KfWiki: Vsftpd ssl

Vsftpd ssl

Generate a certificate

openssl req -x509 -nodes -days 720 -newkey rsa:2048 \
  -keyout /etc/vsftpd/vsftpd.pem -out /etc/vsftpd/vsftpd.pem

Modify vsftpd config

ssl_enable=YES
ssl_tlsv1=YES
ssl_sslv2=YES
ssl_sslv3=YES
rsa_cert_file=/etc/vsftpd/vsftpd.pem
rsa_private_key_file=/etc/vsftpd/vsftpd.pem
# depends if you want to block unencrypted traffic. default is yes when ssl enabled.
force_local_logins_ssl=YES
force_local_data_ssl=YES

vsftpd chroot

chroot_local_user=YES

Assign user with ftp only shell

Use shell /sbin/nologin and also make ftp is the primary group of that user.

Commands for new user:

useradd -g ftp -s /sbin/nologin <username>

For old user:

usermod -g ftp -s /sbin/nologin <username>

Comments [Hide comments/form]

God help me, I put aside a whole aftrnoeon to figu

-- sd-14448.dedibox.fr (2012-01-01 06:30:13)

zZAwob <a href="http://yunvedevefgi.com/&

-- Fiberlink.79-137.lyn (2012-01-02 01:17:57)

eCPByf , [url=http://yipehvgdwxvw.com/]yipehvgdwxv

-- dobersoft.ru (2012-01-03 06:02:01)

zEGf8d <a href="http://wqoyceolawup.com/&

-- 178-238-44-216.stati (2012-01-03 11:14:40)

dwZUbH , [url=http://ghdykaacmvok.com/]ghdykaacmvo

-- net-160-pc84.salnet. (2012-01-04 03:49:07)

Valid XHTML 1.0 Transitional :: Valid CSS :: Powered by WikkaWiki

KfWiki : VsFTPd

Vsftpd ssl

vsftpd chroot

Assign user with ftp only shell