Исходный код вики Configure Vsftpd FTP Server on Rocky Linux 8|AlmaLinux 8
Версия 2.1 от Сергей Коршунов на 2022/11/11 18:11
Скрыть последних авторов
| author | version | line-number | content |
|---|---|---|---|
 |
2.1 | 1 | = Configure Vsftpd FTP Server on Rocky Linux 8|AlmaLinux 8 = |
| |
1.1 | 2 | |
| |
2.1 | 3 | |
| |
1.1 | 4 | |
| |
2.1 | 5 | **FTP** is an acronym for //File Transfer Protocol//. This application layer protocol is essential where the seamless transfer or data exchange between devices over the internet is required. File upload and download in an FTP application is made easy using **TCP**(Transmission Control Protocol) |
| 6 | |||
| 7 | C-More EA9 HMI Series Panel FTP - F... | ||
| 8 | |||
| 9 | |||
| 10 | |||
| 11 | |||
| 12 | **VSFTPD**, an acronym for// Very Secure FTP Daemon// secures data transfer on FTP by creating secure tunnels to encrypt the data flow. With Vsftpd, data transfer security is guaranteed since an end to end encryption is enforced. | ||
| 13 | |||
| 14 | |||
| 15 | |||
| 16 | The amazing features related to Vsftpd include: | ||
| 17 | |||
| 18 | * **Stability** – This is a very consistent and reliable FTP server. | ||
| 19 | * **IP independent **– with support for both IPv4 and IPv6. | ||
| 20 | * Supports **Standalone** or **inetd** operation | ||
| 21 | * It handles **Bandwidth throttling** | ||
| 22 | * Powerful per-user configurability | ||
| 23 | * **Secure** – Supports encryption through TLS/SSL integration | ||
| 24 | * **Fast and reliable** – there is minimal interference since files are download via a private tunnel | ||
| 25 | * **Virtual users** – this is and added security feature because whenever a real user account is compromised, user can only use FTP Server but can not login to system to use other services like SSH. | ||
| 26 | |||
| 27 | By following the below steps, you should be able to configure the Vsftpd FTP Server on Rocky Linux 8 / AlmaLinux 8. | ||
| 28 | |||
| 29 | |||
| 30 | |||
| 31 | |||
| 32 | |||
| 33 | == 1. Install vsftpd on Rocky Linux 8/ AlmaLinux 8 == | ||
| 34 | |||
| 35 | The first thing we need to do is to install the Very Secure FTP Daemon which is available in the default Rocky Linux 8/ AlmaLinux 8 repositories. | ||
| 36 | |||
| 37 | {{{sudo yum update | ||
| 38 | sudo yum install vsftpd}}} | ||
| 39 | |||
| 40 | Dependency tree: | ||
| 41 | |||
| 42 | |||
| 43 | |||
| 44 | {{{Dependencies resolved. | ||
| 45 | ================================================================================ | ||
| 46 | Package Architecture Version Repository Size | ||
| 47 | ================================================================================ | ||
| 48 | Installing: | ||
| 49 | vsftpd x86_64 3.0.3-34.el8 appstream 180 k | ||
| 50 | |||
| 51 | Transaction Summary | ||
| 52 | ================================================================================ | ||
| 53 | Install 1 Package | ||
| 54 | |||
| 55 | Total download size: 180 k | ||
| 56 | Installed size: 347 k | ||
| 57 | Is this ok [y/N]: y}}} | ||
| 58 | |||
| 59 | Once the installation is successful, verify the installed version of Vsftpd as below. | ||
| 60 | |||
| 61 | {{{$ sudo rpm -qi vsftpd | ||
| 62 | Name : vsftpd | ||
| 63 | Version : 3.0.3 | ||
| 64 | Release : 34.el8 | ||
| 65 | Architecture: x86_64 | ||
| 66 | Install Date: Sat 12 Feb 2022 02:30:16 AM EST | ||
| 67 | Group : System Environment/Daemons | ||
| 68 | Size : 355732 | ||
| 69 | License : GPLv2 with exceptions | ||
| 70 | Signature : RSA/SHA256, Tue 09 Nov 2021 10:07:58 AM EST, Key ID 15af5dac6d745a60 | ||
| 71 | Source RPM : vsftpd-3.0.3-34.el8.src.rpm | ||
| 72 | Build Date : Tue 09 Nov 2021 09:27:17 AM EST | ||
| 73 | Build Host : ord1-prod-x86build004.svc.aws.rockylinux.org | ||
| 74 | Relocations : (not relocatable) | ||
| 75 | Packager : infrastructure@rockylinux.org | ||
| 76 | Vendor : Rocky | ||
| 77 | URL : https://security.appspot.com/vsftpd.html | ||
| 78 | Summary : Very Secure Ftp Daemon | ||
| 79 | Description : | ||
| 80 | vsftpd is a Very Secure FTP daemon. It was written completely from | ||
| 81 | scratch.}}} | ||
| 82 | |||
| 83 | Start and enable the Very Secure FTP Daemon to run automatically on system boot. | ||
| 84 | |||
| 85 | {{{sudo systemctl enable vsftpd --now }}} | ||
| 86 | |||
| 87 | Check the status of the service. | ||
| 88 | |||
| 89 | {{{$ systemctl status vsftpd | ||
| 90 | ● vsftpd.service - Vsftpd ftp daemon | ||
| 91 | Loaded: loaded (/usr/lib/systemd/system/vsftpd.service; enabled; vendor preset: disabled) | ||
| 92 | Active: active (running) since Sat 2022-02-12 02:30:39 EST; 6s ago | ||
| 93 | Process: 32110 ExecStart=/usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf (code=exited, status=0/SUCCESS) | ||
| 94 | Main PID: 32111 (vsftpd) | ||
| 95 | Tasks: 1 (limit: 36438) | ||
| 96 | Memory: 580.0K | ||
| 97 | CGroup: /system.slice/vsftpd.service | ||
| 98 | └─32111 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf | ||
| 99 | |||
| 100 | Feb 12 02:30:38 localhost.localdomain systemd[1]: Starting Vsftpd ftp daemon... | ||
| 101 | Feb 12 02:30:39 localhost.localdomain systemd[1]: Started Vsftpd ftp daemon.}}} | ||
| 102 | |||
| 103 | == 2. Create the FTP User and User Directory == | ||
| 104 | |||
| 105 | We need to create and grant dedicated user access to the FTP server. We will create the user as below. | ||
| 106 | |||
| 107 | {{{sudo adduser vsftpduser | ||
| 108 | sudo passwd vsftpduser}}} | ||
| 109 | |||
| 110 | With the user and password created as above, proceed and create the FTP directories with the necessary permissions. | ||
| 111 | |||
| 112 | {{{sudo mkdir -p /home/vsftpduser/ftp_folder | ||
| 113 | sudo chmod -R 750 /home/vsftpduser/ftp_folder | ||
| 114 | sudo chown vsftpduser: /home/vsftpduser/ftp_folder}}} | ||
| 115 | |||
| 116 | To grant the user access to the Vsftpd server, add them to the **///etc/vsftpd/user_list//** file. | ||
| 117 | |||
| 118 | {{{sudo bash -c 'echo vsftpduser >> /etc/vsftpd/user_list'}}} | ||
| 119 | |||
| 120 | == 3. Configure vsftpd on Rocky Linux 8/ AlmaLinux 8. == | ||
| 121 | |||
| 122 | We need to make some adjustments to the Vsftpd config file accessed as below. | ||
| 123 | |||
| 124 | |||
| 125 | {{{sudo vi /etc/vsftpd/vsftpd.conf}}} | ||
| 126 | |||
| 127 | With the file opened, make the below adjustments: | ||
| 128 | |||
| 129 | * Allow remote access to local users then block anonymous users. | ||
| 130 | |||
| 131 | {{{anonymous_enable = NO | ||
| 132 | local_enable = YES}}} | ||
| 133 | |||
| 134 | * Grant user permission to run ant FTP commands. | ||
| 135 | |||
| 136 | {{{write_enable = YES}}} | ||
| 137 | |||
| 138 | * Restrict user access to their home directory only and grant the write permissions. | ||
| 139 | |||
| 140 | {{{chroot_local_user=YES | ||
| 141 | allow_writeable_chroot=YES}}} | ||
| 142 | |||
| 143 | * Set custom ports to enable passive FTP connections. | ||
| 144 | |||
| 145 | {{{pasv_min_port=30000 | ||
| 146 | pasv_max_port=31000}}} | ||
| 147 | |||
| 148 | * Allow dedicated Vsftpd users in the **//user_list//** file to access the FTP server. | ||
| 149 | |||
| 150 | {{{userlist_file=/etc/vsftpd/user_list | ||
| 151 | userlist_enable=YES | ||
| 152 | userlist_deny=NO}}} | ||
| 153 | |||
| 154 | With the above changes made, restart the server. | ||
| 155 | |||
| 156 | {{{sudo systemctl restart vsftpd}}} | ||
| 157 | |||
| 158 | == 4. Open FTP Ports on Firewalld == | ||
| 159 | |||
| 160 | Based on the above configuration, we have set the passive communication port range between 30000-31000. We now need to allow these ports through the firewall. Also, we need to allow port range 20-21 for FTP data and traffic. | ||
| 161 | |||
| 162 | {{{sudo firewall-cmd --permanent --add-port=20-21/tcp | ||
| 163 | sudo firewall-cmd --permanent --add-port=30000-31000/tcp}}} | ||
| 164 | |||
| 165 | Apply the changes to the firewall daemon. | ||
| 166 | |||
| 167 | {{{sudo firewall-cmd --reload}}} | ||
| 168 | |||
| 169 | Now test the FTP connection using the below command: | ||
| 170 | |||
| 171 | {{{ftp serverIP}}} | ||
| 172 | |||
| 173 | Sample Output: | ||
| 174 | |||
| 175 | [[~[~[image:https://computingforgeeks.com/wp-content/uploads/2022/02/Configure-Vsftpd-FTP-Server-on-Rocky-Linux-AlmaLinux.png?ezimgfmt=rs:404x190/rscb23/ng:webp/ngcb23~|~|alt="Configure Vsftpd FTP Server on Rocky Linux" height="190" width="404"~]~]>>path:data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20width=%22404%22%20height=%22190%22%3E%3C/svg%3E]] | ||
| 176 | |||
| 177 | == 5. Vsftpd SSL/TLS Configuration on Rocky Linux 8/ AlmaLinux 8 == | ||
| 178 | |||
| 179 | For security and encryption reasons on the FTP server, we will generate SSL certificates on this system. | ||
| 180 | |||
| 181 | In this guide, we use self-signed certificates generated using OpenSSL as below. | ||
| 182 | |||
| 183 | First, ensure OpenSSL is installed | ||
| 184 | |||
| 185 | {{{sudo yum install openssl}}} | ||
| 186 | |||
| 187 | Then generated the self-signed certificates. | ||
| 188 | |||
| 189 | {{{sudo openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /etc/vsftpd.pem -out /etc/vsftpd/vsftpd.pem}}} | ||
| 190 | |||
| 191 | On the output, provide the required country name, state/province details e.t.c | ||
| 192 | |||
| 193 | [[~[~[image:https://computingforgeeks.com/wp-content/uploads/2022/02/Configure-Vsftpd-FTP-Server-on-Rocky-Linux-AlmaLinux-1.png?ezimgfmt=rs:688x368/rscb23/ng:webp/ngcb23~|~|alt="Configure Vsftpd FTP Server on Rocky Linux AlmaLinux 1" height="368" width="688"~]~]>>path:data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20width=%22688%22%20height=%22368%22%3E%3C/svg%3E]] | ||
| 194 | |||
| 195 | Now get back to the Vsftpd config file and add the generated certificates path. | ||
| 196 | |||
| 197 | {{{$ sudo vi /etc/vsftpd/vsftpd.conf | ||
| 198 | #Add these lines### | ||
| 199 | rsa_cert_file=/etc/vsftpd/vsftpd.pem | ||
| 200 | rsa_private_key_file=/etc/vsftpd.pem | ||
| 201 | |||
| 202 | #Enable SSL## | ||
| 203 | ssl_enable=YES | ||
| 204 | allow_anon_ssl=NO | ||
| 205 | force_local_data_ssl=YES | ||
| 206 | force_local_logins_ssl=YES | ||
| 207 | ssl_tlsv1=YES | ||
| 208 | ssl_sslv2=NO}}} | ||
| 209 | |||
| 210 | Save the changes and restart Vsftpd. | ||
| 211 | |||
| 212 | {{{sudo systemctl restart vsftpd}}} | ||
| 213 | |||
| 214 | == 6. Test FTP using FTP Client(Filezilla) == | ||
| 215 | |||
| 216 | We now want to test the FTP server using the Filezilla FTP client that can be installed on both Windows and Linux systems. For Windows, download and install the Filezilla.exe file, on Linux proceed as below. | ||
| 217 | |||
| 218 | {{{# [On Debian, Ubuntu & Mint] | ||
| 219 | sudo apt install filezilla | ||
| 220 | |||
| 221 | #[On RHEL/CentOS/Fedora & Rocky Linux/AlmaLinux] | ||
| 222 | sudo yum install filezilla | ||
| 223 | |||
| 224 | #[On Arch Linux] | ||
| 225 | sudo pacman -S filezilla | ||
| 226 | |||
| 227 | #[On OpenSUSE] | ||
| 228 | sudo zypper in filezilla}}} | ||
| 229 | |||
| 230 | Once installed, launch Filezilla and navigate to **File**->**Site Manager**. | ||
| 231 | |||
| 232 | [[~[~[image:https://computingforgeeks.com/wp-content/uploads/2022/02/Configure-Vsftpd-FTP-Server-on-Rocky-Linux-AlmaLinux-2.png?ezimgfmt=rs:696x500/rscb23/ng:webp/ngcb23~|~|alt="Configure Vsftpd FTP Server on Rocky Linux AlmaLinux 2" height="685" width="953"~]~]>>path:data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20width=%22953%22%20height=%22685%22%3E%3C/svg%3E]] | ||
| 233 | |||
| 234 | Now enter the FTP server details as shown | ||
| 235 | |||
| 236 | [[~[~[image:https://computingforgeeks.com/wp-content/uploads/2022/02/Configure-Vsftpd-FTP-Server-on-Rocky-Linux-AlmaLinux-3.png?ezimgfmt=rs:696x508/rscb23/ng:webp/ngcb23~|~|alt="Configure Vsftpd FTP Server on Rocky Linux AlmaLinux 3" height="656" width="898"~]~]>>path:data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20width=%22898%22%20height=%22656%22%3E%3C/svg%3E]] | ||
| 237 | |||
| 238 | With the correct details entered, click **connect**. You will be granted the earlier created certificate, click **Ok** to proceed. | ||
| 239 | |||
| 240 | [[~[~[image:https://computingforgeeks.com/wp-content/uploads/2022/02/Configure-Vsftpd-FTP-Server-on-Rocky-Linux-AlmaLinux-4.png?ezimgfmt=rs:696x617/rscb23/ng:webp/ngcb23~|~|alt="Configure Vsftpd FTP Server on Rocky Linux AlmaLinux 4" height="692" width="780"~]~]>>path:data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20width=%22780%22%20height=%22692%22%3E%3C/svg%3E]] | ||
| 241 | |||
| 242 | Once the connection has been established, you will be granted a window divided into two parts with one part showing the local server and the other showing the Vsftpd server with the created directory(**//ftp_folder//**). | ||
| 243 | |||
| 244 | [[~[~[image:https://computingforgeeks.com/wp-content/uploads/2022/02/Configure-Vsftpd-FTP-Server-on-Rocky-Linux-AlmaLinux-5.png?ezimgfmt=rs:696x502/rscb23/ng:webp/ngcb23~|~|alt="Configure Vsftpd FTP Server on Rocky Linux AlmaLinux 5" height="689" width="956"~]~]>>path:data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20width=%22956%22%20height=%22689%22%3E%3C/svg%3E]] | ||
| 245 | |||
| 246 | Now using the vsftpduser created earlier, we can upload files to the server. | ||
| 247 | |||
| 248 | |||
| 249 | [[~[~[image:https://computingforgeeks.com/wp-content/uploads/2022/02/Configure-Vsftpd-FTP-Server-on-Rocky-Linux-AlmaLinux-6.png?ezimgfmt=rs:696x333/rscb23/ng:webp/ngcb23~|~|alt="Configure Vsftpd FTP Server on Rocky Linux AlmaLinux 6" height="460" width="962"~]~]>>path:data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20width=%22962%22%20height=%22460%22%3E%3C/svg%3E]] | ||
| 250 | |||
| 251 | The uploaded file will be available on the FTP server as below. | ||
| 252 | |||
| 253 | [[~[~[image:https://computingforgeeks.com/wp-content/uploads/2022/02/Configure-Vsftpd-FTP-Server-on-Rocky-Linux-AlmaLinux-7.png?ezimgfmt=rs:696x331/rscb23/ng:webp/ngcb23~|~|alt="Configure Vsftpd FTP Server on Rocky Linux AlmaLinux 7" height="455" width="958"~]~]>>path:data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20width=%22958%22%20height=%22455%22%3E%3C/svg%3E]] | ||
| 254 | |||
| 255 | You can as well download files as below. | ||
| 256 | |||
| 257 | [[~[~[image:https://computingforgeeks.com/wp-content/uploads/2022/02/Configure-Vsftpd-FTP-Server-on-Rocky-Linux-AlmaLinux-8.png?ezimgfmt=rs:696x393/rscb23/ng:webp/ngcb23~|~|alt="Configure Vsftpd FTP Server on Rocky Linux AlmaLinux 8" height="462" width="819"~]~]>>path:data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20width=%22819%22%20height=%22462%22%3E%3C/svg%3E]] | ||
| 258 | |||
| 259 | The downloaded file appears on your local machine as shown. | ||
| 260 | |||
| 261 | [[~[~[image:https://computingforgeeks.com/wp-content/uploads/2022/02/Configure-Vsftpd-FTP-Server-on-Rocky-Linux-AlmaLinux-9.png?ezimgfmt=rs:696x269/rscb23/ng:webp/ngcb23~|~|alt="Configure Vsftpd FTP Server on Rocky Linux AlmaLinux 9" height="371" width="961"~]~]>>path:data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20width=%22961%22%20height=%22371%22%3E%3C/svg%3E]] | ||
| 262 | |||
| 263 | == Closing Thoughts. == | ||
| 264 | |||
| 265 | We triumphantly configured the Vsftpd FTP Server on Rocky Linux 8 / AlmaLinux 8. You can now share files securely over the private tunnel. I hope this was significant to you. |