remoharsono/install-vsftpd-ubuntu.txt

## install-vsftpd-ubuntu.txt
# My steps in installing vsftpd, modify to suit your need

sudo openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/ssl/private/vsftpdserverkey.pem -out /etc/ssl/certs/vsftpdcertificate.pem -days 365

sudo apt install vsftpd
sudo cp /etc/vsftpd.conf /etc/vsftpd.conf.original
sudo nano /etc/vsftpd.conf

--------------
anonymous_enable=NO
ascii_upload_enable=YES
ascii_download_enable=YES
chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd.chroot_list
ls_recurse_enable=YES

# This option specifies the location of the RSA certificate to use for SSL
# encrypted connections.
rsa_cert_file=/etc/ssl/certs/vsftpdcertificate.pem
rsa_private_key_file=/etc/ssl/private/vsftpdserverkey.pem
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
require_ssl_reuse=NO
ssl_ciphers=HIGH
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO

# add to the end
local_root=/var/www
seccomp_sandbox=no

--------

sudo chgrp -R www-data /var/www

sudo useradd theuser
sudo passwd theuser
sudo usermod --home /var/www/ theuser

sudo addgroup ftpusers
sudo usermod -a -G ftpusers theuser
sudo usermod -a -G www-data theuser
sudo usermod -g ftpusers theuser

sudo nano /etc/vsftpd.chroot_list
# this user allowed to go anywhere, no-listed users only allowed to browse on /var/www
ubuntu


sudo nano /etc/ssh/sshd_config
------------------------------
Match Group ftpusers
  # Force the connection to use SFTP and chroot to the required directory.
  ForceCommand internal-sftp
  ChrootDirectory /var/www/

  # Disable tunneling, authentication agent, TCP and X11 forwarding.
  PermitTunnel no
  AllowAgentForwarding no
  AllowTcpForwarding no
  X11Forwarding no
-------------------------------
sudo service ssh restart
systemctl restart vsftpd
	# My steps in installing vsftpd, modify to suit your need

	sudo openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/ssl/private/vsftpdserverkey.pem -out /etc/ssl/certs/vsftpdcertificate.pem -days 365

	sudo apt install vsftpd
	sudo cp /etc/vsftpd.conf /etc/vsftpd.conf.original
	sudo nano /etc/vsftpd.conf

	--------------
	anonymous_enable=NO
	ascii_upload_enable=YES
	ascii_download_enable=YES
	chroot_local_user=YES
	chroot_list_enable=YES
	chroot_list_file=/etc/vsftpd.chroot_list
	ls_recurse_enable=YES

	# This option specifies the location of the RSA certificate to use for SSL
	# encrypted connections.
	rsa_cert_file=/etc/ssl/certs/vsftpdcertificate.pem
	rsa_private_key_file=/etc/ssl/private/vsftpdserverkey.pem
	ssl_enable=YES
	allow_anon_ssl=NO
	force_local_data_ssl=YES
	force_local_logins_ssl=YES
	require_ssl_reuse=NO
	ssl_ciphers=HIGH
	ssl_tlsv1=YES
	ssl_sslv2=NO
	ssl_sslv3=NO

	# add to the end
	local_root=/var/www
	seccomp_sandbox=no

	--------

	sudo chgrp -R www-data /var/www

	sudo useradd theuser
	sudo passwd theuser
	sudo usermod --home /var/www/ theuser

	sudo addgroup ftpusers
	sudo usermod -a -G ftpusers theuser
	sudo usermod -a -G www-data theuser
	sudo usermod -g ftpusers theuser

	sudo nano /etc/vsftpd.chroot_list
	# this user allowed to go anywhere, no-listed users only allowed to browse on /var/www
	ubuntu


	sudo nano /etc/ssh/sshd_config
	------------------------------
	Match Group ftpusers
	# Force the connection to use SFTP and chroot to the required directory.
	ForceCommand internal-sftp
	ChrootDirectory /var/www/

	# Disable tunneling, authentication agent, TCP and X11 forwarding.
	PermitTunnel no
	AllowAgentForwarding no
	AllowTcpForwarding no
	X11Forwarding no
	-------------------------------
	sudo service ssh restart
	systemctl restart vsftpd