![]() Organizational Unit Name (eg, section) :Ĭommon Name (e.g. Organization Name (eg, company) : DigitalOcean If you enter '.', the field will be left blank. There are quite a few fields but you can leave some blankįor some fields there will be a default value, What you are about to enter is what is called a Distinguished Name or a DN. You are about to be asked to enter information that will be incorporated Writing new private key to '/etc/ssl/private/vsftpd.pem' OutputGenerating a 2048 bit RSA private key For the Common Name field, be sure to add your_server_ip: Substitute your own information for the highlighted values below. You’ll be prompted to provide address information for your certificate. sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/vsftpd.pem -out /etc/ssl/private/vsftpd.pem. ![]() By setting both the -keyout and -out flags to the same value, the private key and the certificate will be located in the same file: In the same command, we’ll add a private 2048-bit RSA key. Let’s use openssl to create a new certificate and use the -days flag to make it valid for one year. The first step is to create the SSL certificates for use with vsftpd. ![]() Since FTP does not encrypt any data in transit, including user credentials, we’ll enable TLS/SSL to provide that encryption. Now that we’ve tested our configuration, let’s take steps to further secure our server. sudo chown nobody:nogroup /home/ sammy/ftp.In this example, rather than removing write privileges from the home directory, let’s create an ftp directory to serve as the chroot and a writable files directory to hold the actual files. This is fine for a new user who should only connect via FTP, but an existing user may need to write to their home folder if they also have shell access. However, because of the way vsftpd secures the directory, it must not be writable by the user. When chroot is enabled for local users, they are restricted to their home directory by default. vsftpd accomplishes this with chroot jails. Feel free to press ENTER through the other prompts.įTP is generally more secure when users are restricted to a specific directory. Even so, we recommend that you start with a new user until you’ve configured and tested your setup.Īssign a password when prompted. We’ll take care to preserve an existing user’s access to their data in the instructions that follow. We will create a dedicated FTP user, but you may already have a user in need of FTP access. With vsftpd installed and the necessary ports open, let’s move on to creating a dedicated FTP user. In this case, only SSH is allowed through: This guide assumes that you have UFW installed, following Step 4 in the initial server setup guide. If it is, we’ll ensure that FTP traffic is permitted so firewall rules don’t block our tests. Let’s check the firewall status to see if it’s enabled. With a backup of the configuration in place, we’re ready to configure the firewall. When the installation is complete, copy the configuration file so you can start with a blank configuration, and save the original as a backup: Let’s start by updating our package list and installing the vsftpd daemon: You can learn more about how to create a user with these privileges in our Initial Server Setup with Debian 10 guide. A Debian 10 server, and a non-root user with sudo privileges.To follow along with this tutorial you will need: In this tutorial, you’ll configure vsftpd to allow a user to upload files to their home directory using FTP, with login credentials secured by SSL/TLS. Optimized for security, performance, and stability, vsftpd offers strong protection against many security problems found in other FTP servers and is the default for many Linux distributions. When you do need FTP, however, vsftpd is an excellent choice. If you have a choice of what protocol to use, consider exploring the more modern options. Many casual internet users expect to download directly from their web browser with https, and command-line users are more likely to use secure protocols such as the scp or SFTP.įTP is still used to support legacy applications and workflows with very specific needs. It has since been replaced by faster, more secure, and more convenient ways of delivering files. FTP, short for File Transfer Protocol, is a network protocol that was once widely used for moving files between a client and server.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |