GuidePedia

0

Install Vsftpd to configure FTP server to transfer files.
[1] Install Vsftpd
root@www:~#
aptitude -y install vsftpd
root@www:~#
vi /etc/vsftpd.conf
# line 29: uncomment

write_enable=YES
# line 97,98: uncomment ( allow ascii mode transfer )

ascii_upload_enable=YES
ascii_download_enable=YES
# line 120: uncomment ( enable chroot )

chroot_local_user=YES
# line 121: uncomment ( enable chroot list )

chroot_list_enable=YES
# line 123: uncomment ( enable chroot list )

chroot_list_file=/etc/vsftpd.chroot_list
# line 129: uncomment

ls_recurse_enable=YES
# add at the last line

# specify root directory ( if don't specify, users' home directory equals FTP home directory)

local_root=public_html
# turn off seccomp filter

seccomp_sandbox=NO
root@www:~#
vi /etc/vsftpd.chroot_list
# add users you allow to move over their home directory

trusty
root@www:~#
initctl restart vsftpd

vsftpd start/running, process 1284
-----------------------------------------------------------------------------------------------------------
Install ProFTPD:---


Install ProFTPD to configure FTP server to transfer files.
[1] Install ProFTPD
root@www:~#
aptitude -y install proftpd
# select standalone

 +-------------------------+ ProFTPD configuration +-------------------------+
 | ProFTPD can be run either as a service from inetd, or as a standalone     |
 | server. Each choice has its own benefits. With only a few FTP             |
 | connections per day, it is probably better to run ProFTPD from inetd in   |
 | order to save resources.                                                  |
 |                                                                           |
 | On the other hand, with higher traffic, ProFTPD should run as a           |
 | standalone server to avoid spawning a new process for each incoming       |
 | connection.                                                               |
 |                                                                           |
 | Run proftpd:                                                              |
 |                                                                           |
 |                                from inetd                                 |
 |                                standalone                                 |
 |                                                                           |
 |                                                                           |
 |                                  <Ok>                                     |
 |                                                                           |
 +---------------------------------------------------------------------------+

root@www:~#
vi /etc/proftpd/proftpd.conf
# line 11: turn off if not needed

UseIPv6
off
# line 15: change to your hostname

ServerName
"www.server.world"
# line 34: uncomment ( specify root directory for chroot )

DefaultRoot ~
root@www:~#
vi /etc/ftpusers
# add users you prohibit FTP connection

test
root@www:~#
/etc/init.d/proftpd restart

 * Stopping ftp server proftpd
   ...done.
 * Starting ftp server proftpd
   ...done.
 ------------------------------------------------------------------------------------------------------------
Install Pure-FTPd:----


Install Pure-FTPd to configure FTP server to transfer files.
[1] Install Pure-FTPd
root@www:~#
aptitude -y install pure-ftpd
# run as a daemon

root@www:~#
echo "yes" > /etc/pure-ftpd/conf/Daemonize
# prohibit Anonymous

root@www:~#
echo "yes" > /etc/pure-ftpd/conf/NoAnonymous
# enable chroot

root@www:~#
echo "yes" > /etc/pure-ftpd/conf/ChrootEveryone
# only IPV4

root@www:~#
echo "yes" > /etc/pure-ftpd/conf/IPV4Only
root@www:~#
/etc/init.d/pure-ftpd restart

Restarting ftp server: Running: /usr/sbin/pure-ftpd -l pam -u 1000 -E -8 UTF-8 -4 -O clf:/var/log/pure-ftpd/transfer.log -B -A -B  -----------------------------------------------------------------------------------------------------------
Transfer files to your FTP server:---


Transfer files to yuour FTP server from your PC with FileZilla.
[1] Install FileZilla to your PC and run it, then following screen is shown. Input your FTP's Hostname, user-name. password, connection-port, like follows. Next Click 'Connect'
[2] Just logined.
 --------------------------------------------------------------------------------------------------------------
Enable SSL/TLS on Vsftpd:----

 
Enable SSL/TLS on Vsftpd.
[1]
Create certificates first. 
[2] Configure for SSL/TLS
root@www:~#
vi /etc/vsftpd.conf
# line 147: change to your certificates

rsa_cert_file=
/etc/ssl/private/server.crt
# line 150: change to your key

rsa_private_key_file=
/etc/ssl/private/server.key
# add at the last line

ssl_enable=YES
# enable SSL

force_local_data_ssl=YES
# enable SSL

force_local_logins_ssl=YES
# enable SSL
root@www:~#
initctl restart vsftpd

vsftpd start/running, process 1406
[3] Configure on client PC. Use FileZilla that has a function of connecting trough SSL/TLS. Open [File]-[Site Manager] and input login info, and select 'TLS/SSL' in 'Server Type'.
[4] Input user name and password.
[5] Following waring is shown because certificate is own made one, but it's no ploblem. Go next.
[6] Just connected.
 --------------------------------------------------------------------------------------------------------------
Create a your server's original SSL Certificate:---


Create a your server's original SSL Certificate. If you use your server as a business, it had better buy and use a Formal Certificate from Verisign and so on.
root@www:~#
cd /etc/ssl/private

root@www:/etc/ssl/private#
openssl genrsa -des3 -out server.key 2048

Generating RSA private key, 2048 bit long modulus
...................+++
.....+++
e is 65537 (0x10001)
Enter pass phrase for server.key:
# set passphrase

Verifying - Enter pass phrase for server.key:
# confirm
# remove passphrase from private key

root@www:/etc/ssl/private#
openssl rsa -in server.key -out server.key

Enter pass phrase for server.key:
# passphrase

writing RSA key
root@www:/etc/ssl/private#
openssl req -new -days 3650 -key server.key -out server.csr

You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
JP
# country

State or Province Name (full name) [Some-State]:
Hiroshima
 
# state

Locality Name (eg, city) []:
Hiroshima
# city

Organization Name (eg, company) [Internet Widgits Pty Ltd]:
GTS
 
# company

Organizational Unit Name (eg, section) []:
Server World
 
# department

Common Name (e.g. server FQDN or YOUR name) []:
www.server.world
 
# server's FQDN

Email Address []:
xxx@server.world
# email address
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
root@www:/etc/ssl/private#
openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 3650

Signature ok
subject=/C=JP/ST=Hiroshima/L=Hiroshima/O=GTS/OU=Server World/CN=www.server.world/emailAddress=xxx@server.world
Getting Private key
root@www:/etc/ssl/private#
chmod 400 server.*
 -----------------------------------------------------------------------------------------------------------
Enable SSL/TLS on Proftpd:---


Enable SSL/TLS on Proftpd.
[1]
Create certificates first. 
[2] Configure for SSL/TLS
root@www:~#
vi /etc/proftpd/proftpd.conf
# line 138: uncomment

Include /etc/proftpd/tls.conf
root@www:~#
vi /etc/proftpd/tls.conf
# line 10,11,12: uncomment

TLSEngine
on

TLSLog
/var/log/proftpd/tls.log

TLSProtocol
SSLv23
# line 27,28: uncomment and specify certificates

TLSRSACertificateFile
/etc/ssl/private/server.crt

TLSRSACertificateKeyFile
/etc/ssl/private/server.key
root@www:~#
/etc/init.d/proftpd restart

 * Stopping ftp server proftpd
   ...done.
 * Starting ftp server proftpd
   ...done.
[3] Configure on client PC. Use FileZilla that has a function of connecting trough SSL/TLS. Open [File]-[Site Manager] and input login info, and select 'TLS/SSL' in 'Server Type'.
[4] Input user name and password.
[5] Following waring is shown because certificate is own made one, but it's no ploblem. Go next.
[6] Just connected.
 --------------------------------------------------------------------------------------------------------------
Enable SSL/TLS on Pure-FTPd:---


Enable SSL/TLS on Pure-FTPd.
[1] Configure for SSL/TLS.
# require TLS connection

root@www:~#
echo "2" > /etc/pure-ftpd/conf/TLS
root@www:~#
cd /etc/ssl/private

root@www:/etc/ssl/private#
openssl req -x509 -nodes -newkey rsa:1024 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem

Generating a 1024 bit RSA private key
......++++++
.......++++++
writing new private key to '/etc/ssl/private/pure-ftpd.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
JP
# country

State or Province Name (full name) [Some-State]:
Hiroshima
 
# state

Locality Name (eg, city) []:
Hiroshima
# city

Organization Name (eg, company) [Internet Widgits Pty Ltd]:
GTS
 
# company

Organizational Unit Name (eg, section) []:
Server World
 
# department

Common Name (eg, YOUR name) []:
www.server.world
 
# server's FQDN

Email Address []:
xxx@server.world
# email address
root@www:/etc/ssl/private#
chmod 400 pure-ftpd.pem

root@www:/etc/ssl/private#
/etc/init.d/pure-ftpd restart

Restarting ftp server: Running: /usr/sbin/pure-ftpd -l pam -u 1000 -E -8 UTF-8 -4 -O clf:/var/log/pure-ftpd/transfer.log -B -A -B
[2] Configure on client PC. Use FileZilla that has a function of connecting trough SSL/TLS. Open [File]-[Site Manager] and input login info, and select 'TLS/SSL' in 'Server Type'.
[3] Input user name and password.
[4] Following waring is shown because certificate is own made one, but it's no ploblem. Go next.
[5] Just connected.

Post a Comment

Blogger Tips and TricksLatest Tips And TricksBlogger Tricks

Visitors

Cloud Power For You

Website Hosting At Low Price

Contatc

Empire Views
 
Top