Run an SFTP Server on an AWS EC2 Instance

Follow these steps to set up an SFTP server on an EC2 instance.

Start by installing the SFTP server:

sudo yum install vsftpd

Allow inbound traffic in your instance’s security group:

Edit /etc/vsftpd/vsftpd.conf:

  • Change anonymous_enable=YES to anonymous_enable=NO.
  • Add the following to the end of the file:
pasv_enable=YES
pasv_min_port=1024
pasv_max_port=1048
pasv_address=<public IP of this EC2 instance>

Restart the SFTP server:

sudo /etc/init.d/vsftpd restart

or

sudo /sbin/service vsftpd restart

/etc/vsftpd/user_list lists users who are NOT allowed SFTP access:

# vsftpd userlist
# If userlist_deny=NO, only allow users in this file
# If userlist_deny=YES (default), never allow users in this file
root
bin
daemon
adm
lp
sync
shutdown
halt
mail
news
uucp
operator
games
nobody

Create a new user for SFTP:

sudo adduser sftpuser
sudo passwd sftpuser
gpasswd -a sftpuser ftp

At this point, SFTP users are NOT restricted to their home directories. To do so, uncomment chroot_local_user=YES in /etc/vsftpd/vsftpd.conf & restart the SFTP server.

To start the SFTP server automatically on instance reboot, run this:

sudo chkconfig --level 345 vsftpd on

or sudo ntsysv on Red Hat.

To restrict a user to a specific directory, change their home:

sudo usermod -d /var/www/ sftpuser
sudo usermod -aG www sftpuser
sudo usermod -aG apache sftpuser

or set local_root=/var/www/html in /etc/vsftpd/vsftpd.conf.

If you have Uncomplicated FireWall enabled:

sudo ufw allow ftp

If you have IP Tables firewall enabled, add the following in /etc/sysconfig/iptables:

-A INPUT -m state --state NEW -m tcp -p tcp --dport 20:21 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 1024:1048 -j ACCEPT

& restart IP Tables:

sudo service iptables restart

If you get this error:

500 OOPS: vsftpd: refusing to run with writable root inside chroot ()

See this β€” Fixing 500 OOPS: vsftpd: refusing to run with writable root inside chroot ().

Also see β€” Fixing Write Permissions for Chrooted FTP Users in vsftpd.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.