Formatting code for VsFTPd
{{parent page="FTP"}}
===Vsftpd ssl===
Generate a certificate
%%
openssl req -x509 -nodes -days 720 -newkey rsa:2048 \
-keyout /etc/vsftpd/vsftpd.pem -out /etc/vsftpd/vsftpd.pem
%%
Modify vsftpd config
%%
ssl_enable=YES
ssl_tlsv1=YES
ssl_sslv2=YES
ssl_sslv3=YES
rsa_cert_file=/etc/vsftpd/vsftpd.pem
rsa_private_key_file=/etc/vsftpd/vsftpd.pem
# depends if you want to block unencrypted traffic. default is yes when ssl enabled.
force_local_logins_ssl=YES
force_local_data_ssl=YES
%%
===vsftpd chroot===
%%
chroot_local_user=YES
%%
===Assign user with ftp only shell===
Use shell /sbin/nologin and also make ftp is the primary group of that user.
Commands for new user:
%%
useradd -g ftp -s /sbin/nologin <username>
%%
For old user:
%%
usermod -g ftp -s /sbin/nologin <username>
%%
===Vsftpd ssl===
Generate a certificate
%%
openssl req -x509 -nodes -days 720 -newkey rsa:2048 \
-keyout /etc/vsftpd/vsftpd.pem -out /etc/vsftpd/vsftpd.pem
%%
Modify vsftpd config
%%
ssl_enable=YES
ssl_tlsv1=YES
ssl_sslv2=YES
ssl_sslv3=YES
rsa_cert_file=/etc/vsftpd/vsftpd.pem
rsa_private_key_file=/etc/vsftpd/vsftpd.pem
# depends if you want to block unencrypted traffic. default is yes when ssl enabled.
force_local_logins_ssl=YES
force_local_data_ssl=YES
%%
===vsftpd chroot===
%%
chroot_local_user=YES
%%
===Assign user with ftp only shell===
Use shell /sbin/nologin and also make ftp is the primary group of that user.
Commands for new user:
%%
useradd -g ftp -s /sbin/nologin <username>
%%
For old user:
%%
usermod -g ftp -s /sbin/nologin <username>
%%
