Debian12.13 : FTP Server , NTP Server

Contents

1. Install NTP server
2. Install FTP Server
3. Vsftpd SSL/TLS
- 3.1 Create a self-signed certificate.
- 3.2 Vsftpd Configuration
File server installation with Samba

1. Install NTP server

# apt -y install chrony
# vi /etc/chrony/chrony.conf
# Line 8.：Comment the default settings and add the NTP server for your time zone.
#pool 2.debian.pool.ntp.org iburst
pool ntp.nict.jp iburst
# Add to the last line (Range for which time synchronization is allowed)
allow 192.168.11.0/24

# apt -y install chrony

# vi /etc/chrony/chrony.conf

# Line 8.：Comment the default settings and add the NTP server for your time zone.

#pool 2.debian.pool.ntp.org iburst

pool ntp.nict.jp iburst

# Add to the last line (Range for which time synchronization is allowed)

allow 192.168.11.0/24

Setting Reflection

# systemctl restart chrony

1	# systemctl restart chrony

Operation check

# chronyc sources
MS Name/IP address         Stratum Poll Reach LastRx Last sample
===============================================================================
^* ntp-b2.nict.go.jp             1   6    17     5   -778us[ -262us] +/- 7577us
^- ntp-k1.nict.jp                1   6    17     5   -880us[ -880us] +/- 3719us
^- ntp-b3.nict.go.jp             1   6    17     4   -983us[ -983us] +/- 6459us
^- ntp-a2.nict.go.jp             1   6    17     4   -764us[ -764us] +/- 6162us

# chronyc sources

MS Name/IP address Stratum Poll Reach LastRx Last sample

===============================================================================

^* ntp-b2.nict.go.jp 1 6 17 5 -778us[ -262us] +/- 7577us

^- ntp-k1.nict.jp 1 6 17 5 -880us[ -880us] +/- 3719us

^- ntp-b3.nict.go.jp 1 6 17 4 -983us[ -983us] +/- 6459us

^- ntp-a2.nict.go.jp 1 6 17 4 -764us[ -764us] +/- 6162us

2. Install FTP Server

2.1 Install Vsftpd

# apt -y install vsftpd

1	# apt -y install vsftpd

FTP Port21 allowed

# ufw allow ftp
# ufw reload

1 2	# ufw allow ftp # ufw reload

2.2 Edit Vsftpd configuration file

# vi /etc/vsftpd.conf

1	# vi /etc/vsftpd.conf

Edited content

Line 14 : Change
Listen=YES

Line 22 : Change
Listen_ipv6=NO

Line 31 : Uncomments
write_enable=YES

Line 35 : Uncomments
local_umask=022

Line 99-100 : Uncomments(Allow uploads and downloads via ASCII)
ascii_upload_enable=YES
ascii_download_enable=YES

Line 122 : Uncomments
chroot_local_user=YES

Line 123 : Uncomments
chroot_list_enable=YES

Line 125 : Uncomments
chroot_list_file=/etc/vsftpd.chroot_list

Line 131 : Uncomments(Enable bulk transfer of entire directories)
ls_recurse_enable=YES

Creating vsftpd.chroot_list。
Fill in only the user name (huong) in the new file and finish saving.

# vi /etc/vsftpd.chroot_list
huong

1 2	# vi /etc/vsftpd.chroot_list huong

Finally, enable vsftpd and restart.

# systemctl start vsftpd

# systemctl enable vsftpd
Synchronizing state of vsftpd.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable vsftpd

# systemctl start vsftpd

# systemctl enable vsftpd

Synchronizing state of vsftpd.service with SysV service script with /lib/systemd/systemd-sysv-install.

Executing: /lib/systemd/systemd-sysv-install enable vsftpd

2.3 Verifying FTP Connection

Verify using an FTP client
Start FileZilla and select "Site Manager" from the "File" menu.

Click on "New site"
Enter the following settings for each item and click "Connect"
Protocol　: FTP- File Transfer Protocol
Host : IP address of the server
Port :
Logon Ask for password
User 　: General user name (server login user)

Password : logd in user password

When the following screen appears, click "OK".

If the connection is successful, the server directory is displayed on the right and the Windows directory on the left.

3. Vsftpd SSL/TLS

Configure Vsftpd to enable SSL/TLS

3.1 Create a self-signed certificate.

If you are using a trusted, legitimate certificate such as Let's Encrypt, you do not need to do this work.

# cd /etc/ssl/private
# openssl req -x509 -nodes -newkey rsa:2048 -keyout vsftpd.pem -out vsftpd.pem -days 3650
Generating a RSA private key
........................+++++
..................+++++
writing new private key to '/etc/pki/tls/certs/vsftpd.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:JP # country code
State or Province Name (full name) []:Osaka # Region (Prefecture）
Locality Name (eg, city) [Default City]:Sakai # City
Organization Name (eg, company) [Default Company Ltd]:private # organization name
Organizational Unit Name (eg, section) []:Admin # Name of organization's department
Common Name (eg, your name or your server's hostname) [] Lepard # Server Host Name
Email Address []: # Administrator's email address

# cd /etc/ssl/private

# openssl req -x509 -nodes -newkey rsa:2048 -keyout vsftpd.pem -out vsftpd.pem -days 3650

Generating a RSA private key

........................+++++

..................+++++

writing new private key to '/etc/pki/tls/certs/vsftpd.pem'

-----

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [XX]:JP # country code

State or Province Name (full name) []:Osaka # Region (Prefecture）

Locality Name (eg, city) [Default City]:Sakai # City

Organization Name (eg, company) [Default Company Ltd]:private # organization name

Organizational Unit Name (eg, section) []:Admin # Name of organization's department

Common Name (eg, your name or your server's hostname) [] Lepard # Server Host Name

Email Address []: # Administrator's email address

# chmod 600 vsftpd.pem

1	# chmod 600 vsftpd.pem

3.2 Vsftpd Configuration

# vi /etc/vsftpd.conf

1	# vi /etc/vsftpd.conf

Edited content

Line 149,150: comment out
#rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
#rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key

Line 151 : Change
ssl_enable=YES

Add the following after line 152:
rsa_cert_file=/etc/ssl/private/vsftpd.pem
rsa_private_key_file=/etc/ssl/private/vsftpd.pem
ssl_ciphers=HIGH
force_local_data_ssl=YES
force_local_logins_ssl=YES

# systemctl restart vsftpd

1	# systemctl restart vsftpd

Start FileZilla and check
As before, select "Site Manager" from the "File" menu, select the appropriate server, click "Connect," and the following screen will appear.

File server installation with Samba

Build a file server with access rights that requires user authentication with Samba.
Installation Procedure
(1) Create a shared folder with access rights that requires user authentication.
(2) Create a group with access rights
(3)Create users belonging to groups that can be accessed
(4)Edit configuration file

3.1 samba Install

# apt -y install samba

1	# apt -y install samba

3.2 Create a shared folder (smbshare)

# mkdir /home/smbshare

1	# mkdir /home/smbshare

3.3 Create accessible group (smbgroup)

# groupadd smbgroup
# chgrp smbgroup /home/smbshare
# chmod 770 /home/smbshare

# groupadd smbgroup

# chgrp smbgroup /home/smbshare

# chmod 770 /home/smbshare

3.4 Configuration File Edit

# vi /etc/samba/smb.conf

1	# vi /etc/samba/smb.conf

Edited content

Line 25 :
[global]
unix charset = UTF-8 # Add
dos charset = CP932 # Add

Line 38 : Add networks to allow access
interfaces = 127.0.0.0/8 192.168.11.0/24 ens33

Line 98 : Comment out and add below
#map to guest = bad user
security = user

Add to the last line
Set any shared name
[Smbshare]
# Specify a shared folder
path = /home/smbshare
# Allow posting
writable = yes
# Do not allow guest users
guest ok = no
# [smbgroup] Allow access only to the group
valid users = @smbgroup
# Set the group to [smbgroup] when creating files
force group = smbgroup
# Set the permissions to [770] when creating the file.
force create mode = 770
# Set the permissions to [770] when creating folders.
force directory mode = 770
# Inherit permissions from the parent folder
inherit permissions = yes

3.5 SMB Restart

# systemctl enable smbd
Synchronizing state of smbd.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable smbd

# systemctl start smbd

# systemctl enable smbd

Synchronizing state of smbd.service with SysV service script with /lib/systemd/systemd-sysv-install.

Executing: /lib/systemd/systemd-sysv-install enable smbd

# systemctl start smbd

3.6 User (smbuser) registration, password setting, group registration

# useradd smbuser
# smbpasswd -a smbuser
New SMB password:     # Password Setup
Retype new SMB password:
Added user smbuser.

Change smbuser to smbgroup
# usermod -aG smbgroup smbuser

# useradd smbuser

# smbpasswd -a smbuser

New SMB password: # Password Setup

Retype new SMB password:

Added user smbuser.

Change smbuser to smbgroup

# usermod -aG smbgroup smbuser

3.7 UFW to allow Samba services

# ufw allow samba
# ufw reload

1 2	# ufw allow samba # ufw reload

3.8 Accessing shared directories from Windows 11

Connect from Windows Explorer
Open Explorer and enter "\\server IP" (in this case 192.168.11.83) in the address field.
Access the server.

You will be asked to enter your authentication information.
User name : User name created in "3.6 User (smbuser) Registration, Password Setting, Group Registration"
Password : Password for the above user
Click "OK"

Confirm that files and folders are newly created when the shared directory information is displayed.

Go to top