Leave a comment

Steps to Install and Configure VSFTP Linux

Please refer the step by step VSFTP instllation and configuration instrucations below For more detail regarding the vsftpd conf file you can check it here :

$ sudo yum install vsftpd
Type “y” to continue to install VSFTP and “n” to cancel the instillation.

Note: Backup before doing any changes:

$sudo cp /etc/vsftpd.conf /etc/vsftpd.conf.original
$ sudo vi /etc/vsftpd/vsftpd.conf

⦁ anonymous_enable=NO
⦁ local_enable=YES
⦁ chroot_local_user=YES
⦁ write_enable=YES
⦁ allow_writeable_chroot=YES
⦁ pasv_enable=YES
⦁ pasv_min_port=1024
⦁ pasv_max_port=1048
⦁ pasv_address=52.63.170.185
⦁ xferlog_std_format=NO
⦁ log_ftp_protocol=YES
⦁ local_root=/var/www/html
⦁ listen=NO

$ sudo /etc/init.d/vsftpd restart

To Allow Port for VSFT externally from your AWS EC2 Instances: Log in to the AWS EC2 Management Console ==> Security Groups from the navigation tree on the left. Select the Security Group assigned for you EC2 instance. and Click on Inbound tab, click Edit:

inbound-rule

To Allow VSFTP From Firewall:

$ vi /etc/sysconfig/iptables

-A INPUT -m state –state NEW -m tcp -p tcp –dport 20:21 -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 1024:1048 -j ACCEPT

$ sudo ufw allow ftp
$ sudo service iptables restart or $sudo service firewalld restart

Create FTP User and Add it to a Group:

$ sudo useradd testuser
$ sudo groupadd sftponly
$ useradd test user -g sftponly -s /bin/false
$ sudo passwd testuser
… Password.. 4dt…….10
sudo usermod -a -G apache testuser

Set write access for VSFTP User and Block shell access:

 

sudo usermod -d /var/www/html/userdir

sudo chmod 775 /var/www/html/userdir

sudo chown testuser:testuser /var/www/html/userdir

sudo mkdir -p /var/www/html/userdir

sudo find /var/www/html -type d -exec chmod 777 {} \;

sudo usermod -s /bin/false testuser

Manager Service to start on Reboot:

$ sudo chkconfig –level 345 vsftpd on
$ sudo ntsysv

inbound-rule

You can also Control Bandwidth by editing :

$ sudo cp /etc/vsftpd.conf
anon_max_rate=30000
local_max_rate=300..
max_per_ip=5
local_max_rate=300..

Configure SSL with vsftpd: 

To secure vsftp its batter idea to secure your website, you can create ssl certificate and secure your code.

$sudo openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout /etc/ssl/private/vsftpd.pem -out /etc/ssl/private/myfile.pem

$ sudo vi /etc/vsftpd/vsftpd.conf

rsa_cert_file=/etc/ssl/private/myfile.pem
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
require_ssl_reuse=NO
ssl_ciphers=HIGH

Once the config file entry done please don’t forget restart the service.

$ sudo service vsftpd restart

FTP Testing and FTP Client Tools:

WinSCP : http://winscp.net/
Filezilla: http://filezilla-project.org/

VSFTP Errors And Troubleshooting:

To check which port being use with FTP Server:
$ netstat -tulpn | grep :21
You will see output like below:
(No info could be read for “-p”: geteuid()=500 but you should be root.)
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN –

VSFTPD, 553 Could not create file.
Response: 553 Could not create file.
Error: Critical file transfer error
Solutions: $chown -R ftpusername /var/www/html

 

Leave a Reply

Your email address will not be published. Required fields are marked *