Vsftpd ssl
Generate a certificateopenssl req -x509 -nodes -days 720 -newkey rsa:2048 \ -keyout /etc/vsftpd/vsftpd.pem -out /etc/vsftpd/vsftpd.pem
Modify vsftpd config
ssl_enable=YES ssl_tlsv1=YES ssl_sslv2=YES ssl_sslv3=YES rsa_cert_file=/etc/vsftpd/vsftpd.pem rsa_private_key_file=/etc/vsftpd/vsftpd.pem # depends if you want to block unencrypted traffic. default is yes when ssl enabled. force_local_logins_ssl=YES force_local_data_ssl=YES
vsftpd chroot
chroot_local_user=YES
Assign user with ftp only shell
Use shell /sbin/nologin and also make ftp is the primary group of that user.Commands for new user:
useradd -g ftp -s /sbin/nologin <username>
For old user:
usermod -g ftp -s /sbin/nologin <username>
There are 5 comments on this page. [Display comments]