vSFTPd
vsftpd (Very Secure FTP Daemon) is a popular FTP server for Linux systems. To use vSFTPd, you'll need to install the vsftpd package.
------------------------------------------------------------------------------------------------------------------------------------------------
vSFTPd Config Options
| pasv_enable=YES pasv_min_port=40000 pasv_max_port=40100 |
Enable passive mode and set port range |
| pasv_address=your.external.ip.address |
Specify FTP listening IP. |
| anonymous_enable=NO |
Disable anonymous access |
| write_enable=YES |
Enable file uploads |
| local_enable=YES |
Enable local users |
| chroot_local_user=YES |
Enable user chroot |
| chroot_list_enable=YES chroot_list_file=/etc/vsftpd.chroot_list |
Configure chroot bypass for users. |
| ssl_enable=YES |
Enable SSL |
| rsa_cert_file=/etc/ssl/certs/vsftpd.pem rsa_private_key_file=/etc/ssl/private/vsftpd.pem |
Specify SSL certificate files for FTPS/ES |
| force_local_data_ssl=YES force_local_logins_ssl=YES |
Force SSL usage |
| ssl_tlsv1=YES ssl_sslv2=NO ssl_sslv3=NO |
SSL Protocol options |
| ssl_ciphers=HIGH |
SSL cipher |
| force_local_data_ssl=NO force_local_logins_ssl=NO |
Enable FTPES |
------------------------------------------------------------------------------------------------------------------------------------------------
Adding users for FTP usage
1. In order to create an account that can use VSFTPd, you will first need to set up a user on the server that you want to transfer files to and from.
useradd guest
2. Once created, you'll want to set a password for that user
passwd guest
3. Also disable shell access for the user
usermod -s /sbin/nologin guest------------------------------------------------------------------------------------------------------------------------------------------------
Chrooting users
Chrooting a user in vsftpd ensures that the user is restricted to their home directory and cannot navigate to other parts of the file system.
- Add the user
Either alter the existing user's home directory, or add a new user to be used for FTP
sudo adduser --home /var/ftp/ftpuser ftpuser2. Set a password
passwd ftpuser3. Set home directory permissions
sudo chown ftpuser:ftpuser /var/ftp/ftpuser
sudo chmod 755 /var/ftp/ftpuser4. Configure vsftpd
Ensure that the following is present within /etc/vsftpd.conf
chroot_local_user=YES------------------------------------------------------------------------------------------------------------------------------------------------
FTPS & FTPES
# Enable SSL
ssl_enable=YES
# Paths to the SSL certificate and key
rsa_cert_file=/etc/ssl/certs/vsftpd.pem
rsa_private_key_file=/etc/ssl/private/vsftpd.pem
# Require SSL for both data and login
force_local_data_ssl=YES
force_local_logins_ssl=YES
# Allow anonymous users to use SSL
allow_anon_ssl=YES
# SSL protocol options
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
# Strong ciphers
ssl_ciphers=HIGH
# Optional: Require SSL reuse for data connections
require_ssl_reuse=NO
# Enable Explicit SSL (FTPES)
# By default, vsftpd will use implicit FTPS (default port 990)
# If you prefer explicit FTPS (FTPES), enable the following:
force_local_data_ssl=NO
force_local_logins_ssl=NO
# Explicitly request SSL for login
ssl_request_cert=YES====================================================================================
No Comments