AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
Install ftp debian1/13/2024 ![]() ![]() Organizational Unit Name (eg, section) :Ĭommon Name (e.g. Organization Name (eg, company) : DigitalOcean If you enter '.', the field will be left blank. There are quite a few fields but you can leave some blankįor some fields there will be a default value, What you are about to enter is what is called a Distinguished Name or a DN. You are about to be asked to enter information that will be incorporated Writing new private key to '/etc/ssl/private/vsftpd.pem' OutputGenerating a 2048 bit RSA private key For the Common Name field, be sure to add your_server_ip: Substitute your own information for the highlighted values below. You’ll be prompted to provide address information for your certificate. sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/vsftpd.pem -out /etc/ssl/private/vsftpd.pem.By setting both the -keyout and -out flags to the same value, the private key and the certificate will be located in the same file: In the same command, we’ll add a private 2048-bit RSA key. Let’s use openssl to create a new certificate and use the -days flag to make it valid for one year. The first step is to create the SSL certificates for use with vsftpd. Since FTP does not encrypt any data in transit, including user credentials, we’ll enable TLS/SSL to provide that encryption. Now that we’ve tested our configuration, let’s take steps to further secure our server. sudo chown nobody:nogroup /home/ sammy/ftp.In this example, rather than removing write privileges from the home directory, let’s create an ftp directory to serve as the chroot and a writable files directory to hold the actual files. ![]() ![]() This is fine for a new user who should only connect via FTP, but an existing user may need to write to their home folder if they also have shell access. However, because of the way vsftpd secures the directory, it must not be writable by the user. When chroot is enabled for local users, they are restricted to their home directory by default. vsftpd accomplishes this with chroot jails. Feel free to press ENTER through the other prompts.įTP is generally more secure when users are restricted to a specific directory. Even so, we recommend that you start with a new user until you’ve configured and tested your setup.Īssign a password when prompted. We’ll take care to preserve an existing user’s access to their data in the instructions that follow. We will create a dedicated FTP user, but you may already have a user in need of FTP access. With vsftpd installed and the necessary ports open, let’s move on to creating a dedicated FTP user. In this case, only SSH is allowed through: This guide assumes that you have UFW installed, following Step 4 in the initial server setup guide. If it is, we’ll ensure that FTP traffic is permitted so firewall rules don’t block our tests. Let’s check the firewall status to see if it’s enabled. With a backup of the configuration in place, we’re ready to configure the firewall. When the installation is complete, copy the configuration file so you can start with a blank configuration, and save the original as a backup: Let’s start by updating our package list and installing the vsftpd daemon: You can learn more about how to create a user with these privileges in our Initial Server Setup with Debian 10 guide.
0 Comments
Read More
Leave a Reply. |