Tag Archives: vsftpd

vsftpd with ftpes and virtual users (without mysql!)

I have Ubuntu 12.04.
download vsftpd_2.3.2-3ubuntu5_amd64.deb from official site.
I don't use version 2.3.5 from repository, because there is a issue with writable chroot. Since 2.3.5 users in chroot can't write in root of chroot folder.

1
2
3
4
5
6
7
sudo dpkg -i vsftpd_2.3.2-3ubuntu5_amd64.deb
sudo apt-get install libpam-pwdfile
mkdir -p /etc/vsftpd/users
mkdir -p /raid/ftp/USERS/{user1,user2,user3}
useradd --home /raid/ftp --gid nogroup -m --shell /bin/false vsftpd
chown -R vsftpd.nogroup /raid/ftp/
touch /etc/vsftpd/chroot_list

cat >> /etc/vsftpd.conf << EOF

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
listen=YES
connect_from_port_20=YES

anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES

xferlog_enable=YES
xferlog_file=/var/log/vsftpd.log
log_ftp_protocol=YES
debug_ssl=YES
syslog_enable=NO

pam_service_name=vsftpd
secure_chroot_dir=/var/run/vsftpd
rsa_private_key_file=/etc/ssl/private/vsftpd.key
rsa_cert_file=/etc/ssl/certs/vsftpd.pem
user_config_dir=/etc/vsftpd/users
hide_ids=YES
local_root=/raid/ftp/USERS/$USER
user_sub_token=$USER
chroot_local_user=YES
guest_enable=YES
guest_username=vsftpd
virtual_use_local_privs=YES
anon_world_readable_only=NO
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
use_sendfile=NO
tcp_wrappers=NO

pasv_enable=YES
port_enable=YES
pasv_promiscuous=YES
pasv_min_port=16000
pasv_max_port=16050
pasv_address=THEREIS.YOUR.EXTERNAL.IP

ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=YES
ssl_sslv3=YES
require_ssl_reuse=NO
ssl_ciphers=HIGH

EOF

cat >> /etc/pam.d/vsftpd << EOF

1
2
3
auth required pam_pwdfile.so pwdfile /etc/vsftpd/passwd_ftp
account required pam_permit.so
EOF

Create users:
htpasswd -c /etc/vsftpd/passwd_ftp user1
htpasswd /etc/vsftpd/passwd_ftp user2
htpasswd /etc/vsftpd/passwd_ftp user3


cat >> /etc/vsftpd/users/user1 << EOF

local_root=/raid/ftp/USERS/user1/
EOF

cat >> /etc/vsftpd/users/user2 << EOF
local_root=/raid/ftp/USERS/user2/
EOF

cat >> /etc/vsftpd/users/user3 << EOF
local_root=/raid/ftp/USERS/user3/
EOF

sudo openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /etc/ssl/private/vsftpd.key -out /etc/ssl/certs/vsftpd.pem
chmod 600 /etc/ssl/certs/vsftpd.pem /etc/ssl/private/vsftpd.key

/etc/init.d/vsftpd restart

SSL in vsftpd and FileZilla ftp client

openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /etc/ssl/private/vsftpd.key -out /etc/ssl/certs/vsftpd.pem

grep ssl /etc/vsftpd.conf
rsa_cert_file=/etc/ssl/certs/vsftpd.pem
rsa_private_key_file=/etc/ssl/private/vsftpd.key
ssl_enable=YES
allow_anon_ssl=NO
ssl_tlsv1=YES
ssl_sslv2=YES
ssl_sslv3=YES
require_ssl_reuse=NO
ssl_ciphers=HIGH
force_local_logins_ssl=YES
force_local_data_ssl=YES

vsftpd. FTP for a couple of minutes

 

Merge vsftpd, from here you can ftp://vsftpd.beasts.org/users/cevans/.
sudo -i
mkdir ~/temp | | cd ~/temp
wget ftp://vsftpd.beasts.org/users/cevans/vsftpd-2.3.0pre1.tar.gz
Unpack:
tar xvfz vsftpd-2.3.0pre1.tar.gz
Collect:
make
Appears vsftpd binary, copy it to a folder with the binaries:
cp vsftpd/usr/sbin/
Check whether there is user nobody:
cat /etc/passwd | grep nobody
If not — add:
useradd nobody
For default configuration, you must create a /usr/share/empty/:
mkdir /usr/share/empty/
Next, you need to create ftp user to home directory in /var/ftp/, then it will be the root of our server.
mkdir /var/ftp/
useradd-d /var/ftp ftp
Change the owner of the folders on the root and the appropriate rights:
chown root.root /var/ftp
chmod og-w /var/ftp
Transfer the actual file configuration in /etc:
cp vsftpd.conf /etc
Next edit vsftpd.conf:
vim /etc/vsftpd.conf

Continue reading vsftpd. FTP for a couple of minutes