Contents
1. vsftpd
1.1 vsftpd Install
It is already installed at the time of openSUSE installation.
If not, you can install it with the following command
|
1 |
# zypper -n install vsftpd |
1.2 Edit vsftpd configuration file
Save the unedited vsftpd.conf with .bak.
|
1 |
# cp /etc/vsftpd.conf /home/suse/vsftpd.conf.bak |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 |
# vi /etc/vsftpd.conf # Line 19:change write_enable=YES # Line 36:Uncomment ( Enable batch transfers by directory ) ls_recurse_enable=YES # Line 57:Uncomment local_umask=022 # Line 62,63:Uncomment ( chroot enabled ) chroot_local_user=YES chroot_list_enable=YES # Line 65:Uncomment ( chroot list file specification ) chroot_list_file=/etc/vsftpd.chroot_list # Line 80:No anonymous login anonymous_enable=NO # Line 150:Make it commented out and add under it #connect_from_port_20=YES listen_port=21 # Per lines 172,173:Uncomment ( Allow transfer in ASCII mode ) ascii_upload_enable=YES ascii_download_enable=YES # Line 184:Change as needed (if listening for IPv4 only) listen=YES # Line 189:Change as needed (if listening for IPv4 only) # If YES, both IPv4 and IPv6 listen listen_ipv6=NO # Line 217:Uncomment (Turn off seccomp filter) seccomp_sandbox=NO # Add to last line # Use local time use_localtime=YES |
Add users to allow directory access to upper level
|
1 2 3 |
# vi /etc/vsftpd.chroot_list suse |
OR
|
1 |
# echo "suse" >> /etc/vsftpd.chroot_list |
In my case I wrote suse.
Enable vsftpd autostart and start it
|
1 2 |
# systemctl enable vsftpd Created symlink /etc/systemd/system/multi-user.target.wants/vsftpd.service → /usr/lib/systemd/system/vsftpd.service. |
|
1 |
# systemctl start vsftpd |
1.3 firewall settings
FTP port open (FTP uses 21)
|
1 2 |
# firewall-cmd --add-service=ftp --permanent # firewall-cmd --reload |
From windows, check if you can connect with FileZilla
Start FileZilla and select "Site Manager" from the "File" menu.
Start FileZilla and select "Site Manager" from the "File" menu.
"New site" click
Enter the following settings for each item and click "Connect"
Protocol : FTP - File Transfer Protocol
Host: server IP address
Port: (blank)
Encryption : Use explicit FTP over TLS if available
Logon Type: Ask for password
User : login user
Enter the following settings for each item and click "Connect"
Protocol : FTP - File Transfer Protocol
Host: server IP address
Port: (blank)
Encryption : Use explicit FTP over TLS if available
Logon Type: Ask for password
User : login user
Password : login user password
OK click
OK click
If the connection is successful, you will see the server directory on the right and the Windows directory on the left.
2. vsftpd SSL/TLS
Configure Vsftpd to use SSL/TLS
2.1 Create self-signed certificates
This work is not required if you are using a trusted, legitimate certificate such as Let's Encrypt.
|
1 |
# cd /etc/ssl/private |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 |
/etc/ssl/private # openssl req -x509 -nodes -newkey rsa:2048 -keyout vsftpd.pem -out vsftpd.pem -days 365 Generating a 2048 bit RSA private key ............+++......+++ writing new private key to '/etc/pki/tls/certs/vsftpd.pem' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:JP <country code> State or Province Name (full name) [Some-State]:Tokyo <Region (Prefecture)> Locality Name (eg, city) []:Tama <City> Organization Name (eg, company) [Internet Widgits Pty Ltd]:Private <Organization Name> Organizational Unit Name (eg, section) []:Admin <Name of the organization's department> Common Name (e.g. server FQDN or YOUR name) []:Lepard <Host name> Email Address []:sample@korodes.com <Administrator Email Address> |
|
1 |
# systemctl restart vsftpd |
2.2Edit vsftpd configuration file
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
# vi /etc/vsftpd.conf # Line 194:change ssl_enable=YES # Add to the last line rsa_cert_file=/etc/ssl/private/vsftpd.pem rsa_private_key_file=/etc/ssl/private/vsftpd.pem ssl_ciphers=HIGH force_local_data_ssl=YES force_local_logins_ssl=YES When using passive ports # Line 176 pasv_enable=YES |
|
1 |
# systemctl restart vsftpd |
Firewalld
|
1 2 3 4 |
# firewall-cmd --add-port=30000-30100/tcp --permanent success # firewall-cmd --reload success |
When you connect to FileZilla as described above, the following screen appears, check the box and click "OK".
The connection is established as described above.
