Skip to Content
0 Votes
Last modified by Сергей Коршунов on 2023/05/03 13:52
Show last authors
1 = Configure Vsftpd FTP Server on Rocky Linux 8|AlmaLinux 8 =
2
3
4 **FTP** is an acronym for //File Transfer Protocol//. This application layer protocol is essential where the seamless transfer or data exchange between devices over the internet is required. File upload and download in an FTP application is made easy using **TCP**(Transmission Control Protocol)
5
6 C-More EA9 HMI Series Panel FTP - F...
7
8
9
10 **VSFTPD**, an acronym for// Very Secure FTP Daemon// secures data transfer on FTP by creating secure tunnels to encrypt the data flow. With Vsftpd, data transfer security is guaranteed since an end to end encryption is enforced.
11
12
13
14 The amazing features related to Vsftpd include:
15
16 * **Stability** – This is a very consistent and reliable FTP server.
17 * **IP independent **– with support for both IPv4 and IPv6.
18 * Supports **Standalone** or **inetd** operation
19 * It handles **Bandwidth throttling**
20 * Powerful per-user configurability
21 * **Secure** – Supports encryption through TLS/SSL integration
22 * **Fast and reliable** – there is minimal interference since files are download via a private tunnel
23 * **Virtual users** – this is and added security feature because whenever a real user account is compromised, user can only use FTP Server but can not login to system to use other services like SSH.
24
25 By following the below steps, you should be able to configure the Vsftpd FTP Server on Rocky Linux 8 / AlmaLinux 8.
26
27
28
29
30
31 == 1. Install vsftpd on Rocky Linux 8/ AlmaLinux 8 ==
32
33 The first thing we need to do is to install the Very Secure FTP Daemon which is available in the default Rocky Linux 8/ AlmaLinux 8 repositories.
34
35 {{{sudo yum update
36 sudo yum install vsftpd}}}
37
38 Dependency tree:
39
40
41
42 {{{Dependencies resolved.
43 ================================================================================
44 Package Architecture Version Repository Size
45 ================================================================================
46 Installing:
47 vsftpd x86_64 3.0.3-34.el8 appstream 180 k
48
49 Transaction Summary
50 ================================================================================
51 Install 1 Package
52
53 Total download size: 180 k
54 Installed size: 347 k
55 Is this ok [y/N]: y}}}
56
57 Once the installation is successful, verify the installed version of Vsftpd as below.
58
59 {{{$ sudo rpm -qi vsftpd
60 Name : vsftpd
61 Version : 3.0.3
62 Release : 34.el8
63 Architecture: x86_64
64 Install Date: Sat 12 Feb 2022 02:30:16 AM EST
65 Group : System Environment/Daemons
66 Size : 355732
67 License : GPLv2 with exceptions
68 Signature : RSA/SHA256, Tue 09 Nov 2021 10:07:58 AM EST, Key ID 15af5dac6d745a60
69 Source RPM : vsftpd-3.0.3-34.el8.src.rpm
70 Build Date : Tue 09 Nov 2021 09:27:17 AM EST
71 Build Host : ord1-prod-x86build004.svc.aws.rockylinux.org
72 Relocations : (not relocatable)
73 Packager : infrastructure@rockylinux.org
74 Vendor : Rocky
75 URL : https://security.appspot.com/vsftpd.html
76 Summary : Very Secure Ftp Daemon
77 Description :
78 vsftpd is a Very Secure FTP daemon. It was written completely from
79 scratch.}}}
80
81 Start and enable the Very Secure FTP Daemon to run automatically on system boot.
82
83 {{{sudo systemctl enable vsftpd --now }}}
84
85 Check the status of the service.
86
87 {{{$ systemctl status vsftpd
88 ● vsftpd.service - Vsftpd ftp daemon
89 Loaded: loaded (/usr/lib/systemd/system/vsftpd.service; enabled; vendor preset: disabled)
90 Active: active (running) since Sat 2022-02-12 02:30:39 EST; 6s ago
91 Process: 32110 ExecStart=/usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf (code=exited, status=0/SUCCESS)
92 Main PID: 32111 (vsftpd)
93 Tasks: 1 (limit: 36438)
94 Memory: 580.0K
95 CGroup: /system.slice/vsftpd.service
96 └─32111 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf
97
98 Feb 12 02:30:38 localhost.localdomain systemd[1]: Starting Vsftpd ftp daemon...
99 Feb 12 02:30:39 localhost.localdomain systemd[1]: Started Vsftpd ftp daemon.}}}
100
101 == 2. Create the FTP User and User Directory ==
102
103 We need to create and grant dedicated user access to the FTP server. We will create the user as below.
104
105 {{{sudo adduser vsftpduser
106 sudo passwd vsftpduser}}}
107
108 With the user and password created as above, proceed and create the FTP directories with the necessary permissions.
109
110 {{{sudo mkdir -p /srv/ftp
111 sudo chmod -R 750 /srv/ftp
112 sudo chown vsftpduser: /srv/ftp}}}
113
114 To grant the user access to the Vsftpd server, add them to the **///etc/vsftpd/user_list//** file.
115
116 {{{sudo bash -c 'echo vsftpduser >> /etc/vsftpd/user_list'}}}
117
118 == 3. Configure vsftpd on Rocky Linux 8/ AlmaLinux 8. ==
119
120 We need to make some adjustments to the Vsftpd config file accessed as below.
121
122
123 {{{sudo vi /etc/vsftpd/vsftpd.conf}}}
124
125 With the file opened, make the below adjustments:
126
127 * Allow remote access to local users then block anonymous users.
128
129 {{{anonymous_enable = NO
130 local_enable = YES}}}
131
132 * Grant user permission to run ant FTP commands.
133
134 {{{write_enable = YES}}}
135
136 * Restrict user access to their home directory only and grant the write permissions.
137
138 {{{chroot_local_user=YES
139 allow_writeable_chroot=YES}}}
140
141 * Set custom ports to enable passive FTP connections.
142
143 {{{pasv_min_port=30000
144 pasv_max_port=31000}}}
145
146 * Allow dedicated Vsftpd users in the **//user_list//** file to access the FTP server.
147
148 {{{userlist_file=/etc/vsftpd/user_list
149 userlist_enable=YES
150 userlist_deny=NO}}}
151
152 With the above changes made, restart the server.
153
154 {{{sudo systemctl restart vsftpd}}}
155
156 == 4. Open FTP Ports on Firewalld ==
157
158 Based on the above configuration, we have set the passive communication port range between 30000-31000. We now need to allow these ports through the firewall. Also, we need to allow port range 20-21 for FTP data and traffic.
159
160 {{{sudo firewall-cmd --permanent --add-port=20-21/tcp
161 sudo firewall-cmd --permanent --add-port=30000-31000/tcp}}}
162
163 Apply the changes to the firewall daemon.
164
165 {{{sudo firewall-cmd --reload}}}
166
167 Now test the FTP connection using the below command:
168
169 {{{ftp serverIP}}}
170
171 Sample Output:
172
173 [[~[~[image:https://computingforgeeks.com/wp-content/uploads/2022/02/Configure-Vsftpd-FTP-Server-on-Rocky-Linux-AlmaLinux.png?ezimgfmt=rs:404x190/rscb23/ng:webp/ngcb23~|~|alt="Configure Vsftpd FTP Server on Rocky Linux" height="190" width="404"~]~]>>path:data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20width=%22404%22%20height=%22190%22%3E%3C/svg%3E]]
174
175 == 5. Vsftpd SSL/TLS Configuration on Rocky Linux 8/ AlmaLinux 8 ==
176
177 For security and encryption reasons on the FTP server, we will generate SSL certificates on this system.
178
179 In this guide, we use self-signed certificates generated using OpenSSL as below.
180
181 First, ensure OpenSSL is installed
182
183 {{{sudo yum install openssl}}}
184
185 Then generated the self-signed certificates.
186
187 {{{sudo openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /etc/vsftpd.pem -out /etc/vsftpd/vsftpd.pem}}}
188
189 On the output, provide the required country name, state/province details e.t.c
190
191 [[~[~[image:https://computingforgeeks.com/wp-content/uploads/2022/02/Configure-Vsftpd-FTP-Server-on-Rocky-Linux-AlmaLinux-1.png?ezimgfmt=rs:688x368/rscb23/ng:webp/ngcb23~|~|alt="Configure Vsftpd FTP Server on Rocky Linux AlmaLinux 1" height="368" width="688"~]~]>>path:data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20width=%22688%22%20height=%22368%22%3E%3C/svg%3E]]
192
193 Now get back to the Vsftpd config file and add the generated certificates path.
194
195 {{{$ sudo vi /etc/vsftpd/vsftpd.conf
196 #Add these lines###
197 rsa_cert_file=/etc/vsftpd/vsftpd.pem
198 rsa_private_key_file=/etc/vsftpd.pem
199
200 #Enable SSL##
201 ssl_enable=YES
202 allow_anon_ssl=NO
203 force_local_data_ssl=YES
204 force_local_logins_ssl=YES
205 ssl_tlsv1=YES
206 ssl_sslv2=NO}}}
207
208 Save the changes and restart Vsftpd.
209
210 {{{sudo systemctl restart vsftpd}}}
211
212 == 6. Test FTP using FTP Client(Filezilla) ==
213
214 We now want to test the FTP server using the Filezilla FTP client that can be installed on both Windows and Linux systems. For Windows, download and install the Filezilla.exe file, on Linux proceed as below.
215
216 {{{# [On Debian, Ubuntu & Mint]
217 sudo apt install filezilla
218
219 #[On RHEL/CentOS/Fedora & Rocky Linux/AlmaLinux]
220 sudo yum install filezilla
221
222 #[On Arch Linux]
223 sudo pacman -S filezilla
224
225 #[On OpenSUSE]
226 sudo zypper in filezilla}}}
227
228 Once installed, launch Filezilla and navigate to **File**->**Site Manager**.
229
230 [[~[~[image:https://computingforgeeks.com/wp-content/uploads/2022/02/Configure-Vsftpd-FTP-Server-on-Rocky-Linux-AlmaLinux-2.png?ezimgfmt=rs:696x500/rscb23/ng:webp/ngcb23~|~|alt="Configure Vsftpd FTP Server on Rocky Linux AlmaLinux 2" height="685" width="953"~]~]>>path:data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20width=%22953%22%20height=%22685%22%3E%3C/svg%3E]]
231
232 Now enter the FTP server details as shown
233
234 [[~[~[image:https://computingforgeeks.com/wp-content/uploads/2022/02/Configure-Vsftpd-FTP-Server-on-Rocky-Linux-AlmaLinux-3.png?ezimgfmt=rs:696x508/rscb23/ng:webp/ngcb23~|~|alt="Configure Vsftpd FTP Server on Rocky Linux AlmaLinux 3" height="656" width="898"~]~]>>path:data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20width=%22898%22%20height=%22656%22%3E%3C/svg%3E]]
235
236 With the correct details entered, click **connect**. You will be granted the earlier created certificate, click **Ok** to proceed.
237
238 [[~[~[image:https://computingforgeeks.com/wp-content/uploads/2022/02/Configure-Vsftpd-FTP-Server-on-Rocky-Linux-AlmaLinux-4.png?ezimgfmt=rs:696x617/rscb23/ng:webp/ngcb23~|~|alt="Configure Vsftpd FTP Server on Rocky Linux AlmaLinux 4" height="692" width="780"~]~]>>path:data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20width=%22780%22%20height=%22692%22%3E%3C/svg%3E]]
239
240 Once the connection has been established, you will be granted a window divided into two parts with one part showing the local server and the other showing the Vsftpd server with the created directory(**//ftp_folder//**).
241
242 [[~[~[image:https://computingforgeeks.com/wp-content/uploads/2022/02/Configure-Vsftpd-FTP-Server-on-Rocky-Linux-AlmaLinux-5.png?ezimgfmt=rs:696x502/rscb23/ng:webp/ngcb23~|~|alt="Configure Vsftpd FTP Server on Rocky Linux AlmaLinux 5" height="689" width="956"~]~]>>path:data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20width=%22956%22%20height=%22689%22%3E%3C/svg%3E]]
243
244 Now using the vsftpduser created earlier, we can upload files to the server.
245
246
247 [[~[~[image:https://computingforgeeks.com/wp-content/uploads/2022/02/Configure-Vsftpd-FTP-Server-on-Rocky-Linux-AlmaLinux-6.png?ezimgfmt=rs:696x333/rscb23/ng:webp/ngcb23~|~|alt="Configure Vsftpd FTP Server on Rocky Linux AlmaLinux 6" height="460" width="962"~]~]>>path:data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20width=%22962%22%20height=%22460%22%3E%3C/svg%3E]]
248
249 The uploaded file will be available on the FTP server as below.
250
251 [[~[~[image:https://computingforgeeks.com/wp-content/uploads/2022/02/Configure-Vsftpd-FTP-Server-on-Rocky-Linux-AlmaLinux-7.png?ezimgfmt=rs:696x331/rscb23/ng:webp/ngcb23~|~|alt="Configure Vsftpd FTP Server on Rocky Linux AlmaLinux 7" height="455" width="958"~]~]>>path:data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20width=%22958%22%20height=%22455%22%3E%3C/svg%3E]]
252
253 You can as well download files as below.
254
255 [[~[~[image:https://computingforgeeks.com/wp-content/uploads/2022/02/Configure-Vsftpd-FTP-Server-on-Rocky-Linux-AlmaLinux-8.png?ezimgfmt=rs:696x393/rscb23/ng:webp/ngcb23~|~|alt="Configure Vsftpd FTP Server on Rocky Linux AlmaLinux 8" height="462" width="819"~]~]>>path:data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20width=%22819%22%20height=%22462%22%3E%3C/svg%3E]]
256
257 The downloaded file appears on your local machine as shown.
258
259 [[~[~[image:https://computingforgeeks.com/wp-content/uploads/2022/02/Configure-Vsftpd-FTP-Server-on-Rocky-Linux-AlmaLinux-9.png?ezimgfmt=rs:696x269/rscb23/ng:webp/ngcb23~|~|alt="Configure Vsftpd FTP Server on Rocky Linux AlmaLinux 9" height="371" width="961"~]~]>>path:data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20width=%22961%22%20height=%22371%22%3E%3C/svg%3E]]
260
261 == Closing Thoughts. ==
262
263 We triumphantly configured the Vsftpd FTP Server on Rocky Linux 8 / AlmaLinux 8. You can now share files securely over the private tunnel. I hope this was significant to you.