VSftpd Настройка установка

Installing an FTP server (vsftpd) on Ubuntu 18.04

 

===============

Настройка сети

nano /etc/netplan/50-cloud-init.yaml

 

 

 

sudo apt-get install vsftpd -y
sudo service vsftpd restart
nano /etc/vsftpd.conf

# Uncomment
write_enable=YES
chroot_local_user=YES
local_umask=022

sudo service vsftpd restart

 

===

Добавить юзера

adduser lol
sudo mkdir /home/lol/download
sudo chown nobody:nogroup /home/lol/download
sudo chown lol:lol /home/lol/download
chmod 777 -R /home/lol/download
sudo chmod a-w /home/lol

=========

Firewall

sudo ufw allow OpenSSH
Let’s open ports 20 and 21 for FTP, and ports 40000-50000 for passive FTP. We’ll also open port 990 for TLS, which we will set up later.

sudo ufw allow 20/tcp
sudo ufw allow 21/tcp
sudo ufw allow 40000:50000/tcp
sudo ufw allow 990/tcp
Now, enable the firewall if it isn’t already. Press y and ENTER if warned about disrupting the SSH connection.

sudo ufw enable
To check the status of the firewall, run:

sudo ufw status
If the firewall is running, you should see Status: active and the firewall rules we just added.

===========

\\\\\\\\\\\\\\\\\\\\\\\\\\
Lastly, let’s add some port ranges for passive FTP to make sure enough connections are available. Paste the following to the bottom of the file. (To paste in nano, press the right mouse button)

etc/vsftpd.conf
pasv_min_port=40000
pasv_max_port=50000

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

sudo service vsftpd restart

==============

https://www.sslforfree.com/

получить 3 серта

==============

После получения имеем server.key,certificate.crt,ca_bundle.crt

openssl rsa -in server.key -text > certificate.pem
openssl x509 -inform PEM -in certificate.crt > ftp.domain.ru.key.pem

cp certificate.pem /etc/ssl/private/
cp ftp.domain.ru.key.pem /etc/ssl/private/
cd /etc/ssl/private/

 

=================

sudo nano /etc/vsftpd.conf
Find the following line: (Note: you can search in nano using CTRL + W)

etc/vsftpd.conf
ssl_enable=NO
Change it to:

etc/vsftpd.conf
ssl_enable=YES
Paste in the following beneath it.

etc/vsftpd.conf
rsa_cert_file=/etc/ssl/private/vsftpd.pem
rsa_private_key_file=/etc/ssl/private/vsftpd.pem
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
require_ssl_reuse=NO
ssl_ciphers=HIGH
pasv_min_port=40000
pasv_max_port=50000
Save file and exit (press CTRL + X, press Y and then press ENTER).

Restart vsftpd.

sudo systemctl restart vsftpd

 

ufw status
ufw status numbered
deelte openssh
ufw delete 5

sudo ufw allow from 10.130.50.0/23 to any port 22

 

 

 

 

Запись опубликована автором в рубрике Unix.

Добавить комментарий

Ваш e-mail не будет опубликован. Обязательные поля помечены *