ftp is a file transfer protocol we use it if clients are wanting to get files or upload files to a server. Instead of giving them access to the entire server we give them access to a specific portion, that way our information is kept secure and private.



Find instance 

Right click on instance

Scroll down to Networking

Click on Change Security Groups settings

Scroll to FTP2 and assign the security group. (Scott and I created this is you want more information there is a video I think it is in part 1. Also all this is doing is allowing access through specific ftp ports)

Double check that FTP2 is located in the Security Groups section (below instance: next to view inbound rules etc… )


because sftp uses port (22) and not the ftp port we DON'T add the ftp2 security group to the instance,

instead we will need to whitelist the IP address(es) of the people who are needing access to the sftp inside our ssh security group settings. Then we will need to remove them after giving them a certain period of time of access to the site. 



SSH into server

command: sudo su 

command cd /

command: apt install vsftpd

command: cd /etc

command: ls

command: vim vsftpd.conf

make sure that line

NOTE if client needs to write or upload files  (usually not the case):  make sure write_enable is not commented out on line 31 -- write_enable is what allows write access.

VIM command: /anonymous_enable

Make  sure this is set to NO

VIM command: esc and then enter shift g (it will bring you to the bottom of page)

VIM command: o (insert line below, O will insert line above)

VIM command: # added by seth w on <Todays DATE> (this comment helps other developers and yourself if you need to change something you can just search for your name)

ENTER this code at bottom of file: (make sure it is not commented out with # before it):




pasv_address=<Public IP of your instance> (TIP look at the top of your putty shell)

*do not include the <>

VIM command:   :wq 

command: service vsftpd status   (q to quit)

command: service vsftpd restart

command: service vsftpd status

NOTE: to see if this worked you should see a different time listed in the Active: active (running)


To enable password for sftp:

vi /etc/ssh/sshd_config file and change to:

 PasswordAuthentication yes

then run this command to restart ssh so that it updates and the change is implemented.

command: service ssh restart

We don't need to give them access to all of the files in /var/www

instead just zip the files and put them in a directory

create an sftp user and give that user a password

This will change ownership for /var/www

command: cd /var/www

command: ls -al (to find out who is the owner - the first column is the owner the second is the group)

command: cd wordpress (or moodle if you are doing moodle)

command: passwd www-data

Generate a secure  password typing into google: password generator last pass


Enter the password into the (note that it will not show up only enter it in once) 

Enter New UNIX password:

And then confirm password:

command: chsh www-data (or whatever name we are giving to the client as username for them to access sftp)

Then in login shell enter command: /bin/bash

In order to change privileges so that the user can read and write use the the command:

chmod -R 775 /var/www


chmod -R 775 www-data:www-data /var/www

Trouble Shooting:

If for some reason its not working check to see if the IP address is still current, sometimes they are changed and this will stop the connection. Also, try changing the password and see if this fixes it.


Directions: Client Information / Testing 

SFTP is now ready for client 


the ftp client will say that this server does not support ftp over TLS its ok just click ok.

you will need to give the client 4 things

1) Host: IP ADDRESS, for sftp we do sftp://IP_ADDRESS

2)Username: www-data

3) Password - remember to give them just the password link to privnote and not the password here.

4) Port 21 for ftp, port 22 for sftp

try this out in an ftp client (FileZilla) to make sure everything is working right.



to zip up everything for the client and restrict access more securely

create a directory (that will hold all of the ftp zipped files for the client which are: database, core files and moodledata)

mkdir /home/<clientname>

 then we can zip  directory /var/moodledata 

zip -r moodledata.zip moodledata

Then we need to  do a database dump and zip this 

Then zip the core files found in /var/www/(site i.e. moodle, wordpress)

then move zipped files into this location:  /home/<clientname>

create a user and password 

give to client