Raw Record Source

{
  "$type": "site.standard.document",
  "description": "So an FTP server is often one of the first things people want to setup on a new server. I recently setup two, one on my Raspberry Pi for making a 2TB USB Drive available in my home, and another somewhat more secure one on my VPS to transfer files back and forth. So anyway, lets just right in.",
  "path": "/blog/vsftpd",
  "publishedAt": "2018-02-28T00:00:00.000Z",
  "site": "at://did:plc:nmwj6xne7mdpkry5pzvfendv/site.standard.publication/ndo-dev",
  "tags": [
    "self hosted",
    "servers",
    "linux"
  ],
  "textContent": "Intro So an FTP server is often one of the first things people want to setup on a new server. I recently setup two, one on my Raspberry Pi for making a 2TB USB Drive available in my home, and another somewhat more secure one on my VPS to transfer files back and forth. So anyway, lets just right in. Like always.. First we will we make an FTP Folder inside our users home directory that will serve as our default FTP Directory (or possibly only available directory via FTP, more on that later..) And make sure no one can write to this folder Then make a folder inside that one that we can actually write to Then open the config file And make sure the follow is set and/or uncommented: (this will determine whether our user is forced to stay in the above directory or not. This is the more safe route to take, and the one I set on my VPS – on my RaspPi, however, I want to be able to upload and download other files as well, so I set this to NO there.) Now we’ll add some new options, anywhere in the file is fine. We’re going to add a usersubtoken in order to insert the username in our localroot directory path so our configuration will work for this user and any future users that might be added. Change this port to any that you want to access your server on. Leave this line out completely if the default port 21 is fine for you. Often if you have a public IP address and are open to the internet, people will be scouring for machines with the standard ports open (including things like 22 [SSH], 21! [FTP]) so it is advisable to use a non-standard port here if your machine has a public IP. This is another way to limit access to your FTP Server. If you have multiple users on your machine, but only want 1 or 2 or however many to be able to login via FTP add these lines and create the vsftpd.userlist file with your chosen usernames in them. A simple text file with [username] in it is sufficient i.e. Everything is technically setup now! You can test your connection by going to your browser or favorite ftp client and connecting to ftp://[IP Address]:[port] and then entering your credentials. A restart of vsftpd and your good to go: Securing our FTP Server The above will only setup a non-encrypted standard FTP server. As FTP is by default a totally unencrypted channel, I highly recommend continuing and securing your server. Otherwise all communication will be done in plaintext and will be susceptible to snooping.. So to begin we will generate an ssl key. You’ll be prompted for some info like country, state, etc. This info is all entirely optional / does not have to be accurate.. Now we’ll go back into the vsftpd config file And comment out the default rsa file lines.. Now we will add our previously created ssl key: with these final two lines we are forcing all clients to use FTPES, so our FTP server will no longer be available via web browsers (as these only support standard, unencrypted FTP). If you still want the option of connecting via your credentials to a standard FTP server set these last two to NO. You can still connect via encrypted FTPES, but don’t have to.. Finally, some options to increase SSL security: After those lines you can save and close the file again and restart vsftpd. If you set force local SSL you can now only connect via legitimate FTP clients like FileZilla via settings such as the following:",
  "title": "vsftpd Setup"
}