Setup a secure ftp server for remote access on OS X

Recently quite a number of forum members asked about how to transfer large file between remote locations. The online services such as DropBox and Wuala do a good job but if you already have a Mac or a Linux machine, it is so much easier and also secure to setup your own FTP (File Transfer Protocol) server using vsftpd (Very Secure File Transfer Protocol Daemon). In this article I will try to guide you through the entire setup process. Lets get started, shall we?

  1. First you need to install the vsftpd using Mac Ports. Open the Terminal.app, enter the following command and hit Enter. If you don’t have Mac Ports installed, get it from here.
  2. sudo port install vsftpd
  3. Now you have to create a vsftpd.config file which defines the rules to secure your ftp server. Fortunately, when you install vsftpd using Mac Ports, it will create a sample config file at /opt/local/etc/ directory. Use the following command to create a config file from the sample file.
  4. sudo cp /opt/local/etc/vsftpd.config.sample /opt/local/etc/vsftpd.config
  5. Open the vsftpd.config file on any editor and make the following changes.
  6. sudo vim /opt/local/etc/vsftpd.config

    To deny access to anonymous users, activate
    anonymous_enable=NO

    To allow local users to access their home directories
    local_enable=YES

    Add a welcome message
    ftpd_banner=Welcome to my FTP service!

    Lock the users in their root directories
    chroot_local_user=YES

    There are several other settings you could activate/deactivate on the config file. Do as it fits.

  7. To run the server, use the following command
  8. sudo /opt/local/sbin/vsftpd

    If you have done everything correctly so far the server should be up and running.

  9. To do an initial test try the following command in a separate tab.
  10. ftp 192.168.1.2

    Replace the ip address with your local ip address.
    This should ask you for a user name and password. Try the user name and the password you use for log-in to your Mac.

  11. Next step is to enable users to access your newly setup FTP server from a remote location. For this you need a service such as DynDNS or No-IP. You can sign-up for a free account with both providers. Once the registration is completed, go ahead and add a new host as shown in the following example.
  12. dyndns

    Do not forget to activate the service.

    If you have done everything correctly, you should be able to connect to the newly set up ftp server from any remote location.

    In case if you have a router in your home network don’t forget to do a port forward.

    That’s all. ;)
    Let me know how it went.

Be Sociable, Share!
Categories: Tips & Tricks, Unix
Tags: , ,
  • http://bobalbert.info Bob

    Thanks for the tutorial. I haven’t done it yet, but will be following it to setup sftp on my mac leopard client machine that I’m setting up as a server.

    One question, what would be the command to have vsftpd automatically load at start-up/restart?

    Bob

  • http://finiteloops.com Waruna

    @Bob
    You can add a cronjob to run the vsftpd daemon at reboot by adding

    @reboot /opt/local/sbin/vsftpd

    To edit/create crontab, use the following command.

    crontab -e
  • ankur sethi

    Getting this error:

    500 OOPS: vsftpd: not configured for standalone, must be started from inetd

    I can’t figure out how to get it to either use inetd or be standalone, there is a listen setting which I tried YES and NO

  • Doctormex

    The configuration file must be vsftpd.conf (insted of vsftpd.config)
    This way the “vsftpd: not configured for standalone, must be started from inetd” error is corrected.

  • Cyril

    Hi, I`m looking for some solution, well thing is I have got an ftp server running on my mac mini, but what I need to do is banned every IP adress which will try to log in into my mac for more than 3-5 times with bad username and password. I need to have it full protected from outside hackers. Please do you thing that it is possible to do this in Mac? or through some programs…