Install FTP Service
At the login prompt, login with your administrator account (administrator / myadminpass)
At the $ prompt, temporarily grant yourself super user privileges by typing sudo su {ENTER} and then provide the administrator password (myadminpass).
Install vsftpd and make a backup of the original config file.
Code:
aptitude -y install vsftpd
cp /etc/vsftpd.conf /etc/vsftpd.bak
Generate an SSL Certificate
Code:
openssl req -x509 -nodes -days 730 -newkey rsa:2048 -keyout /etc/ssl/private/vsftpd.pem -out /etc/ssl/private/vsftpd.pem
chown root:ftp /etc/ssl/private/vsftpd.pem
chmod 644 /etc/ssl/private/vsftpd.pem
Configure vsftpd
Edit /etc/vsftpd.conf and find/uncomment following lines:
Code:
local_enable=YES
write_enable=YES
local_umask=022
ftpd_banner=Welcome to our FTP server.
chroot_local_user=YES
Find the following existing lines and change the values as follows:
Code:
anonymous_enable=NO
connect_from_port_20=NO
rsa_cert_file=/etc/ssl/certs/vsftpd.pem
Add the following new lines (feel free to adjust values as desired):
Code:
listen_port=990
# Turn on SSL
ssl_enable=YES
# Allow anonymous users to use secured SSL connections
allow_anon_ssl=NO
# All non-anonymous logins are forced to use a secure SSL connection in order to
# send and receive data on data connections.
force_local_data_ssl=YES
# All non-anonymous logins are forced to use a secure SSL connection in order to send the password.
force_local_logins_ssl=YES
# Permit TLS v1 protocol connections. TLS v1 connections are preferred
ssl_tlsv1=YES
# Permit SSL v2 protocol connections. TLS v1 connections are preferred
ssl_sslv2=YES
# permit SSL v3 protocol connections. TLS v1 connections are preferred
ssl_sslv3=YES
# Hide the info about the owner (user and group) of the files.
hide_ids=YES
# Connection limit for each IP:
max_per_ip=10
# Maximum number of clients:
max_clients=10
# When port_enabled is YES, active mode connects are allowed.
port_enable=YES
# When pasv_enable is YES, passive mode connects are allowed.
pasv_enable=YES
# pasv_min_port specifies the lowest possible port sent to the FTP clients for passive mode connections. This setting is used to limit the port range so that firewall rules are easier to create. The value must not be lower than 1024.
pasv_min_port=9000
# pasv_max_port specifies the highest possible port sent to the FTP clients for passive mode connections. This setting is used to limit the port range so that firewall rules are easier to create. The value must not exceed 65535.
pasv_max_port=9020
# require_ssl_reuse, if YES, all SSL data connections are required to exhibit SSL session reuse. Set to NO if your log shows failures to upload because of no session reuse.
require_ssl_reuse=NO
Bookmarks