Last active
March 4, 2019 08:21
-
-
Save remoharsono/aae9f95733240fa315bf5c2deced6604 to your computer and use it in GitHub Desktop.
Install VSFTPd on Ubuntu
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# My steps in installing vsftpd, modify to suit your need | |
sudo openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/ssl/private/vsftpdserverkey.pem -out /etc/ssl/certs/vsftpdcertificate.pem -days 365 | |
sudo apt install vsftpd | |
sudo cp /etc/vsftpd.conf /etc/vsftpd.conf.original | |
sudo nano /etc/vsftpd.conf | |
-------------- | |
anonymous_enable=NO | |
ascii_upload_enable=YES | |
ascii_download_enable=YES | |
chroot_local_user=YES | |
chroot_list_enable=YES | |
chroot_list_file=/etc/vsftpd.chroot_list | |
ls_recurse_enable=YES | |
# This option specifies the location of the RSA certificate to use for SSL | |
# encrypted connections. | |
rsa_cert_file=/etc/ssl/certs/vsftpdcertificate.pem | |
rsa_private_key_file=/etc/ssl/private/vsftpdserverkey.pem | |
ssl_enable=YES | |
allow_anon_ssl=NO | |
force_local_data_ssl=YES | |
force_local_logins_ssl=YES | |
require_ssl_reuse=NO | |
ssl_ciphers=HIGH | |
ssl_tlsv1=YES | |
ssl_sslv2=NO | |
ssl_sslv3=NO | |
# add to the end | |
local_root=/var/www | |
seccomp_sandbox=no | |
-------- | |
sudo chgrp -R www-data /var/www | |
sudo useradd theuser | |
sudo passwd theuser | |
sudo usermod --home /var/www/ theuser | |
sudo addgroup ftpusers | |
sudo usermod -a -G ftpusers theuser | |
sudo usermod -a -G www-data theuser | |
sudo usermod -g ftpusers theuser | |
sudo nano /etc/vsftpd.chroot_list | |
# this user allowed to go anywhere, no-listed users only allowed to browse on /var/www | |
ubuntu | |
sudo nano /etc/ssh/sshd_config | |
------------------------------ | |
Match Group ftpusers | |
# Force the connection to use SFTP and chroot to the required directory. | |
ForceCommand internal-sftp | |
ChrootDirectory /var/www/ | |
# Disable tunneling, authentication agent, TCP and X11 forwarding. | |
PermitTunnel no | |
AllowAgentForwarding no | |
AllowTcpForwarding no | |
X11Forwarding no | |
------------------------------- | |
sudo service ssh restart | |
systemctl restart vsftpd |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment