Skip to content

Instantly share code, notes, and snippets.

@rraallvv

rraallvv/git-ftp.md

Last active May 27, 2021 19:06
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save rraallvv/130f76e03ac71c331c094072131e42e5 to your computer and use it in GitHub Desktop.
Save rraallvv/130f76e03ac71c331c094072131e42e5 to your computer and use it in GitHub Desktop.
Download ZIP
Working with git-ftp on macOS client and vsftpd on Linux server
Raw
git-ftp.md

Working with git-ftp on macOS client and vsftpd on Linux server

Generate SSL certificate and key

$ openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout ~/.ssh/vsftpd.key -out ~/.ssh/vsftpd.crt

Add the generated certificate to the Keychain Access app

$ security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ~/.ssh/vsftpd.crt

Upload vsftpd.crt and vsftpd.key to the server and copy them to /etc/ssl/private/

Installing vsftpd

$ sudo apt-get update
$ sudo apt-get install vsftpd

Saving the original configuration file as a backup, in case you want to start with a blank file

$ sudo cp /etc/vsftpd.conf /etc/vsftpd.conf.orig

Open UFT firewall if needed

$ sudo ufw status

Open ports 20 and 21 for FTP, port 990 for later when we enable TLS, and ports 40000-50000 for the range of passive ports we plan to set in the configuration file

$ sudo ufw allow 20/tcp
$ sudo ufw allow 21/tcp
$ sudo ufw allow 990/tcp
$ sudo ufw allow 40000:50000/tcp
$ sudo ufw status

Prepare the user directory

$ sudo mkdir /home/myuser/ftp
$ sudo chown nobody:nogroup /home/myuser/ftp
$ sudo chmod a-w /home/myuser/ftp
$ sudo ls -la /home/myuser/ftp

Configure FTP Access

$ sudo nano /etc/vsftpd.conf

anonymous_enable=NO
...
local_enable=YES
...
write_enable=YES
...
chroot_local_user=YES
...
rsa_cert_file=/etc/ssl/private/vsftpd.crt
rsa_private_key_file=/etc/ssl/private/vsftpd.key
ssl_enable=YES
...
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
...
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
...
require_ssl_reuse=NO
ssl_ciphers=HIGH
...
user_sub_token=$USER
local_root=/home/$USER/ftp
...
pasv_min_port=40000
pasv_max_port=50000
...
userlist_enable=YES
userlist_file=/etc/vsftpd.userlist
userlist_deny=YES
...
allow_writeable_chroot=YES
...
#implicit_ssl=YES
#listen_port=990
...
#require_cert=YES
#validate_cert=YES
#ca_certs_file=/etc/ssl/private/vsftpd.pem

Restart the daemon to load the configuration changes

$ sudo systemctl restart vsftpd

After vsftpd is running on the server, install git-ftp

$ brew install git-ftp

Add the server settings using ftpes for the protocol

$ git config git-ftp.url "ftpes://<SERVER-IP>/path/to/repository/"
$ git config git-ftp.user "<FTP-USER>"
$ git config git-ftp.password "<FTP-PASSWORD>"
$ git config git-ftp.cacert "~/.ssh/vsftpd.crt"

Initialize git-ftp, in which case the repository will be uploaded in the initialization process

$ git ftp init -v

After additional commits are added to the repository, push changes to the ftp repository

$ git ftp push -v
@ozgurkazancci
Copy link

"ssl_enable=NO" should be removed there. There's already ssl_enable=YES.

@rraallvv
Copy link
Author

rraallvv commented Feb 1, 2020

"ssl_enable=NO" should be removed there. There's already ssl_enable=YES.

Thanks.

@rraallvv
Copy link
Author

This seems to work with SFTP and password encrypted id_rsa files:

[git-ftp]
	url = sftp://<host>:<port>
	user = <user>
	key = /home/user/.ssh/id_rsa.pem
	pubkey = /home/user/.ssh/id_rsa.pub
	syncroot = /path/to/local/repo
	remote-root = /path/to/remote/directory

Also check this and this for any issues with the key format.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment