{"id":12799,"date":"2025-12-20T09:43:11","date_gmt":"2025-12-20T04:13:11","guid":{"rendered":"https:\/\/www.youstable.com\/blog\/?p=12799"},"modified":"2025-12-20T09:43:13","modified_gmt":"2025-12-20T04:13:13","slug":"how-to-configure-ftp-on-linux","status":"publish","type":"post","link":"https:\/\/www.youstable.com\/blog\/how-to-configure-ftp-on-linux","title":{"rendered":"How to Configure FTP on Linux Server &#8211; (Step-by-Step Guide 2026)"},"content":{"rendered":"\n<p><strong>To configure FTP on a Linux server in 2026<\/strong>, install an FTP daemon (vsftpd), create a dedicated user and directory, enable chroot and passive mode, secure it with TLS (FTPS), open firewall ports (21 and a passive range), and test with an FTP client. This guide walks you through each step on Ubuntu\/Debian and RHEL\/AlmaLinux.<\/p>\n\n\n\n<p>Configuring FTP on a Linux server is straightforward once you understand the pieces: the FTP service, users and permissions, passive mode networking, and encryption (FTPS). In this step-by-step guide, you\u2019ll learn exactly how to configure FTP on Linux server environments using vsftpd, harden it for production, and troubleshoot common issues\u2014all aligned with 2026 best practices.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"what-youll-learn-overview\"><strong>What You\u2019ll Learn (Overview)<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Install and configure vsftpd on Ubuntu\/Debian and RHEL\/AlmaLinux<\/li>\n\n\n\n<li>Create FTP-only users and chroot them to home directories<\/li>\n\n\n\n<li>Enable passive mode and open the correct firewall ports<\/li>\n\n\n\n<li>Secure FTP with TLS (FTPS) and modern ciphers<\/li>\n\n\n\n<li>Harden vsftpd for production and enable logs<\/li>\n\n\n\n<li><a href=\"https:\/\/www.youstable.com\/blog\/fix-error-establishing-database-connection\/\">Fix common errors<\/a> (permissions, passive mode behind NAT, SELinux)<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"ftp-vs-sftp-vs-ftps-which-should-you-use\"><strong>FTP vs SFTP vs FTPS: Which Should You Use?<\/strong><\/h2>\n\n\n\n<p><strong>Before we configure anything, align on protocols:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>FTP: <\/strong>Classic protocol over TCP\/21. Unencrypted by default. Use only with TLS.<\/li>\n\n\n\n<li><strong>FTPS (FTP over TLS): <\/strong>FTP + encryption. Recommended when your workflow or legacy apps require FTP, but you need security.<\/li>\n\n\n\n<li><strong>SFTP: <\/strong>Runs over SSH (TCP\/22). Different protocol and often simpler to secure and firewall. Preferred when you control both ends.<\/li>\n<\/ul>\n\n\n\n<p>This guide focuses on FTPS with vsftpd, a lightweight, secure, and widely used <a href=\"https:\/\/www.youstable.com\/blog\/install-ftp-on-linux\/\">FTP server for Linux<\/a>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"prerequisites\"><strong>Prerequisites<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>A <a href=\"https:\/\/www.youstable.com\/blog\/install-iptables-on-linux\/\">Linux server<\/a> (Ubuntu 20.04\/22.04\/24.04, Debian 11\/12, or RHEL\/CentOS\/AlmaLinux\/Rocky 8\/9)<\/li>\n\n\n\n<li>Root or sudo access<\/li>\n\n\n\n<li>Firewall access (UFW or firewalld) and ability to open ports<\/li>\n\n\n\n<li>Public IP or behind NAT with port forwarding configured<\/li>\n\n\n\n<li>Optional: a domain and Let\u2019s Encrypt certificate for FTPS<\/li>\n<\/ul>\n\n\n\n<p>Tip: If you prefer a managed VPS with pre-hardened FTP\/FTPS and 24\/7 support, YouStable can provision and secure it for you while you focus on your application.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"step-by-step-install-and-configure-vsftpd\"><strong>Step-by-Step: Install and Configure vsftpd<\/strong><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"1-install-vsftpd\"><strong>1) Install vsftpd<\/strong><\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code># Ubuntu\/Debian\nsudo apt update\nsudo apt install -y vsftpd\n\n# RHEL\/AlmaLinux\/Rocky\/CentOS\nsudo dnf install -y vsftpd<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"2-create-an-ftp-only-user-and-directory\"><strong>2) Create an FTP-Only User and Directory<\/strong><\/h3>\n\n\n\n<p><a href=\"https:\/\/www.youstable.com\/blog\/create-a-custom-hosting-environment-with-a-dedicated-server\/\">Create a dedicated<\/a> user, set a password, and limit shell access so it\u2019s only used for FTP.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># Create a group and user\nsudo groupadd ftpusers\nsudo useradd -m -d \/home\/ftpuser -s \/usr\/sbin\/nologin -G ftpusers ftpuser\nsudo passwd ftpuser\n\n# Create an upload directory inside the user home\nsudo mkdir -p \/home\/ftpuser\/uploads\nsudo chown ftpuser:ftpusers \/home\/ftpuser\/uploads\nsudo chmod 755 \/home\/ftpuser\nsudo chmod 750 \/home\/ftpuser\/uploads<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"3-configure-vsftpd-basic-secure-settings\"><strong>3) Configure vsftpd (Basic Secure Settings)<\/strong><\/h3>\n\n\n\n<p><a href=\"https:\/\/www.youstable.com\/blog\/edit-wp-config-php-file-in-wordpress\/\">Edit the main configuration file<\/a> and enable local logins, write access, and chroot isolation.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo cp \/etc\/vsftpd.conf \/etc\/vsftpd.conf.bak\nsudo nano \/etc\/vsftpd.conf<\/code><\/pre>\n\n\n\n<p>Use these recommended baseline settings:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># Core behavior\nlisten=YES\nlisten_ipv6=NO\nanonymous_enable=NO\nlocal_enable=YES\nwrite_enable=YES\nlocal_umask=022\ndirmessage_enable=YES\n\n# Chroot users to their home\nchroot_local_user=YES\nallow_writeable_chroot=YES\n\n# Passive mode (adjust the range to your needs)\npasv_enable=YES\npasv_min_port=40000\npasv_max_port=50000\n\n# User management\nuserlist_enable=YES\nuserlist_file=\/etc\/vsftpd.userlist\nuserlist_deny=NO            # Only allow users in this file\n\n# Logging\nxferlog_enable=YES\nxferlog_std_format=YES\ndual_log_enable=YES\nvsftpd_log_file=\/var\/log\/vsftpd.log\n\n# Security niceties\nhide_ids=YES\nmax_clients=50\nmax_per_ip=10\nidle_session_timeout=600\ndata_connection_timeout=120\n\n# TLS\/FTPS will be added in the next step\nssl_enable=NO<\/code><\/pre>\n\n\n\n<p>Allow only specific users by populating the userlist file:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>echo \"ftpuser\" | sudo tee -a \/etc\/vsftpd.userlist<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"4-enable-passive-mode-in-the-firewall\"><strong>4) Enable Passive Mode in the Firewall<\/strong><\/h3>\n\n\n\n<p>FTP requires TCP\/21 plus a passive port range. Open both on your firewall and router\/NAT if applicable.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># UFW (Ubuntu)\nsudo ufw allow 21\/tcp\nsudo ufw allow 40000:50000\/tcp\nsudo ufw reload\n\n# firewalld (RHEL\/AlmaLinux)\nsudo firewall-cmd --permanent --add-service=ftp\nsudo firewall-cmd --permanent --add-port=40000-50000\/tcp\nsudo firewall-cmd --reload<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"5-add-tls-ftps-recommended\"><strong>5) Add TLS\/FTPS (Recommended)<\/strong><\/h3>\n\n\n\n<p>Use a valid certificate (Let\u2019s Encrypt) or a self-signed cert for testing. Then enforce encrypted logins and data.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># Self-signed certificate (testing)\nsudo openssl req -x509 -nodes -days 365 -newkey rsa:4096 \\\n-keyout \/etc\/ssl\/private\/vsftpd.key \\\n-out \/etc\/ssl\/certs\/vsftpd.crt\n\n# Adjust permissions\nsudo chmod 600 \/etc\/ssl\/private\/vsftpd.key<\/code><\/pre>\n\n\n\n<p>Add these FTPS settings to \/etc\/vsftpd.conf:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>ssl_enable=YES\nrsa_cert_file=\/etc\/ssl\/certs\/vsftpd.crt\nrsa_private_key_file=\/etc\/ssl\/private\/vsftpd.key\nrequire_ssl_reuse=NO\nssl_ciphers=HIGH\nssl_tlsv1=NO\nssl_tlsv1_1=NO\nssl_tlsv1_2=YES\nssl_tlsv1_3=YES\nforce_local_logins_ssl=YES\nforce_local_data_ssl=YES\nallow_anon_ssl=NO<\/code><\/pre>\n\n\n\n<p>If you use Let\u2019s Encrypt, point rsa_cert_file to fullchain.pem and rsa_private_key_file to privkey.pem.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"6-start-enable-and-verify-vsftpd\"><strong>6) Start, Enable, and Verify vsftpd<\/strong><\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo systemctl enable --now vsftpd\nsudo systemctl status vsftpd\n\n# Check listening ports\nsudo ss -tulpn | grep -E \":21|:40000\"<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"7-selinux-notes-rhel-almalinux-rocky\"><strong>7) SELinux Notes (RHEL\/AlmaLinux\/Rocky)<\/strong><\/h3>\n\n\n\n<p>If SELinux is enforcing, enable the right booleans and contexts for uploads and passive mode.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># Allow FTP passive mode and home directory access\nsudo setsebool -P ftpd_use_passive_mode 1\nsudo setsebool -P ftp_home_dir 1\n\n# If writing outside home, you may need:\n# sudo setsebool -P ftpd_full_access 1\n\n# Label the upload directory if needed\nsudo semanage fcontext -a -t public_content_rw_t \"\/home\/ftpuser\/uploads(\/.*)?\"\nsudo restorecon -Rv \/home\/ftpuser\/uploads<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"8-test-with-an-ftp-client\"><strong>8) Test with an FTP Client<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>GUI: FileZilla\/WinSCP\/Cyberduck. Protocol: FTPS (explicit), Host: yourserver:21, Encryption: Require explicit FTP over TLS, Passive mode: Enabled.<\/li>\n\n\n\n<li>CLI: lftp is FTPS-aware.<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code># Install lftp\nsudo apt install -y lftp  # Ubuntu\/Debian\nsudo dnf install -y lftp  # RHEL family\n\n# Connect (explicit FTPS)\nlftp -u ftpuser ftps:\/\/your.server.com\n# Then run: put testfile.txt or get file.zip<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"production-hardening-checklist\"><strong>Production Hardening Checklist<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Disable anonymous access (anonymous_enable=NO).<\/li>\n\n\n\n<li>Whitelist users with userlist_enable=YES and userlist_deny=NO.<\/li>\n\n\n\n<li>Chroot users (chroot_local_user=YES) and set owner\/permissions carefully.<\/li>\n\n\n\n<li>Force TLS for logins and data, and disable TLSv1.0\/1.1; prefer TLSv1.2+.<\/li>\n\n\n\n<li>Use a narrow passive port range and allow only from trusted IPs if possible.<\/li>\n\n\n\n<li>Limit concurrency (max_clients, max_per_ip) and set sensible timeouts.<\/li>\n\n\n\n<li>Enable logging and retain logs for audits (xferlog_enable, vsftpd_log_file).<\/li>\n\n\n\n<li>Consider Fail2ban to block brute-force attempts on port 21.<\/li>\n\n\n\n<li>Keep vsftpd and OpenSSL updated; rotate certificates annually.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"troubleshooting-quick-fixes-for-common-issues\"><strong>Troubleshooting: Quick Fixes for Common Issues<\/strong><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"cant-list-directories-or-transfers-hang\"><strong>Can\u2019t List Directories or Transfers Hang<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Symptom: LIST command times out, directory listing fails.<\/li>\n\n\n\n<li>Fix: Ensure passive mode is enabled in vsftpd and client; open passive ports and forward them on your router\/NAT; verify external IP matches DNS.<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code># Verify ports\nsudo ss -tulpn | grep :21\nsudo ss -tulpn | grep 40000\n\n# From outside, test reachability\nnc -vz your.server.com 21\nnc -vz your.server.com 40001<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"tls-handshake-or-certificate-errors\"><strong>TLS Handshake or Certificate Errors<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Use a valid cert with the correct hostname (CN\/SAN) or configure your client to trust the cert.<\/li>\n\n\n\n<li>Disable deprecated protocols and prioritize TLSv1.2\/1.3.<\/li>\n\n\n\n<li>Check file permissions on the <a href=\"https:\/\/www.youstable.com\/blog\/private-key-for-ssl-certificate\/\">private key<\/a> (should be 600) and ownership (root:root).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"530-login-incorrect-or-permission-denied\"><strong>530 Login Incorrect or Permission Denied<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Ensure the user is in \/etc\/vsftpd.userlist and not locked.<\/li>\n\n\n\n<li>Confirm the shell is \/usr\/sbin\/nologin (OK for FTP) and the home exists.<\/li>\n\n\n\n<li>Check directory permissions: home (755) and uploads (750\/770) owned by user\/group.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"550-permission-denied-when-uploading-in-a-chroot\"><strong>\u201c550 Permission denied\u201d When Uploading in a Chroot<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Keep the user\u2019s home not group-writable (typically 755) and create a writable subdirectory (uploads) with correct ownership.<\/li>\n\n\n\n<li>Set allow_writeable_chroot=YES if necessary (already included above).<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"selinux-blocking-writes\"><strong>SELinux Blocking Writes<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Enable ftpd_use_passive_mode and ftp_home_dir booleans.<\/li>\n\n\n\n<li>Relabel upload directories with public_content_rw_t and run restorecon.<\/li>\n\n\n\n<li>Inspect logs with journalctl -u vsftpd and \/var\/log\/audit\/audit.log.<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo journalctl -u vsftpd -f\nsudo tail -f \/var\/log\/vsftpd.log\nsudo ausearch -m avc -ts recent | audit2why<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"advanced-tips-and-good-to-knows\"><strong>Advanced Tips and Good-to-Knows<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>NAT environments: Configure a stable passive range and port-forward it, plus port 21.<\/li>\n\n\n\n<li>DNS: Ensure your FTP clients connect via a hostname that resolves to the correct public IP.<\/li>\n\n\n\n<li>Rate limiting: Combine firewall rules with vsftpd max_clients to mitigate abuse.<\/li>\n\n\n\n<li>Automation: Script user creation and directory provisioning for multi-tenant environments.<\/li>\n\n\n\n<li>Monitoring: Track vsftpd logs and integrate with your SIEM for anomaly detection.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"alternatives-proftpd-pure-ftpd-or-sftp\"><strong>Alternatives: ProFTPD, Pure-FTPd, or SFTP<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>ProFTPD: Highly configurable, Apache-style configs, rich modules.<\/li>\n\n\n\n<li>Pure-FTPd: Simple, secure defaults, virtual users, and quotas.<\/li>\n\n\n\n<li>SFTP (OpenSSH): Often simpler to secure and firewall; if your stack supports SFTP, prefer it over FTP\/FTPS.<\/li>\n<\/ul>\n\n\n\n<blockquote class=\"wp-block-quote has-ast-global-color-1-background-color has-background is-layout-flow wp-block-quote-is-layout-flow\">\n<p>At <a href=\"https:\/\/www.youstable.com\/\">YouStable<\/a>, we typically recommend SFTP for greenfield deployments. If your applications require FTP, we deploy FTPS with strict hardening and logging.<\/p>\n<\/blockquote>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"full-example-minimal-secure-vsftpd-conf\"><strong>Full Example: Minimal Secure vsftpd.conf<\/strong><\/h2>\n\n\n\n<pre class=\"wp-block-code\"><code>listen=YES\nlisten_ipv6=NO\nanonymous_enable=NO\nlocal_enable=YES\nwrite_enable=YES\nlocal_umask=022\ndirmessage_enable=YES\n\nchroot_local_user=YES\nallow_writeable_chroot=YES\n\nuserlist_enable=YES\nuserlist_file=\/etc\/vsftpd.userlist\nuserlist_deny=NO\n\nxferlog_enable=YES\ndual_log_enable=YES\nvsftpd_log_file=\/var\/log\/vsftpd.log\n\nhide_ids=YES\nmax_clients=50\nmax_per_ip=10\nidle_session_timeout=600\ndata_connection_timeout=120\n\npasv_enable=YES\npasv_min_port=40000\npasv_max_port=50000\n\nssl_enable=YES\nrsa_cert_file=\/etc\/ssl\/certs\/vsftpd.crt\nrsa_private_key_file=\/etc\/ssl\/private\/vsftpd.key\nrequire_ssl_reuse=NO\nssl_ciphers=HIGH\nssl_tlsv1=NO\nssl_tlsv1_1=NO\nssl_tlsv1_2=YES\nssl_tlsv1_3=YES\nforce_local_logins_ssl=YES\nforce_local_data_ssl=YES\nallow_anon_ssl=NO<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"faqs-configure-ftp-on-linux-server-2026\"><strong>FAQs: Configure FTP on Linux Server (2026)<\/strong><\/h2>\n\n\n<div id=\"rank-math-faq\" class=\"rank-math-block\">\n<div class=\"rank-math-list \">\n<div id=\"faq-question-1765605112102\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"which-ports-should-i-open-for-ftp-and-ftps\"><strong>Which ports should I open for FTP and FTPS?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Open TCP\/21 for control, and a passive range (for example, 40000\u201350000) for data connections. For FTPS, the same ports apply; TLS is negotiated over port 21 (explicit FTPS). Make sure your firewall and any NAT device forward both 21 and the passive range to your server.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765605117956\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"whats-the-difference-between-ftps-and-sftp\"><strong>What\u2019s the difference between FTPS and SFTP?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>FTPS is FTP secured with TLS and uses port 21 plus passive ports. SFTP is a different protocol built into SSH (port 22). SFTP is often easier to firewall and is recommended unless your tools require FTP. When using FTP, always enable FTPS for encryption.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765605127066\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"how-do-i-fix-directory-listing-failures-behind-nat\"><strong>How do I fix directory listing failures behind NAT?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Enable passive mode in vsftpd and specify a narrow passive port range. Forward the same passive range and port 21 on your router to the server. Ensure the client is set to passive mode and connects to the public hostname that resolves to the correct IP.<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765605136590\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"how-can-i-restrict-users-to-a-single-directory\"><strong>How can I restrict users to a single directory?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Chroot the user (chroot_local_user=YES) and create a writable subdirectory (uploads). Set the home directory to the chroot path and adjust permissions so the home is not group-writable (755) while uploads is writable by the user\/group (750 or 770).<\/p>\n\n<\/div>\n<\/div>\n<div id=\"faq-question-1765605145542\" class=\"rank-math-list-item\">\n<h3 class=\"rank-math-question \" class=\"rank-math-question \" id=\"can-i-use-a-lets-encrypt-certificate-with-vsftpd\"><strong>Can I use a Let\u2019s Encrypt certificate with vsftpd?<\/strong><\/h3>\n<div class=\"rank-math-answer \">\n\n<p>Yes. Install Certbot, obtain a certificate for your domain, then set rsa_cert_file to \/etc\/letsencrypt\/live\/your.domain\/fullchain.pem and rsa_private_key_file to \/etc\/letsencrypt\/live\/your.domain\/privkey.pem. Reload vsftpd after renewal (use a post-renewal hook).<\/p>\n\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"final-thoughts\"><strong>Final Thoughts<\/strong><\/h2>\n\n\n\n<p>You\u2019ve learned how to configure FTP on <a href=\"https:\/\/www.youstable.com\/blog\/install-yum-on-linux\/\">Linux server<\/a> environments with vsftpd, enable FTPS, open passive ports, and harden your setup for production. Keep your packages updated, rotate certificates, and monitor logs. If you want a zero-hassle, secure deployment with expert support, YouStable can manage this entire stack for you.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>To configure FTP on a Linux server in 2026, install an FTP daemon (vsftpd), create a dedicated user and directory, [&hellip;]<\/p>\n","protected":false},"author":13,"featured_media":15413,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[350],"tags":[],"class_list":["post-12799","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-knowledgebase"],"acf":[],"featured_image_src":"https:\/\/www.youstable.com\/blog\/wp-content\/uploads\/2025\/12\/How-to-Configure-FTP-on-Linux-Server.jpg","author_info":{"display_name":"Prahlad Prajapati","author_link":"https:\/\/www.youstable.com\/blog\/author\/prahladblog"},"_links":{"self":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts\/12799","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/users\/13"}],"replies":[{"embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/comments?post=12799"}],"version-history":[{"count":5,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts\/12799\/revisions"}],"predecessor-version":[{"id":15415,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts\/12799\/revisions\/15415"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/media\/15413"}],"wp:attachment":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/media?parent=12799"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/categories?post=12799"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/tags?post=12799"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}