Friday, 16 September 2016

Setting up a Secure FTP Server on AWS

Setting up a Secure FTP (SFTP) Server on AWS

So here's a quick and easy guide to setting up a simple Secure FTP Server on a Ubuntu 14.04 AWS EC2 instance. 
Secure FTP Servers are an ideal mechanism for transfering files to and fro between trusted users. For this tutorial, I'm using a simple Ubuntu 14.04 AMI running on a t2medium instance type.

AMI: Ubuntu Server 14.04 LTS (HVM), SSD Volume Type - ami-2d39803a
Instance Hostname: US-EAST-FTPSERVER-01
Username: ubuntu
Key name: myppkfile.ppk

Important: Make sure you update your OS using the sudo apt-get update command before following this tutorial

Login to the instance and install the ftp server package first:

# sudo apt-get install vsftpd

Create a new user (in my case its called as the blueuser)

#sudo adduser blueuser

Also create the SSH directory for your newly created user (NOTE: The SSH directory is a hidden directory):

# sudo mkdir /home/blueuser/.ssh

With this done we now need to a keypair for our blueuser. There are many ways to do this, but for now 'm going to use the AWS Console itself and create one for me quickly. From the EC2 management dashboard, select the Pairs option and click on New Key pair. provide a suitable name (blue-ftpserver) and click Create. Save the .pem locally on your machine.

Next, we need to create a public key from our newly downloaded key pair. I'm using PuttyGen for the same. Click on Load to load your blue-ftpserver.pem file.

It prompt you with a notice. Click on OK

Now here's the important part. Click on Save Public Key option as shown below. Provide a suitable name for your public key and save it locally on your system.

Next, open your saven public key using any editor (I'm using Sublime Text) and add the following two text as shown below:
First, add the text "ssh-rsa" to the beginning of the key and then add the key's name to the end of the key as shown. There are no quotations whatsoever. Save the file.

Next, in your FTP Server, create the authorized_keys file for your user:

# sudo vi /home/blueuser/.ssh/authorized_keys

Copy and paste the entire content of the Public Key file that we modified earlier here. Save and exit the file.

Next, run the following commands to set the correct permissions on your folders:

# sudo chmod 700 /home/blueuser/.ssh/

# sudo chmod 600 /home/blueuser/.ssh/authorized_keys

# sudo chown -R blueuser:blueuser /home/blueuser/.ssh/

Now, we test. To do so, transfer the PEM file the FTP Server instance using any tool such as WinSCP. This is the PEM file that was created using the AWS Management Console (blue-ftpserver)

Once transferred run the following command to verify whether your new user can login to the FTP server securely using the PEM file.

# sftp -o IdentityFile=blue-ftpserver.pem

If all goes well, your newly created user should get authenticated and you should see the FTP Server prompt as shown below. If for some reason you get a permission denied error, then please check the contents of your user's authorized_keys file. make there are no new line characters in it.

You can also use this newly created user to SSH your Ubuntu instance as well. Type in the following command:

# ssh -i blue-ftpserver.pem

Your new user should get ssh access to the FTP server instance as shown below. 

But to get really secure, you may want to disable this SSH access for your new user and restrict it only for FTP access. To do so, run the following commands as shown:

Create a group dedicated for FTP users:
# sudo groupadd sftponly

Add your newly created user to this group:
# sudo adduser blueuser sftponly

Edit the sshd_config file and append the following data towards the end of the file:

# sudo vi /etc/ssh/sshd_config

# Paste the following content towards the end of file
Match group sftponly
ChrootDirectory /home/%u
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp

Save and exit the file.

Apply the necessary permissions and restart the ssh service for the changes to take effect:

# sudo chown root:root /home/blueuser

# sudo chown -R blueuser:blueuser /home/blueuser/.ssh

# sudo /etc/init.d/ssh restart

Try logging on the FTP serer now using the same username and PEM file as earlier. Your user should have SFTP access however the SSH access should be blocked out as shown below:

Well, there you have it.. a really simple way to setup a secure FTP server the AWS environment. Stay tuned for more such tutorials coming your way soon! 


Deepesh said...

Great post.
wwe summerslam live stream
wwe summerslam live streaming

Heri Wijaya said...

may be useful for all, helpful article once and pardon me permission to share also here

Obat sakit jantung seperti ditusuk jarum
Obat tonsilitis anak
Cara menyembuhkan polip hidung

nuy herbal said...

Thank you so much admin already provided information so useful and pardon me permission to share articles herein may be useful and help you, especially those who are looking for

Obat biduran tradisional
Cara menyembuhkan tumor rahim
Cara mengobati alzheimer

messi said...


Nuy Nurhasanah said...

thank you very useful information admin, and pardon me permission to share articles here may help Obat penghancur batu ginjal

lenovo Support said...

The post is very useful. Thanks for the post. Keep sharing.
Lenovo Tech Support

Unknown said...

I have to voice my passion for your kindness giving support to those people that should have guidance on this important matter.
aws training in marathahalli|

Indra Dhawa said...

WOW great post. outlook customer care

iphonesupport said...

Superb, what a web site it is! This webpage gives valuable facts to us, keep it up.
iPhone customer support

i Digital Academy said...

Thanks for the post and please keep posting blogs on such topics which can really help others.

Please click on the link below.
SEO Specialist in Bangalore

mintm mintm said...

Fast and secure services provider.i really like ftp server cloud storage


Those guidelines additionally worked to become a good way to
recognize that other people online have the identical fervor like mine
to grasp great deal more around this condition.

AWS Training in Chennai

AWS Training in Bangalore

AWS Training in Bangalore

rajkumar raj said...
This comment has been removed by the author.
rajkumar raj said...

I feel really happy to have seen your webpage and look forward to so
many more entertaining times reading here. Thanks once more for all
the details.

aws training in chennai

rajkumar raj said...

I feel really happy to have seen your webpage and look forward to so
many more entertaining times reading here. Thanks once more for all
the details.

aws training in chennai

phuloo Nikola said...

nice post friend , Thank you for sharing with us, and we sincerely hope you will continue to update or post other articles

Post a Comment

Note: only a member of this blog may post a comment.