Securing FTP Access: How to Restrict Usernames to Specific IP Addresses in vsftpd
Restricting username access with certain IP addresses in vsftpd (Very Secure FTP Daemon) can help enhance the security of your FTP server. Here's a step-by-step guide on how to achieve this:
Note: Before proceeding, ensure you have administrative privileges and have a backup of your vsftpd configuration file (vsftpd.conf).
- Open vsftpd.conf for Editing: Use your preferred text editor to open the vsftpd.conf configuration file. This file is typically located in /etc/vsftpd/ or /etc.
sudo nano /etc/vsftpd/vsftpd.conf
Allow Only Specific IPs for a User: To restrict a particular username's access to specific IP addresses, add or modify the following lines in the vsftpd.conf file:
conf
userlist_enable=YES
userlist_deny=YES
userlist_file=/etc/vsftpd/user_list
Create the User List File: Create the user_list file or modify it if it already exists. This file will contain the list of allowed usernames and their respective IP addresses.
sudo nano /etc/vsftpd/user_list
Add the following lines, replacing username with the actual username and allowed_ip with the allowed IP address:
conf
username:allowed_ip
For example:
conf
john:192.168.1.100
You can repeat this pattern for multiple usernames and their respective allowed IPs.
Restart vsftpd: After making these changes, save the files and restart the vsftpd service to apply the changes:
sudo service vsftpd restart
Or:
sudo systemctl restart vsftpd
Now, the specified usernames will only be able to access the FTP server from the allowed IP addresses listed in the user_list file. If they try to access the server from other IP addresses, they will be denied access.
Remember that vsftpd offers various security settings, and it's important to keep your vsftpd configuration and system updated to ensure the highest level of security. Additionally, test the setup thoroughly to make sure it's working as intended before deploying it in a production environment.