Contents
1. vsftpd (FTP server installation)
1.1 Install vsftpd
It is already installed when you install openSUSE.
If it is not installed, you can install it with the following command
# zypper -n install vsftpd
1.2 Edit vsftpd configuration file
Save the unedited vsftpd.conf with .bak.
# cp /etc/vsftpd.conf /home/lan/vsftpd.conf.bak
# vi /etc/vsftpd.conf
# Line 19: Change
write_enable=YES
# Line 36: Uncomment (enable bulk transfer of entire directory)
ls_recurse_enable=YES
# Line 57: uncomment
local_umask=022
# Lines 62, 63: uncomment ( chroot enabled )
chroot_local_user=YES
chroot_list_enable=YES
# Line 65: Uncomment (specify chroot list file)
chroot_list_file=/etc/vsftpd.chroot_list
# Line 80: Anonymous login prohibited
anonymous_enable=NO
# Line 151 : items: additional
#connect_from_port_20=YES
listen_port=21
# Line 173: Uncomment (allow transfer in ascii mode)
ascii_upload_enable=YES
ascii_download_enable=YES
# Line 184: Change as needed (to listen for IPv4)
listen=YES
# Line 189: Change as needed (to listen only for IPv4)
#If YES, listen to both IPv4 and IPv6
listen_ipv6=NO
# Line 217: uncomment (turn off seccomp filter)
seccomp_sandbox=NO
# Add to last line
# Use local time.
use_localtime=YES
# Line 19: Change
write_enable=YES
# Line 36: Uncomment (enable bulk transfer of entire directory)
ls_recurse_enable=YES
# Line 57: uncomment
local_umask=022
# Lines 62, 63: uncomment ( chroot enabled )
chroot_local_user=YES
chroot_list_enable=YES
# Line 65: Uncomment (specify chroot list file)
chroot_list_file=/etc/vsftpd.chroot_list
# Line 80: Anonymous login prohibited
anonymous_enable=NO
# Line 151 : items: additional
#connect_from_port_20=YES
listen_port=21
# Line 173: Uncomment (allow transfer in ascii mode)
ascii_upload_enable=YES
ascii_download_enable=YES
# Line 184: Change as needed (to listen for IPv4)
listen=YES
# Line 189: Change as needed (to listen only for IPv4)
#If YES, listen to both IPv4 and IPv6
listen_ipv6=NO
# Line 217: uncomment (turn off seccomp filter)
seccomp_sandbox=NO
# Add to last line
# Use local time.
use_localtime=YES
Add a user to allow access to the directory to the upper level.
# vi /etc/vsftpd.chroot_list
lan
or
# echo “lan” >> /etc/vsftpd.chroot_list
In my case, I wrote lan.
Enable and start vsftpd with auto-start enabled
# systemctl enable vsftpd
Created symlink /etc/systemd/system/multi-user.target.wants/vsftpd.service → /usr/lib/systemd/system/vsftpd.service.
# systemctl start vsftpd
If you see #, you are good to go.
Created symlink /etc/systemd/system/multi-user.target.wants/vsftpd.service → /usr/lib/systemd/system/vsftpd.service.
# systemctl start vsftpd
If you see #, you are good to go.
1.3 firewall settings
Open FTP port (use 21 for FTP)
# firewall-cmd –add-service=ftp –permanent
# firewall-cmd –reload
# firewall-cmd –reload
From the windows side, check if you can connect with FileZilla.
Launch FileZillaand select “Site Manager” from the “File” menu. ↓
Launch FileZillaand select “Site Manager” from the “File” menu. ↓
Click “New Site”. ↓
Enter the settings for each item as shown below, and then click “Connect.
Protocol : FTP-File Transfer Protocol
Host : IP address of the server
Logon Type : Ask for password
User : General user name (server login user) ↓
Protocol : FTP-File Transfer Protocol
Host : IP address of the server
Logon Type : Ask for password
User : General user name (server login user) ↓
Set the login user’s password in the “Password” field and click “OK”.
↓
↓
When the connection is successful, the server directory is displayed on the right side and the Windows directory on the left side. ↓
2. vsftpd SSL/TLS
Configure Vsftpd to work with SSL/TLS
2.1 Create a self-signed certificate.
This step is not necessary if you use a trusted, legitimate certificate such as Let’s Encrypt.
# cd /etc/ssl/private
/etc/ssl/private # openssl req -x509 -nodes -newkey rsa:2048 -keyout vsftpd.pem -out vsftpd.pem -days 365
Generating a 2048 bit RSA private key
…………+++……+++
writing new private key to ‘/etc/pki/tls/certs/vsftpd.pem’
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [AU]:JP Country Code
State or Province Name (full name) [Some-State]:Tokyo Region (Prefecture)
Locality Name (eg, city) []:Tama city
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Private Organization Name
Organizational Unit Name (eg, section) []:Admin Department Name
Common Name (e.g. server FQDN or YOUR name) []:Lepard Host Name
Email Address []:sample@korodes.com Administrator email address
/etc/ssl/private # openssl req -x509 -nodes -newkey rsa:2048 -keyout vsftpd.pem -out vsftpd.pem -days 365
Generating a 2048 bit RSA private key
…………+++……+++
writing new private key to ‘/etc/pki/tls/certs/vsftpd.pem’
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [AU]:JP Country Code
State or Province Name (full name) [Some-State]:Tokyo Region (Prefecture)
Locality Name (eg, city) []:Tama city
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Private Organization Name
Organizational Unit Name (eg, section) []:Admin Department Name
Common Name (e.g. server FQDN or YOUR name) []:Lepard Host Name
Email Address []:sample@korodes.com Administrator email address
# systemctl restart vsftpd
2.2 Allow Firewalld
# vi /etc/vsftpd.conf
# Line 194: Change
ssl_enable=YES
# Add to last line
rsa_cert_file=/etc/ssl/private/vsftpd.pem
rsa_private_key_file=/etc/ssl/private/vsftpd.pem
ssl_ciphers=HIGH
force_local_data_ssl=YES
force_local_logins_ssl=YES
When using a passive port
#Line 176 Change
pasv_enable=YES
# systemctl restart vsftpd
Allow Firewalld
# firewall-cmd –add-port=30000-30100/tcp –permanent
success
# firewall-cmd –reload
success
success
# firewall-cmd –reload
success
先ほどの通りWhen you connect to FileZilla, the following screen will appear, check the box and click “OK”. You are connected.
