MiracleLinux ; Vsftpd (FTP server installation)

FTP Server Installation

1. Install vsftpd

Download vsftpd-3.0.3-33.el8.x86_64.rpm from the download site to /usr/local/src/.

# cd /usr/local/src/
# wget ftp://ftp.pbone.net/mirror/ftp.centos.org/8-stream/AppStream/x86_64/os/Packages/vsftpd-3.0.3-33.el8.x86_64.rpm
# rpm -ivh vsftpd-3.0.3-33.el8.x86_64.rpm

2.Configuring vsftpd

Save the unedited vsftpd.conf with .bak
# cp /etc/vsftpd/vsftpd.conf /home/lan/vsftpd.conf.bak
①Edit the configuration file
# vi /etc/vsftpd/vsftpd.conf
●Line 12: Anonymous login prohibited
●Line 39: Log the transfer record.
●Lines 82, 83 Uncomment (allow transfer in ASCII mode)
●Lines 100 and 101: uncomment ( chroot enabled )
●Line 103, uncomment (specify chroot list file)
●Line 109 Uncomment (enable bulk transfer for each directory)
●Line 114, Change ( Enable IPv4 )
●Line , Change 123行目  ( disable IPv6 )
●### Add to last line ###
# Use local time.
②Add a user to allow access to the directory to the upper level.
# echo “lan” >> /etc/vsftpd/chroot_list
In my case, I wrote lan.
③Specify the IP address to allow connections in /etc/hosts.allow
# echo “vsftpd:” >> /etc/hosts.allow is the setting that allows all local IP addresses in my environment.
Write vsftpd:ALL (deny all connections) in /etc/hosts.deny
# echo “vsftpd:ALL” >> /etc/hosts.deny
This setting takes precedence over hosts.allow.
This means that everything will be rejected and the IP address specified in hosts.allow will be allowed
④Enable and start vsftpd with auto-start enabled
# systemctl enable vsftpd
Created symlink /etc/systemd/system/multi-user.target.wants/vsftpd.service → /usr/lib/systemd/system/vsftpd.service.
# systemctl start vsftpd
If you see #, you’re good to go.
⑤From the windows side, check if you can connect with FileZilla.
Open the ftp port with firewall before connecting
# firewall-cmd –permanent –add-service=ftp
# firewall-cmd –reload
Launch FileZilla and select “Site Manager” from the “File” menu.        ↓
Click “New Site”, fill in the fields as follows, and click “Connect”.
Protocol : FTP-File Transfer Protocol
Host : IP address of the server
Poer :  <blank space>
logon Type : Ask for  password
User : General user name (server login user) ↓

Set the login user’s password in the “Password” field and click “OK”.

If the connection is successful, the server directory will be displayed on the right side and the Windows directory on the left side.  ↓

vsftpd SSL/TLS

Configure Vsftpd to work with SSL/TLS

1. Create a self-signed certificate.

This step is not necessary if you use a trusted, legitimate certificate such as Let’s Encrypt.

# cd /etc/pki/tls/certs
# openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/pki/tls/certs/vsftpd.pem -out /etc/pki/tls/certs/vsftpd.pem
/certs/vsftpd.pem -out /etc/pki/tls/certs/vsftpd.pem a:2048 -keyout /etc/pki/tls/
Generating a RSA private key
writing new private key to ‘/etc/pki/tls/certs/vsftpd.pem’
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
Country Name (2 letter code) [XX]:JP # Country Code
State or Province Name (full name) []:Osaka # Region (Prefecture)
Locality Name (eg, city) [Default City]:Sakai # City
Organization Name (eg, company) [Default Company Ltd]:private # Organization Name
Organizational Unit Name (eg, section) []:Admin # Department name of the organization
Common Name (eg, your name or your server’s hostname) [] Lepard # Hostname of the server
Email Address []: # Administrator email address
# chmod 600 vsftpd.pem

2. Configure Vsftpd

# vi /etc/vsftpd.conf
●Add to last line: Enable SSL/TLS

If Firewalld is enabled, allow passive ports
# vi /etc/vsftpd/vsftpd.conf
● Add to last line
# Fix passive ports at any range of ports

# systemctl restart vsftpd

Allow passive ports in Firewalld

# systemctl restart vsftpd
# firewall-cmd –add-port=60000-60100/tcp –permanent
# firewall-cmd –reload
When you connect to FileZilla, the following screen will appear, check the box and click “OK” to connect as before.