Ubuntu 12.04 Configuration vsftpd Service, add virtual user, SSL encryption

Last Update:2015-10-09 Source: Internet

Author: User

Tags openssl

Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more ＞

1. For 12.04 vsftpd There are some bugs, recommended installation version Vsftpd_2.3.5-1ubuntu2ppa1_amd64.deb
Apt-get Install Python-software-properties
Add-apt-repository ppa:thefrontiergroup/vsftpd
Apt-get Update
Apt-get Install VSFTPD

2. Configure the virtual user, install the db5.1-util (corresponding to the system version)
Apt-get-y Install Db5.1-util

3. Start the specific configuration
cd/etc/
/bin/cp-rf vsftpd.conf vsftpd.conf.backup
configuration file as follows:
#常规配置
Listen=yes
Anonymous_enable=no
Local_enable=yes
Write_enable=yes
local_umask=022
Anon_upload_enable=no
Anon_mkdir_write_enable=no
Anon_other_write_enable=no
Dirmessage_enable=yes
Chown_uploads=no
ASCII _upload_enable=yes
Ascii_download_enable=yes
chroot_list_enable=no
Ls_recurse_enable=yes
Listen_ port=21
Listen_ipv6=no
pam_service_name=vsftpd
Chroot_local_user=yes
Guest_enable=yes
Guest_ USERNAME=VSFTPD
Virtual_use_local_privs=no
#存放用户配置文件目录, does not exist please create
user_config_dir=/etc/vsftpd/vconfig/
Pam_service_name=vsftpd.pam

Chroot_local_user=yes
Allow_writeable_chroot=yes
#被动模式
Pasv_enable=yes
pasv_min_port=61100
pasv_max_port=61200
#加密配置
Ssl_enable=yes
Allow_anon_ssl=yes
Force_local_data_ssl=yes
Force_local_logins_ssl=yes
Force_anon_data_ssl=yes
Ssl_tlsv1=yes
Ssl_sslv2=no
Ssl_sslv3=no
Require_ssl_reuse=no
Rsa_cert_file=/etc/vsftpd/vconfig/vsftpd.pem
Rsa_private_key_file=/etc/vsftpd/vconfig/vsftpd.key
#日志输出
Syslog_enable=no
Log_ftp_protocol=no
Xferlog_enable=yes
Vsftpd_log_file=/var/log/vsftpd.log
Xferlog_std_format=no
Xferlog_file=/var/log/xferlog
Dual_log_enable=yes

For the configuration options inside, please search for specific meanings yourself

4. Configure Virtual users
Cd/etc/vsftpd
Touch User.txt, the file contents are as follows:
ABC------(USER)
ABCDXXX------(password)
If you continue adding users, you can add them later. 2 rows as a user output
Run the following command to generate the user data db file
/usr/bin/db5.1_load-t-T Hash-f/etc/vsftpd/user.txt/etc/vsftpd/user.db
User.txt files and user.db files please put together. After generating the user.db file, change the permissions
chmod user.db
For new users, you will also need to create a user file with the same name under the/etc/vsftpd/vconfig/folder. Otherwise the resulting user does not take effect.
Need to run again
/usr/bin/db5.1_load-t-T Hash-f/etc/vsftpd/user.txt/etc/vsftpd/user.db
Then restart the VSFTPD service

5. Configure the Virtual user directory
Mkdir-p/etc/vsftpd/vconfig/
Touch ABC
local_root=/data/abc/-------ABC ftp user Directory
anon_umask=022-------file permission is 644
Anonymous_enable=no-------do not allow anonymous logons
#后面的配置选项主要对ftp上传, download, create directories, browse files, delete, move, and so on, value is yes/no. Please refer to the following specific content. You can do this by flexibly adjusting the options below to upload, download, move/delete users. For specific meanings, please search yourself
Download_enable=yes-------Allow download
Anon_upload_enable=yes--------Allow upload
Anon_mkdir_write_enable=yes-------Allow folder creation
Anon_world_readable_only=no--------allow browsing of files
Anon_other_write_enable=yes--------Move, delete, rename and other permissions

6. Modify the PAM authentication configuration for VSFTP
Create a Vsftpd.pam file that corresponds to the Pam_service_name option in the configuration file
For 64-bit systems, the Vsftpd.pam content is as follows (tab-split)
Authrequired/lib/x86_64-linux-gnu/security/pam_userdb.sodb=/etc/vsftpd/login
Accountrequired/lib/x86_64-linux-gnu/security/pam_userdb.sodb=/etc/vsftpd/login

7, configuring VSFTPD SSL Encryption
Run the OpenSSL command and the resulting file corresponds to the Rsa_cert_file,rsa_private_key_file option inside the configuration
OpenSSL req-x509-nodes-days 3650-newkey rsa:2048-keyout/etc/vsftpd/vconfig/vsftpd.key-out/etc/vsftpd/vconfig/vsft Pd.pem

8. Configure the log file
Generate Vsftpd.log and Xferlog files
Touch/var/log/vsftpd.log
Touch/var/log/xferlog

Modify file permissions at the same time so that vsftpd users can write

9. Start the VSFTPD service
Service VSFTPD Start

10. Connect via FLASHFXP Client
Encrypted with TLS. Connection type select FTP to use public SSL (verify TLS).
Other clients should search for their own use

Ubuntu 12.04 Configuration vsftpd Service, add virtual user, SSL encryption

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More