Contents
1. vsftpd (FTP server installation)
1.1 Install vsftpd
It is already installed when you install openSUSE.
If it is not installed, you can install it with the following command
1.2 Edit vsftpd configuration file
# cp /etc/vsftpd.conf /home/lan/vsftpd.conf.bak
# Line 19: Change
write_enable=YES
# Line 36: Uncomment (enable bulk transfer of entire directory)
ls_recurse_enable=YES
# Line 57: uncomment
local_umask=022
# Lines 62, 63: uncomment ( chroot enabled )
chroot_local_user=YES
chroot_list_enable=YES
# Line 65: Uncomment (specify chroot list file)
chroot_list_file=/etc/vsftpd.chroot_list
# Line 80: Anonymous login prohibited
anonymous_enable=NO
# Line 151 : items: additional
#connect_from_port_20=YES
listen_port=21
# Line 173: Uncomment (allow transfer in ascii mode)
ascii_upload_enable=YES
ascii_download_enable=YES
# Line 184: Change as needed (to listen for IPv4)
listen=YES
# Line 189: Change as needed (to listen only for IPv4)
#If YES, listen to both IPv4 and IPv6
listen_ipv6=NO
# Line 217: uncomment (turn off seccomp filter)
seccomp_sandbox=NO
# Add to last line
# Use local time.
use_localtime=YES
# vi /etc/vsftpd.chroot_list
lan
or
# echo “lan” >> /etc/vsftpd.chroot_list
In my case, I wrote lan.
Enable and start vsftpd with auto-start enabled
Created symlink /etc/systemd/system/multi-user.target.wants/vsftpd.service → /usr/lib/systemd/system/vsftpd.service.
# systemctl start vsftpd
If you see #, you are good to go.
1.3 firewall settings
Open FTP port (use 21 for FTP)
# firewall-cmd –reload
Launch FileZillaand select “Site Manager” from the “File” menu. ↓

Protocol : FTP-File Transfer Protocol
Host : IP address of the server
Logon Type : Ask for password
User : General user name (server login user) ↓

↓


2. vsftpd SSL/TLS
Configure Vsftpd to work with SSL/TLS
2.1 Create a self-signed certificate.
This step is not necessary if you use a trusted, legitimate certificate such as Let’s Encrypt.
/etc/ssl/private # openssl req -x509 -nodes -newkey rsa:2048 -keyout vsftpd.pem -out vsftpd.pem -days 365
Generating a 2048 bit RSA private key
…………+++……+++
writing new private key to ‘/etc/pki/tls/certs/vsftpd.pem’
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [AU]:JP Country Code
State or Province Name (full name) [Some-State]:Tokyo Region (Prefecture)
Locality Name (eg, city) []:Tama city
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Private Organization Name
Organizational Unit Name (eg, section) []:Admin Department Name
Common Name (e.g. server FQDN or YOUR name) []:Lepard Host Name
Email Address []:sample@korodes.com Administrator email address
2.2 Allow Firewalld
# vi /etc/vsftpd.conf
# Line 194: Change
ssl_enable=YES
# Add to last line
rsa_cert_file=/etc/ssl/private/vsftpd.pem
rsa_private_key_file=/etc/ssl/private/vsftpd.pem
ssl_ciphers=HIGH
force_local_data_ssl=YES
force_local_logins_ssl=YES
When using a passive port
#Line 176 Change
pasv_enable=YES
# systemctl restart vsftpd
Allow Firewalld
success
# firewall-cmd –reload
success
