Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Configuring VSFTPd Server
#21

Quote:FTP over SSL is not supported very well in Linux at all. Clients are almost non-existant
 

gFTP support FTP SSL.

 

anyweb if you do the following you can enable SSL in vsftpd:

 

1) Make sure you have a SSL certificate e.g. server.key and server.crt

 

2) Enable SSL in the vsftpd.conf file by adding the following:

 



Code:
ssl_enable=YES




 

3) Concaternate the server key and server cert into one file:

 



Code:
cat server.key server.crt > /etc/vsftpd/vsftpd.pem




 

Once thats done add to the vsftpd.conf file the following:

 



Code:
rsa_cert_file=/etc/vsftpd/vsftpd.pem




 

4) Restart vsftpd and bam you have SSL support :)

Reply
#22

Hi, I'm getting into Linux and I'm kind of a guy that sometimes need to use FTP services since I share a lot of personal music files that I want my friends across the globe to download. In Windows environment this wasn't an issue, really, it was quite easy obtaining an easy-to-understand (yet powerful!) FTP server sofware than enabled me to create accounts, assigning different parts of my computer and read/write rights to individual users with no headache whatsoever. But in Linux everything is so different.

 

Somewhere I read that VSFTPD is a good way setting a FTP server up. I've read man-pages, some webpages too, and I pretty much have an idea what to do. However, I don't like the approach and administration of this thing. Please correct me if I'm wrong but from what I've understood, the only way of adding FTP-users that would connect to my computer through a FTP-client software is to create real OS-based user accounts on my computers. For instance; useradd -d /home/FTP-downloader -g ftp username . But I don't like this. I guess it's good in one sense but not for my personal needs.

 

I need a more simple (yet quite secure) FTP-server software that simply enables me creating user account for the application itself (not the whole system) and gives me possibility to assign any folder/drive on the system I want - to the user in particular. It would be good if this app could run as a daemon from system boot so I don't need to logon to the computer. Is there any program like that in Linux or do I really need to create real user accounts on the system? Kind of annoying seeing name of FTP client users on the userlogon screen every time you start Fedora, don't you think ? [img]<___base_url___>/public/style_emoticons/default/smile.gif[/img]

 

Thanks in advance!

M.

Reply
#23

You still want to use vsftpd but you want to setup something called "virtual users". This is basically a user that is only for the ftp and not for the system (i.e. exactly what you want!).

 

Check out these two pages as example:

[/url]ftp://vsftpd.beasts.org/users/cevans/unta.../VIRTUAL_USERS/

 

And:

[url=http://gentoo-wiki.com/HOWTO_vsftpd#Virtual_Users]http://gentoo-wiki.com/HOWTO_vsftpd#Virtual_Users

 

I can suggest the first method: pam_userdb as being the best.

 

I use vsftpd with virtual users :)

Reply
#24
Nice reply znx! Thanks!
Reply
#25

i set this up today, and had a few issues (fedora 7).

 

firstly, the db_load it refers to here

 

Quote:db_load -T -t hash -f logins.txt /etc/vsftpd_login.db
 

doesn't exist in a vanilla install of F7.

 

to get access to this, you'll need to install the db4-utils package

 



Code:
yum install db4-utils




 

next, when i followed this bit >

 

Quote:cp vsftpd.pam /etc/pam.d/ftp 

(Note - if you set pam_service_name to e.g. vsftpd instead, you'll need to copy

to /etc/pam.d/vsftpd).
 

it didn't work at all (virtual users).

 

the reason why is I had to rename the file vsftpd.pam to just vsftpd, even if that's what it says above, it wasn't clear to me, so no doubt some other noob will also have that issue.

 

once I finally got conencted i wanted to read/write using my virtual user, but that wasnt possible until i changed

 

Quote:write_enable=NOanon_upload_enable=NO

anon_mkdir_write_enable=NO

anon_other_write_enable=NO

anon_world_readable_only=NO
 

to

 

Quote:write_enable=YESanon_upload_enable=YES

anon_mkdir_write_enable=YES

anon_other_write_enable=YES

anon_world_readable_only=NO
 

cheers

anyweb

Reply
#26

Currently have vsftpd running, got an ftp account for web adminstration (uploading files etc to our sites). No need with virtuals there since we're hosting our own and develop them for ourselves as well...

 

Ok so then they tell me they need an account to just upload crap, PDFs, presentations, videos and the like... Took me some time (I'm not the one that set up this stuff in the first place and I've only really used a unix system in school and then all I did was java code and compiling that stuff... )

Anyway I got it running, having the ftp account for web stuff not being chrooted and promted to /vars/www/html on login and having the new "presentations" account being chrooted in it's home directory for the people to upload their stuff...

 

Now the next thing they wanted was like usr fullrights got access to "pressrelease dir" and usr readrights got access to "pressrelease dir" (guessing you can see the difference between them based on the names ; ). First I thought fine I'll try this virtual user thing then. Created new user fullrights, changed vsftpd.conf with

guest_enable=YES

guest_username=fullrights

 

created a password file, added a few lines to the /etc/pam.d/vsftpd file...

 

restart ftp and nothing worked... XD

 

Ok, so basically changing back to the same settings as before but adding the

guest_enable=YES

to vsftpd.conf somehow messed up my chroot_list. It wanted all users chrooted in their home dir so the ftp login for webadministration got messed up and locked in a "void" directory, the presentation account worked fine.

 

Now did the chroot mess up because I couldn't get the other parts working or is it something else?

 

Currently I solved the issue just creating 2 new users with the same homedir and changing the permissions cleverly ;D

 

Will once I find the time start creating multiple .conf files depending on username.

So I had a question about that as well... Can every conf file have their own virtual users as well? Like, binding virtual_x to usr x and virtual_y to usr y? :S

 

Might not be easy to understand what I mean but I'm in a hurry atm so no time to fix that now, but if anyone can answer anything of this it's all good to me... =)

 

Cheers and have a nice weekend everyone.

Reply
#27

Hi,

I'm a newbie to linux i'm using RHEL 5 x64

 

I have managed to configure vsftpd i'm able to connect from my ftp client but i am getting the below error .

 

Status: Connecting to *.*.*.*:21...

Status: Connection established, waiting for welcome message...

Response: 220 ContiWeb Welcomes you

Command: USER user1

Response: 331 Please specify the password.

Command: PASS ************

Response: 230 Login successful.

Command: SYST

Response: 215 UNIX Type: L8

Command: FEAT

Response: 211-Features:

Response: EPRT

Response: EPSV

Response: MDTM

Response: PASV

Response: REST STREAM

Response: SIZE

Response: TVFS

Response: 211 End

Status: Connected

Status: Retrieving directory listing...

Command: PWD

Response: 257 "/home/ftp-docs"

Command: TYPE I

Response: 200 Switching to Binary mode.

Command: PASV

Response: 227 Entering Passive Mode (*,*,*,*,56,4)

Command: LIST

Error: Connection timed out

Error: Failed to retrieve directory listing

 

 

somebody please help!!!

Reply
#28

What are the permissions set on /home/ftp-docs?

 

For example, if you do:

 



Code:
ls -l /home




 

what output do you get?

Reply
#29

have you any firewall rules setup ? ftp on the default ports requires both port 20 and 21 open (TCP) plus additional ports open for PASV

 

cheers

anyweb

Reply
#30

Quote:Command: PASVResponse: 227 Entering Passive Mode (*,*,*,*,56,4)

Command: LIST

Error: Connection timed out

Error: Failed to retrieve directory listing
Try configuring your client to use PORT mode, not PASV.

 

PASV requires the client to specify a port to the FTP server, and this port then needs to be open on the server itself (read: firewall rules).

 

Using PORT means that both 20 and 21 are used - ensure these are open.

 

For more information, check the vsftp logs (/var/log/vsftpd or /var/log/xfer) to see what they say.

Reply


Forum Jump:


Users browsing this thread: 2 Guest(s)