Quote:FTP over SSL is not supported very well in Linux at all. Clients are almost non-existant
gFTP support FTP SSL.
anyweb if you do the following you can enable SSL in vsftpd:
1) Make sure you have a SSL certificate e.g. server.key and server.crt
2) Enable SSL in the vsftpd.conf file by adding the following:
3) Concaternate the server key and server cert into one file:
Code:
cat server.key server.crt > /etc/vsftpd/vsftpd.pem
Once thats done add to the vsftpd.conf file the following:
Code:
rsa_cert_file=/etc/vsftpd/vsftpd.pem
4) Restart vsftpd and bam you have SSL support :)
Hi, I'm getting into Linux and I'm kind of a guy that sometimes need to use FTP services since I share a lot of personal music files that I want my friends across the globe to download. In Windows environment this wasn't an issue, really, it was quite easy obtaining an easy-to-understand (yet powerful!) FTP server sofware than enabled me to create accounts, assigning different parts of my computer and read/write rights to individual users with no headache whatsoever. But in Linux everything is so different.
Somewhere I read that VSFTPD is a good way setting a FTP server up. I've read man-pages, some webpages too, and I pretty much have an idea what to do. However, I don't like the approach and administration of this thing. Please correct me if I'm wrong but from what I've understood, the only way of adding FTP-users that would connect to my computer through a FTP-client software is to create real OS-based user accounts on my computers. For instance; useradd -d /home/FTP-downloader -g ftp username . But I don't like this. I guess it's good in one sense but not for my personal needs.
I need a more simple (yet quite secure) FTP-server software that simply enables me creating user account for the application itself (not the whole system) and gives me possibility to assign any folder/drive on the system I want - to the user in particular. It would be good if this app could run as a daemon from system boot so I don't need to logon to the computer. Is there any program like that in Linux or do I really need to create real user accounts on the system? Kind of annoying seeing name of FTP client users on the userlogon screen every time you start Fedora, don't you think ? [img]<___base_url___>/public/style_emoticons/default/smile.gif[/img]
Thanks in advance!
M.
You still want to use vsftpd but you want to setup something called "virtual users". This is basically a user that is only for the ftp and not for the system (i.e. exactly what you want!).
Check out these two pages as example:
[/url]ftp://vsftpd.beasts.org/users/cevans/unta.../VIRTUAL_USERS/
And:
[url=http://gentoo-wiki.com/HOWTO_vsftpd#Virtual_Users]http://gentoo-wiki.com/HOWTO_vsftpd#Virtual_Users
I can suggest the first method: pam_userdb as being the best.
I use vsftpd with virtual users :)
i set this up today, and had a few issues (fedora 7).
firstly, the db_load it refers to here
Quote:db_load -T -t hash -f logins.txt /etc/vsftpd_login.db
doesn't exist in a vanilla install of F7.
to get access to this, you'll need to install the db4-utils package
Code:
yum install db4-utils
next, when i followed this bit >
Quote:cp vsftpd.pam /etc/pam.d/ftp
(Note - if you set pam_service_name to e.g. vsftpd instead, you'll need to copy
to /etc/pam.d/vsftpd).
it didn't work at all (virtual users).
the reason why is I had to
rename the file vsftpd.pam to just vsftpd, even if that's what it says above, it wasn't clear to me, so no doubt some other noob will also have that issue.
once I finally got conencted i wanted to read/write using my virtual user, but that wasnt possible until i changed
Quote:write_enable=NOanon_upload_enable=NO
anon_mkdir_write_enable=NO
anon_other_write_enable=NO
anon_world_readable_only=NO
to
Quote:write_enable=YESanon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
anon_world_readable_only=NO
cheers
anyweb
Currently have vsftpd running, got an ftp account for web adminstration (uploading files etc to our sites). No need with virtuals there since we're hosting our own and develop them for ourselves as well...
Ok so then they tell me they need an account to just upload crap, PDFs, presentations, videos and the like... Took me some time (I'm not the one that set up this stuff in the first place and I've only really used a unix system in school and then all I did was java code and compiling that stuff... )
Anyway I got it running, having the ftp account for web stuff not being chrooted and promted to /vars/www/html on login and having the new "presentations" account being chrooted in it's home directory for the people to upload their stuff...
Now the next thing they wanted was like usr fullrights got access to "pressrelease dir" and usr readrights got access to "pressrelease dir" (guessing you can see the difference between them based on the names ; ). First I thought fine I'll try this virtual user thing then. Created new user fullrights, changed vsftpd.conf with
guest_enable=YES
guest_username=fullrights
created a password file, added a few lines to the /etc/pam.d/vsftpd file...
restart ftp and nothing worked... XD
Ok, so basically changing back to the same settings as before but adding the
guest_enable=YES
to vsftpd.conf somehow messed up my chroot_list. It wanted all users chrooted in their home dir so the ftp login for webadministration got messed up and locked in a "void" directory, the presentation account worked fine.
Now did the chroot mess up because I couldn't get the other parts working or is it something else?
Currently I solved the issue just creating 2 new users with the same homedir and changing the permissions cleverly ;D
Will once I find the time start creating multiple .conf files depending on username.
So I had a question about that as well... Can every conf file have their own virtual users as well? Like, binding virtual_x to usr x and virtual_y to usr y? :S
Might not be easy to understand what I mean but I'm in a hurry atm so no time to fix that now, but if anyone can answer anything of this it's all good to me... =)
Cheers and have a nice weekend everyone.
Hi,
I'm a newbie to linux i'm using RHEL 5 x64
I have managed to configure vsftpd i'm able to connect from my ftp client but i am getting the below error .
Status: Connecting to *.*.*.*:21...
Status: Connection established, waiting for welcome message...
Response: 220 ContiWeb Welcomes you
Command: USER user1
Response: 331 Please specify the password.
Command: PASS ************
Response: 230 Login successful.
Command: SYST
Response: 215 UNIX Type: L8
Command: FEAT
Response: 211-Features:
Response: EPRT
Response: EPSV
Response: MDTM
Response: PASV
Response: REST STREAM
Response: SIZE
Response: TVFS
Response: 211 End
Status: Connected
Status: Retrieving directory listing...
Command: PWD
Response: 257 "/home/ftp-docs"
Command: TYPE I
Response: 200 Switching to Binary mode.
Command: PASV
Response: 227 Entering Passive Mode (*,*,*,*,56,4)
Command: LIST
Error: Connection timed out
Error: Failed to retrieve directory listing
somebody please help!!!
What are the permissions set on /home/ftp-docs?
For example, if you do:
what output do you get?
have you any firewall rules setup ? ftp on the default ports requires both port 20 and 21 open (TCP) plus additional ports open for PASV
cheers
anyweb
Quote:Command: PASVResponse: 227 Entering Passive Mode (*,*,*,*,56,4)
Command: LIST
Error: Connection timed out
Error: Failed to retrieve directory listing
Try configuring your client to use PORT mode, not PASV.
PASV requires the client to specify a port to the FTP server, and this port then needs to be open on the server itself (read: firewall rules).
Using PORT means that both 20 and 21 are used - ensure these are open.
For more information, check the vsftp logs (/var/log/vsftpd or /var/log/xfer) to see what they say.