP Key Authentication

  1. Client generates key:

    ssh-keygen -t ed25519

  2. Copy public key:

    ssh-copy-id sftpuser@host

  3. Configure sshd_config:

    PubkeyAuthentication yes
PasswordAuthentication no

  4. Restart sshd.

Client connection:

sftp sftpuser@host

3.5 SFTP Monitoring

  • Log /var/log/auth.log.

  • Check:

    tail -f /var/log/auth.log | grep sftp

3.6 SFTP Security Optimization

  • Limit IP:

    AllowUsers [email protected].*

  • Disable shell: -s /bin/false.

  • 2FA: Combine with Google Authenticator PAM.

4. Comparison and Selection of FTP and SFTP

4.1 Comparison

  • FTP: Simple but insecure.
  • SFTP: Secure but slightly complex to configure.

Choice: Use SFTP for sensitive data, use FTP for non-sensitive data.

4.2 Migrating from FTP to SFTP

  1. Install OpenSSH.
  2. Configure SFTP user.
  3. Notify clients to switch to SFTP.

5. Case Studies

5.1 Case 1: vsftpd FTP Deployment

Scenario: Internal file sharing.

Steps:

  1. Install vsftpd.

  2. Configure anonymous access:

    anonymous_enable=YES
anon_root=/var/ftp

  3. Restart vsftpd.

Result: Anonymous FTP running.

5.2 Case 2: SFTP User Isolation

Scenario: Cloud server SFTP.

Steps:

  1. Create sftpuser and group.
  2. sshd_config Match Group.
  3. Test SFTP connection.

Result: User isolated access.

5.3 Case 3: FTPS Encrypted Deployment

Scenario: Secure FTP.

Steps:

  1. Generate certificate.
  2. Enable SSL in vsftpd.conf.
  3. Test FTPS connection.

Result: Encrypted transmission.

6. Best Practices

6.1 Best Practices for FTP

  • Disable anonymous access.
  • Use FTPS.
  • Limit user directories.

6.2 Best Practices for SFTP

  • chroot isolation.
  • Key authentication.
  • Monitor logs.

6.3 Security Practices

  • Firewall limit ports.
  • Regularly audit users.

6.4 Performance Optimization

  • Compress transmissions.
  • Multi-threaded FTP clients.

6.5 Monitoring Practices

  • Use Fail2Ban to protect against brute force attacks.

7. Common Problem Solutions

7.1 FTP Connection Failure

Cause: Port not open.

Solution:

sudo ufw allow 21/tcp

7.2 SFTP Permission Error

Cause: Incorrect chroot directory permissions.

Solution:

sudo chown root:root /home/user
sudo chmod 755 /home/user

7.3 FTPS Certificate Invalid

Cause: Self-signed certificate.

Solution: Use CA certificate or client trust.

7.4 Logs Not Recording

Cause: Incorrect configuration.

Solution: Set vsftpd.conf xferlog_enable=YES.

7.5 High Load Slow

Cause: Single-threaded.

Solution: Use lftp with multiple connections.

8. Conclusion

The deployment of Linux FTP/SFTP file services is central to storage management, enabling efficient and secure transmission through vsftpd and OpenSSH.

Related posts

  1. Enhancing Httprunner Test Cases: Declaration and Reference of Variables (Part 2)
  2. Mini Tool for Embedded UI Development: AirFONTS_1000 Vector Font Library
  3. Understanding the AI Agent Industry Chain in One Day: A Comprehensive Overview
  4. Feasibility of Integrating Medical and Elderly Care Business Models in Private Hospitals
  5. Detailed Explanation of Linux Program Compilation Process
  6. C++ Lecture 3: The ‘Secret Symbols’ that Drive Code Execution
  7. Installation, Configuration, and Maintenance of Linux DNS Server
  8. Post-Penetration on Linux: Various Methods for Credential Collection (Part 1)
  9. Comprehensive Analysis of Linux System Permissions
  10. Linux File Permissions: Can You Understand These ‘Hidden Risks’?
  11. Essential Guide to Deploying Linux Firewall: From Basic Protection to Advanced Rules, Easy for Beginners
  12. Linux Command Series: scp
  13. Some Cool Tricks with the Linux Bash Prompt
  14. Single Cell Study Group – Linux Software Installation and Environment Setup
  15. Detailed Explanation of the Linux Boot Process and Key Interview Points
  16. C-Periphery: Simplifying Linux Embedded Peripheral Device Operations!
  17. Linux Process States (Zombie Processes, Orphan Processes), Priority and Scheduling Mechanisms
  18. The Disadvantages of Keeping Bluetooth On in Your Phone
  19. Must-See Linux Operations in 2026: New Technology Trends + Practical Optimization Techniques

Leave a Comment