Click here for "Error Codes for Commercial Air Conditioners".

Rocky Linux8.4 ; Install FTP Server

1.Vsftpd installation

①Download “vsftpd-3.0.3-33.el8.x86_64.rpm” from the download site to /usr/local/src/ with wget.

[root@Lepard ~]# cd /usr/local/src/
src]# wget ftp://ftp.pbone.net/mirror/ftp.centos.org/8-stream/AppStream/x86_64/os/Packages/vsftpd-3.0.3-33.el8.x86_64.rpm
src]# rpm -ivh vsftpd-3.0.3-33.el8.x86_64.rpm

➁ Edit Vsftpd settings

Save the unedited vsftpd.conf with .bak
src]# cp /etc/vsftpd/vsftpd.conf /home/tama/vsftpd.conf.bak
src]# vi /etc/vsftpd/vsftpd.conf
■Line 12: Anonymous login prohibited
anonymous_enable=NO
■Line 40: Log the transfer record.
xferlog_enable=NO
■Lines 82 and 83 uncomment ( Allow transfer in ASCII mode )
ascii_upload_enable=YES
ascii_download_enable=YES
■Lines 100, 101: uncomment ( chroot enabled )
chroot_local_user=YES
chroot_list_enable=YES
■Line 103, uncomment ( chroot list file specification )
chroot_list_file=/etc/vsftpd/chroot_list
■Line 109, uncomment ( Enables bulk transfer of entire directories. )
ls_recurse_enable=YES
■Line 114 Change ( Enable IPv4 )
listen=YES
■Line 123 Change ( Make IPv6 be ignored. )
listen_ipv6=NO
■### Add to last line ###
# Use local time.
use_localtime=YES

➂Add a user to allow access to the directory to the upper level.

src]# vi /etc/vsftpd/chroot_list
Create new
<General User Name>
or
src]# echo
<General User Name>” >> /etc/vsftpd/chroot_list

④ Setting hosts.allow and hosts.deny (IP address restriction)
This setting overrides the hosts.allow setting. This setting overrides hosts.allow, i.e., it will deny everything and allow IP addresses specified in hosts.allow.

/etc/hosts.deny に、Write vsftpd:ALL( Reject all connections )
src]# vi /etc/hosts.deny
vsftpd:ALL
or
src]#echo “vsftpd:ALL” >> /etc/hosts.deny
/etc/hosts.allow
src]# vi /etc/hosts.allow
vsftpd:192.168.11.0/24   (The 192.168.11. part should match your environment.)
or
src]#echo “vsftpd:192.168.11.0/24” >> /etc/hosts.allow

⑤Enable and start vsftpd autostart

src]# systemctl enable vsftpd
src]# systemctl start vsftpd

⑥From the windows side, check if you can connect using ffftp

2.Vsftpd SSL/TLS enabled

①Create a self-signed certificate (not necessary if you use a trusted legitimate certificate such as Let’s Encrypt).

src]# cd /etc/pki/tls/certs
openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/pki/tls/certs/vsftpd.pem -out /etc/pki/tls/certs/vsftpd.pem
/certs/vsftpd.pem -out /etc/pki/tls/certs/vsftpd.pem a:2048 -keyout /etc/pki/tls/
Generating a RSA private key
………………………………………….+++…………………..+++
writing new private key to ‘/etc/pki/tls/certs/vsftpd.pem’
You are about to be asked to enter information that will be incorporated
into your certificate request
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.Country Name (2 letter code) [XX]:JP
State or Province Name (full name) []:<Name of prefecture>
Locality Name (eg, city) [Default City]:<Name of city or town>
Organization Name (eg, company) [Default Company Ltd]:<Organization Name>
Organizational Unit Name (eg, section) []:<Unit name in the organization>
Common Name (eg, your name or your server’s hostname) []:<Organization/Server Name>
Email Address []:<Administrator email address>
src]# chmod 600 vsftpd.pem 

② Configuring Vsftpd

src]# vi /etc/vsftpd/vsftpd.conf
# Add to last line: Enable SSL/TLS
rsa_cert_file=/etc/pki/tls/certs/vsftpd.pem
ssl_enable=YES
force_local_data_ssl=YES
force_local_logins_ssl=YES
src]# systemctl restart vsftpd

③ If Firewalld is enabled, allow passive ports

src]# vi /etc/vsftpd/vsftpd.conf
# Add to last line
# Fix passive ports at any range of ports
pasv_enable=YES
pasv_min_port=60000
pasv_max_port=60100

src]# systemctl restart vsftpd

④ Allow fixed passive ports

src]# firewall-cmd –add-port=60000-60100/tcp –permanent
success
src]# firewall-cmd –reload
success
タイトルとURLをコピーしました