SWAT Blog

Posts Tagged ‘vsftpd’

Step by step Configuration of Secure FTP Server on Linux

Tuesday, December 28th, 2010

The Installation has been performed on the following Linux OS.
Fedora 6 to 14, rhel 5.0,to 5.5 & Centos 5.0 to 5.5
STEP 1: Setup VSFTPD

[root@linux8 ~]# yum install vsftpd*

STEP 2: Configure VSFTPD

[root@linux8 ~]# vi /etc/vsftpd.conf

Make changes as below:

anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES

#You may fully customise the login banner string
ftpd_banner=Welcome to Minor Addition FTP.

listen=YES
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES (save & Exit)

STEP 3: Enable SSH2 Encription on FTP Server

To enable TLS/SSL security controls

[root@linux8 ~]#ldd /urs/sbin/vsftpd | grep ssl

Output of this command should give out like below

libssl.so.6 => /lib/libssl.so6 (0*001bf000)

STEP 4: Generate certificate key for encryption<

[root@linux8 ~]#cd /etc/pki/tls/certs
[root@linux8 ~]#make vsftpd.pem

This command creates certificate for 2 years. After 2 years make it again.

Country Name : IN
State of province name(full name) : Atul Sharma
Locality Name (eg,city) : Guildford
Organization Name : Tactical Value.
Organizational Unit Name : Centos Server
Common Name (eg,your name or your server’s hostname) : ixlinux1
Email Address : sysadmin@minoraddition.com

Note: The vsftpd.pem file should be secured so only owner has access to the file. This file does not affect the server if it is running as a non privileged account, as the keys are loaded before dropping into non privileged mode.

[root@linux8 ~]#cat /etc/pki/tls/certs/vsftpd.pem
[root@linux8 ~]#openssl x509 -in /etc/pki/tls/certs/vsftpd.pem -noout -text
[root@linux8 ~]#chmod 600 /etc/pki/tls/certs/vsftpd.pem

The configuration file needs to enter some entries. Open vsftpd.conf & enter below written lines at the end of the file.

[root@linux8 ~]#vi /etc/vsftpd/vsftpd.conf

ssh2 configureation
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=NO
force_local_logins_ssl=YES

ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO

rsa_cert_file=/etc/pki/tls/certs/vsftpd.pem

Now we have to restart service

[root@linux8 ~]# /etc/init.d/vsftpd restart

This is all about secure ftp server. For access to secure ftp server you have to create users on the same PC.
The Linux clients use gftp, filezilla.
The windows clients use filezilla.
Use SSH2 & Port 22 while making connection.

  • © 2004-2015 Special Work & Technology Limited