# vSFTPd `vsftpd` (Very Secure FTP Daemon) is a popular FTP server for Linux systems. To use vSFTPd, you'll need to install the `vsftpd `package. \------------------------------------------------------------------------------------------------------------------------------------------------ #### vSFTPd Config Options
pasv\_enable=YES pasv\_min\_port=40000 pasv\_max\_port=40100Enable passive mode and set port range
pasv\_address=your.external.ip.address Specify FTP listening IP.
anonymous\_enable=NO Disable anonymous access
write\_enable=YES Enable file uploads
local\_enable=YES Enable local users
chroot\_local\_user=YES Enable user chroot
chroot\_list\_enable=YES chroot\_list\_file=/etc/vsftpd.chroot\_listConfigure chroot bypass for users.
ssl\_enable=YES Enable SSL
rsa\_cert\_file=/etc/ssl/certs/vsftpd.pem rsa\_private\_key\_file=/etc/ssl/private/vsftpd.pem Specify SSL certificate files for FTPS/ES
force\_local\_data\_ssl=YES force\_local\_logins\_ssl=YESForce SSL usage
ssl\_tlsv1=YES ssl\_sslv2=NO ssl\_sslv3=NOSSL Protocol options
ssl\_ciphers=HIGH SSL cipher
force\_local\_data\_ssl=NO force\_local\_logins\_ssl=NOEnable FTPES
\------------------------------------------------------------------------------------------------------------------------------------------------ #### Adding users for FTP usage 1\. In order to create an account that can use VSFTPd, you will first need to set up a user on the server that you want to transfer files to and from. ``` useradd guest ``` 2\. Once created, you'll want to set a password for that user ``` passwd guest ``` 3\. Also disable shell access for the user ``` usermod -s /sbin/nologin guest ``` \------------------------------------------------------------------------------------------------------------------------------------------------ #### Chrooting users Chrooting a user in `vsftpd` ensures that the user is restricted to their home directory and cannot navigate to other parts of the file system. 1. Add the user Either alter the existing user's home directory, or add a new user to be used for FTP ``` sudo adduser --home /var/ftp/ftpuser ftpuser ``` 2\. Set a password ``` passwd ftpuser ``` 3\. Set home directory permissions ``` sudo chown ftpuser:ftpuser /var/ftp/ftpuser sudo chmod 755 /var/ftp/ftpuser ``` 4\. Configure vsftpd Ensure that the following is present within /etc/vsftpd.conf ``` chroot_local_user=YES ``` \------------------------------------------------------------------------------------------------------------------------------------------------ #### FTPS & FTPES ``` # Enable SSL ssl_enable=YES # Paths to the SSL certificate and key rsa_cert_file=/etc/ssl/certs/vsftpd.pem rsa_private_key_file=/etc/ssl/private/vsftpd.pem # Require SSL for both data and login force_local_data_ssl=YES force_local_logins_ssl=YES # Allow anonymous users to use SSL allow_anon_ssl=YES # SSL protocol options ssl_tlsv1=YES ssl_sslv2=NO ssl_sslv3=NO # Strong ciphers ssl_ciphers=HIGH # Optional: Require SSL reuse for data connections require_ssl_reuse=NO # Enable Explicit SSL (FTPES) # By default, vsftpd will use implicit FTPS (default port 990) # If you prefer explicit FTPS (FTPES), enable the following: force_local_data_ssl=NO force_local_logins_ssl=NO # Explicitly request SSL for login ssl_request_cert=YES ``` ====================================================================================