How to setup vsftpd FTP with SSL on Ubuntu 12.04

by

0

This tutorial teaches you, how to setup vsftpd server on Linux based dedicated Web server. The tutorial also teaches you how to add the ftp users and lock the directory to individual users(In this scenario,lock the users into their individual web directory).

In Ubuntu 12.04, vsftpd with chrooted users gives the following error message:

500 OOPS: vsftpd: refusing to run with writable root inside chroot ()
To overcome this problem, we need to add the following vsftpd PPA:

sudo add-apt-repository ppa:thefrontiergroup/vsftpd

01Updates the local repository (package list):

24Install the vsftpd using the following command:

sudo apt-get install vsftpd

03Create the directory to store SSL Certificate:

sudo mkdir /etc/vsftpd

04Change the directory to /etc/vsftpd/ and create a SSL certificate for vsftpd:

cd /etc/vsftpd/
/usr/bin/openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout vsftpd.pem -out vsftpd.pem

05Edit the configuration file:

sudo nano /etc/vsftpd.conf

06Delete everything inside the file and add the following lines (or adjust it according to your need):

listen=YES
anonymous_enable=YES
local_enable=YES
write_enable=YES
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
chroot_local_user=YES
allow_writeable_chroot=YES
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
ssl_enable=Yes
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
rsa_cert_file=/etc/vsftpd/vsftpd.pem

07In my case, three virtual hosts are running on this Web server, so I’ll create three users(one for each) without shell access and their web directory as their home directory:

sudo useradd -d /var/www/tendo -s /usr/sbin/nologin tendo
sudo useradd -d /var/www/rbgeek -s /usr/sbin/nologin rbgeek
sudo useradd -d /var/www/linuxsoft -s /usr/sbin/nologin linuxsoft

08Setup a password for each user:

sudo passwd tendo
sudo passwd rbgeek
sudo passwd linuxsoft

09To enable the users to read and write data in their home directory, change the group ownership (or ownership as per your requirement):

cd /var/www/
sudo chown -R www-data:linuxsoft linuxsoft 
sudo chown -R www-data:rbgeek rbgeek
sudo chown -R www-data:tendo tendo

10Change the permission too (adjust as per your requirement):

sudo chmod -R 0775 linuxsoft
sudo chmod -R 0775 rbgeek
sudo chmod -R 0775 tendo

11Check the permission after modification:

ls -l

12After completing all these steps,add a nologin to the shell set:

sudo nano /etc/shells

13Add this line at the end:

/usr/sbin/nologin

Restart the vsftpd service:

sudo service vsftpd restart

14FileZilla settings for Windows,we need to select “Require explicit FTP over TLS“,so that user can log in with SSL:

15When user connect, it will be required to accept the certificate, either self-signed or the default for vsftp:

16After successful connection, user will see his home directory:

17

Src: https://rbgeek.wordpress.com/2012/11/20/how-to-setup-vsftpd-ftp-with-ssl-on-ubuntu-12-04/

Share

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.