Contents
1. Install NTP server
1 2 3 4 5 6 7 |
# apt -y install chrony # vi /etc/chrony/chrony.conf # Line 8.:Comment the default settings and add the NTP server for your time zone. #pool 2.debian.pool.ntp.org iburst pool ntp.nict.jp iburst # Add to the last line (Range for which time synchronization is allowed) allow 192.168.11.0/24 |
Setting Reflection
1 |
# systemctl restart chrony |
Operation check
1 2 3 4 5 6 7 |
# chronyc sources MS Name/IP address Stratum Poll Reach LastRx Last sample =============================================================================== ^+ ntp-b2.nict.go.jp 1 6 17 4 +985us[+1200us] +/- 6078us ^* ntp-k1.nict.jp 1 6 17 4 +2889ns[ +218us] +/- 3869us ^+ ntp-a2.nict.go.jp 1 6 17 5 -1216us[-1000us] +/- 7388us ^+ ntp-a3.nict.go.jp 1 6 17 5 +54us[ +269us] +/- 6345us |
2. Install FTP Server
2.1 Install Vsftpd
1 |
# apt install vsftpd |
FTP Port21 allowed
1 2 |
# ufw allow ftp # ufw reload |
2.2 Edit Vsftpd configuration file
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 |
# vi /etc/vsftpd.conf # Line 14. : change listen=YES # Line 22 : change listen_ipv6=NO # Line 31 : Uncomment # Allow use of FTP commands to make changes to files write_enable=YES # Line 35 : Uncomment # Set permission values to be applied to new files # Each digit indicates owner, group, other, and bit indicates rwx local_umask=022 # Line 99-100 : Uncomment # Allow uploads by ASCII ascii_upload_enable=YES # Allow downloading by ASCII ascii_download_enable=YES # Line 122 : Uncomment # Change the user's login directory to the user's root directory chroot_local_user=YES # Line 123 : Uncomment # Users will not be able to access outside the login directory chroot_list_enable=YES # Line 125 : Uncomment # Users listed in vsftpd.chroot_list are exempt from the above restrictions chroot_list_file=/etc/vsftpd.chroot_list # Line 131:Uncomment( Enable batch transfer by directory ) ls_recurse_enable=YES |
Next, create a new vsftpd.chroot_list under etc.
Add your Debian username (e.g. huong) to this file.
1 2 |
# vi /etc/vsftpd.chroot_list huong |
Enable vsftpd and restart
1 |
# systemctl restart vsftpd |
2.3 Check FTP connection
Check with FTP client
In this case, we will use FileZilla.
Start FileZilla and change FileZilla settings first, menu "Edit" "Settings"
![](https://korodes.com/wp-content/uploads/2023/12/32dcd34e0aefc2878efdf0e57095c5c4.png)
Click on "New site" and then
Protocol : FTP-File Transfer Protocol
Host : Server IP Address
Port : (can be blank)
Encryption : Use expllict FTP ocver TLS if available
Logon Type : Ask for password
User : Login User Name
![](https://korodes.com/wp-content/uploads/2022/12/b5c0a755b104b678b6064d2ef2c4410e.jpg)
Password : Password for logged-in user
![](https://korodes.com/wp-content/uploads/2022/12/99f5bc0a153a3eac3499c808659e047d.jpg)
Click "OK" when the following screen appears
![](https://korodes.com/wp-content/uploads/2023/12/7557606a2e63861b968a73f5978366ff.png)
If you see the Windows directory on the left and the Debian directory on the right, the connection was successful.
![](https://korodes.com/wp-content/uploads/2023/12/53b77ed2f45539fe42612dc159a01be9.png)
3. Vsftpd SSL/TLS
Configure Vsftpd to use SSL/TLS
3.1 Create self-signed certificates
This work is not required if you are using a trusted, legitimate certificate such as Let's Encrypt.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 |
# cd /etc/ssl/private # openssl req -x509 -nodes -newkey rsa:2048 -keyout vsftpd.pem -out vsftpd.pem -days 3650 Generating a RSA private key ........................+++++ ..................+++++ writing new private key to '/etc/pki/tls/certs/vsftpd.pem' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:JP # country code State or Province Name (full name) []:Osaka # Region (Prefecture) Locality Name (eg, city) [Default City]:Sakai # City Organization Name (eg, company) [Default Company Ltd]:private # organization name Organizational Unit Name (eg, section) []:Admin # Name of organization's department Common Name (eg, your name or your server's hostname) [] Lepard # Server Host Name Email Address []: # Administrator's email address |
1 |
# chmod 600 vsftpd.pem |
3.2 Vsftpd Configuration
1 2 3 4 5 6 7 8 9 10 11 12 |
# vi /etc/vsftpd.conf Lines 149-151 : Make a comment and add the following below #rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem #rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key #ssl_enable=NO rsa_cert_file=/etc/ssl/private/vsftpd.pem rsa_private_key_file=/etc/ssl/private/vsftpd.pem ssl_enable=YES ssl_ciphers=HIGH force_local_data_ssl=YES force_local_logins_ssl=YES |
1 |
# systemctl restart vsftpd |
When connecting to FileZilla, the following screen appears, check the box and click "OK" to connect as described above.
![](https://korodes.com/wp-content/uploads/2024/11/a0d9088af405102049bb577baff5044c.jpg)