Skip to content

Instantly share code, notes, and snippets.

@linuxdevhub

linuxdevhub/vsFTPdInstall.sh

Last active April 22, 2020 14:50
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save linuxdevhub/ce9bbc01ada1d7ce3fff28c7dfd8ee7f to your computer and use it in GitHub Desktop.
Save linuxdevhub/ce9bbc01ada1d7ce3fff28c7dfd8ee7f to your computer and use it in GitHub Desktop.
Download ZIP
Raw
vsFTPdInstall.sh
#
# In this tutorial, we’ll be installing vsftpd (Very Secure Ftp Daemon). It is a stable, secure and fast FTP server.
#Install vsftpd
sudo apt install vsftpd
sudo systemctl start vsftpd
sudo systemctl enable vsftpd
# view status
sudo systemctl status vsftpd
# backup original config file (optional)
sudo cp /etc/vsftpd.conf /etc/vsftpd.conf.orig
# allow ufw firewall open ports 20 and 21 for FTP, port 990 for when we enable TLS, and ports 40000-50000 for the range of passive ports
sudo ufw allow 20/tcp
sudo ufw allow 21/tcp
sudo ufw allow 990/tcp
sudo ufw allow 40000:50000/tcp
sudo ufw status
#Create a Linux User
sudo adduser ftpusr1
# Create the ftp folder:
sudo mkdir /home/ftpusr1/ftp
# Set its ownership:
sudo chown nobody:nogroup /home/ftpusr1/ftp
# Remove write permissions:
sudo chmod a-w /home/ftpusr1/ftp
#Verify the permissions:
sudo ls -la /home/ftpusr1/ftp
# let’s create the directory for file uploads and assign ownership to the user:
sudo mkdir /home/ftpusr1/ftp/files
sudo chown ftpusr1:ftpusr1 /home/ftpusr1/ftp/files
sudo ls -la /home/ftpusr1/ftp
# let’s add a test.txt file to use when we test:
echo "vsftpd test file text contents" | sudo tee /home/ftpusr1/ftp/files/test.txt
############## Configuring FTP Access START ##############
sudo nano /etc/vsftpd.conf
# edit that file
# Allow anonymous FTP? (Disabled by default).
anonymous_enable=NO
# Uncomment this to allow local users to log in.
local_enable=YES
write_enable=YES
# uncomment the chroot to prevent the FTP-connected user from accessing any files or commands outside the directory tree
chroot_local_user=YES
user_sub_token=$USER
local_root=/home/$USER/ftp
#users have access only when they are explicitly added to a list, rather than by default
userlist_enable=YES
userlist_file=/etc/vsftpd.userlist
userlist_deny=NO
#When you’re done making the changes, save the file and exit the editor.
############## Configuring FTP Access END ##############
# Add our user to /etc/vsftpd.userlist. Use the -a flag to append to the file:
echo "ftpusr1" | sudo tee -a /etc/vsftpd.userlist
# Check that it was added as you expected:
cat /etc/vsftpd.userlist
# Restart the daemon to load the configuration changes:
sudo systemctl restart vsftpd
#########################################################
#Test vsFTPd. Be sure to replace 192.168.0.100 with your server’s public IP address:
ftp -p 192.168.0.100
#Type "bye"
ftp> bye
################# Secure FTP ###########################
#Setup Security with SSL/TLS
#Create a Security Certificate
sudo mkdir /etc/certs
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/vsftpd.pem -out /etc/ssl/private/vsftpd.pem
#Open the vsftpd.conf File
sudo nano /etc/vsftpd.conf
#Add the Following Lines to the File
rsa_cert_file=/etc/ssl/private/vsftpd.pem
rsa_private_key_file=/etc/ssl/private/vsftpd.pem
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
require_ssl_reuse=NO
ssl_ciphers=HIGH
# When you’re done, save and close the file.
# Restart the server for the changes to take effect:
sudo systemctl restart vsftpd
# At this point, we will no longer be able to connect with an insecure command-line client.
# We need filezilla or similar ftp client
# on fileZilla select encryption type "Require explicit FTP over TLS"
# Check details on youtube video
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment