Contents
1. vsftpd (FTP server installation)
1.1 Install vsftpd
It is already installed when you install openSUSE.
If it is not installed, you can install it with the following command
|
1 |
# zypper -n install vsftpd |
1.2 Edit vsftpd configuration file
Save the unedited vsftpd.conf with .bak.
|
1 |
# cp /etc/vsftpd.conf /home/suse/vsftpd.conf.bak |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 |
# vi /etc/vsftpd.conf # Line 19: Change write_enable=YES # Line 36: Uncomment (enable bulk transfer of entire directory) ls_recurse_enable=YES # Line 57: uncomment local_umask=022 # Lines 62, 63: uncomment ( chroot enabled ) chroot_local_user=YES chroot_list_enable=YES # Line 65: Uncomment (specify chroot list file) chroot_list_file=/etc/vsftpd.chroot_list # Line 80: Anonymous login prohibited anonymous_enable=NO # Line 151 : items: additional #connect_from_port_20=YES listen_port=21 # Line 173: Uncomment (allow transfer in ascii mode) ascii_upload_enable=YES ascii_download_enable=YES # Line 184: Change as needed (to listen for IPv4) listen=YES # Line 189: Change as needed (to listen only for IPv4) #If YES, listen to both IPv4 and IPv6 listen_ipv6=NO # Line 217: uncomment (turn off seccomp filter) seccomp_sandbox=NO # Add to last line # Use local time. use_localtime=YES |
Add a user to allow access to the directory to the upper level.
|
1 2 3 |
# vi /etc/vsftpd.chroot_list suse |
or
|
1 |
# echo "suse" >> /etc/vsftpd.chroot_list |
In my case, I wrote suse.
Enable and start vsftpd with auto-start enabled
|
1 2 |
# systemctl enable vsftpd Created symlink /etc/systemd/system/multi-user.target.wants/vsftpd.service → /usr/lib/systemd/system/vsftpd.service. |
|
1 |
# systemctl start vsftpd |
If you see #, you are good to go.
1.3 firewall settings
Open FTP port (use 21 for FTP)
|
1 2 |
# firewall-cmd --add-service=ftp --permanent # firewall-cmd --reload |
From the windows side, check if you can connect with FileZilla.
Launch FileZilla and select "Site Manager" from the "File" menu. ↓
Launch FileZilla and select "Site Manager" from the "File" menu. ↓
Click "New Site". ↓
Enter the settings for each item as shown below, and then click "Connect.
Protocol : FTP-File Transfer Protocol
Host : IP address of the server
Port: (blank)
Encryption : Use explicit FTP over TLS if available
Logon Type : Ask for password
User : General user name (server login user) ↓
Protocol : FTP-File Transfer Protocol
Host : IP address of the server
Port: (blank)
Encryption : Use explicit FTP over TLS if available
Logon Type : Ask for password
User : General user name (server login user) ↓
Set the login user's password in the "Password" field and click "OK".
When the connection is successful, the server directory is displayed on the right side and the Windows directory on the left side.
2. vsftpd SSL/TLS
Configure Vsftpd to work with SSL/TLS
2.1 Create a self-signed certificate.
This step is not necessary if you use a trusted, legitimate certificate such as Let's Encrypt.
|
1 |
# cd /etc/ssl/private |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 |
/etc/ssl/private # openssl req -x509 -nodes -newkey rsa:2048 -keyout vsftpd.pem -out vsftpd.pem -days 365 Generating a 2048 bit RSA private key ............+++......+++ writing new private key to '/etc/pki/tls/certs/vsftpd.pem' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:JP Country Code State or Province Name (full name) [Some-State]:Tokyo Region (Prefecture) Locality Name (eg, city) []:Tama city Organization Name (eg, company) [Internet Widgits Pty Ltd]:Private Organization Name Organizational Unit Name (eg, section) []:Admin Department Name Common Name (e.g. server FQDN or YOUR name) []:Lepard Host Name Email Address []:sample@korodes.com Administrator email address |
|
1 |
# systemctl restart vsftpd |
2.2 Allow Firewalld
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
# vi /etc/vsftpd.conf # Line 194: Change ssl_enable=YES # Add to last line rsa_cert_file=/etc/ssl/private/vsftpd.pem rsa_private_key_file=/etc/ssl/private/vsftpd.pem ssl_ciphers=HIGH force_local_data_ssl=YES force_local_logins_ssl=YES When using a passive port #Line 176 Change pasv_enable=YES |
|
1 |
# systemctl restart vsftpd |
|
1 2 3 4 |
# firewall-cmd --add-port=30000-30100/tcp --permanent success # firewall-cmd --reload success |
When you connect to FileZilla, the following screen will appear, check the box and click "OK". You are connected.
