Click here for "Safe Air Conditioner Repair and Proper Freon Recovery".

openSUSE ; FTP over SSL/TLS

1. vsftpd (FTP server installation)

1.1 Install vsftpd

It is already installed when you install openSUSE.
If it is not installed, you can install it with the following command

# zypper -n install vsftpd

1.2 Edit vsftpd configuration file

Save the unedited vsftpd.conf with .bak.

# cp /etc/vsftpd.conf /home/lan/vsftpd.conf.bak

# vi /etc/vsftpd.conf
# Line 19: Change
write_enable=YES
# Line 36: Uncomment (enable bulk transfer of entire directory)
ls_recurse_enable=YES
# Line 57: uncomment
local_umask=022
# Lines 62, 63: uncomment ( chroot enabled )
chroot_local_user=YES
chroot_list_enable=YES
# Line 65: Uncomment (specify chroot list file)
chroot_list_file=/etc/vsftpd.chroot_list
# Line 80: Anonymous login prohibited
anonymous_enable=NO
# Line 151 : items: additional
#connect_from_port_20=YES
listen_port=21
# Line 173: Uncomment (allow transfer in ascii mode)
ascii_upload_enable=YES
ascii_download_enable=YES
# Line 184: Change as needed (to listen for IPv4)
listen=YES
# Line 189: Change as needed (to listen only for IPv4)
#If YES, listen to both IPv4 and IPv6
listen_ipv6=NO
# Line 217: uncomment (turn off seccomp filter)
seccomp_sandbox=NO
# Add to last line
# Use local time.
use_localtime=YES
Add a user to allow access to the directory to the upper level.

# vi /etc/vsftpd.chroot_list
lan
or
#  echo “lan” >> /etc/vsftpd.chroot_list
In my case, I wrote lan.

Enable and start vsftpd with auto-start enabled

 # systemctl enable vsftpd
Created symlink /etc/systemd/system/multi-user.target.wants/vsftpd.service → /usr/lib/systemd/system/vsftpd.service.
# systemctl start vsftpd
If you see #, you are good to go.

1.3 firewall settings

Open FTP port (use 21 for FTP)

# firewall-cmd –add-service=ftp –permanent
# firewall-cmd –reload
From the windows side, check if you can connect with FileZilla.
Launch FileZillaand select “Site Manager” from the “File” menu. ↓
Click “New Site”.  ↓
Enter the settings for each item as shown below, and then click “Connect.
Protocol : FTP-File Transfer Protocol
Host : IP address of the server
Logon Type : Ask for password
User : General user name (server login user) ↓
Set the login user’s password in the “Password” field and click “OK”.

When the connection is successful, the server directory is displayed on the right side and the Windows directory on the left side.  ↓

2. vsftpd SSL/TLS

Configure Vsftpd to work with SSL/TLS

2.1 Create a self-signed certificate.

This step is not necessary if you use a trusted, legitimate certificate such as Let’s Encrypt.

# cd /etc/ssl/private
/etc/ssl/private # openssl req -x509 -nodes -newkey rsa:2048 -keyout vsftpd.pem -out vsftpd.pem -days 365
Generating a 2048 bit RSA private key
…………+++……+++
writing new private key to ‘/etc/pki/tls/certs/vsftpd.pem’
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [AU]:JP  Country Code
State or Province Name (full name) [Some-State]:Tokyo  Region (Prefecture)
Locality Name (eg, city) []:Tama city
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Private Organization Name
Organizational Unit Name (eg, section) []:Admin    Department Name
Common Name (e.g. server FQDN or YOUR name) []:Lepard  Host Name
Email Address []:sample@korodes.com  Administrator email address
# systemctl restart vsftpd

2.2 Allow Firewalld

# vi /etc/vsftpd.conf
# Line 194: Change
ssl_enable=YES
# Add to last line
rsa_cert_file=/etc/ssl/private/vsftpd.pem
rsa_private_key_file=/etc/ssl/private/vsftpd.pem
ssl_ciphers=HIGH
force_local_data_ssl=YES
force_local_logins_ssl=YES

When using a passive port
#Line 176 Change
pasv_enable=YES

# systemctl restart vsftpd

Allow Firewalld

# firewall-cmd –add-port=30000-30100/tcp –permanent
success
# firewall-cmd –reload
success
先ほどの通りWhen you connect to FileZilla, the following screen will appear, check the box and click “OK”. You are connected.
タイトルとURLをコピーしました