vsftpd
Enable Local User Account
To enable a local user account for FTP access, make the following changes to the /etc/vsftpd.conf file:
Enable chroot Jail
Open /etc/vsftpd/vsftpd.conf and uncomment the following options:
The file /etc/vsftpd.chroot_list contains the list of jailed users one per line.
Save the files and restart your service.
Anonymous Only
This kind of FTP server is useful if your files should be available for users without any passwords or logins.
Open /etc/vsftpd/vsftpd.conf file, and change the following options with the corresponding values.
Then we need to create a non-privileged system account to use it for anonymous FTP-type access.
restart the service:
This user has no privileges on the system, so it is safer to use it when accessing an FTP server.
generate a certificate request using the openssl command:
Then we generate a certificate request:
Now we remove the password from the key file:
generate our certificate:
Now we copy the certificate file and the key and to /etc/pki/tls/certs:
configure vsftpd to support secure connections.
Open /etc/vsftpd/vsftpd.conf file and add the following lines:
Restart your service to reflect these changes
Try to connect to your FTP server from any client on any system like Windows and choose the secured connection or FTPS, and you will successfully see your folders.
SFTP vs. FTPS
In the last example, we saw the FTP over the SSL layer (FTPS), and we’ve successfully connected to the FTP server. However, with the tightly secured firewall, it is difficult to manage this kind of connection since FTPS uses multiple port numbers.
The best solution, in this case, is to use SFTP (FTP over SSH).SFTP uses port 22 only.
The FTP server will use this port for all connections during FTP sessions.
If you are using a firewall, you should choose SFTP, since it needs only one port.
Last updated