Contents
Setup yum Repository
* See this post to setup yum repository if it’s not already done.
Install vsftpd
su - yum install vsftpd
Configure vsftpd
* Config file is: /etc/vsftpd/vsftpd.conf
* Append to default vsftpd.conf file:
# Make sure chroot jail is turned off. This is the default chroot_local_user=NO # Turn on passive ports pasv_enable=YES pasv_min_port=11000 pasv_max_port=11010
Open ports
* Add to /etc/sysconfig/iptables immediately under –dport 22 entry:
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT # This opens up port 21 -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT # This opens up port 22 for sftp -A RH-Firewall-1-INPUT -p tcp --dport 11000:11010 -j ACCEPT # This opens up passive ports
Configure SELinux to Allow FTP Traffic
* Check that to see if SELINUX is enabled in /etc/selinux/config file
SELINUX=enforcing #SELINUX=disabled
* If SELinux is enforced, you need to set one of the following:
setsebool -P allow_ftpd_full_access 1 or setsebool -P ftp_home_dir 1
Start/stop/restart Service
# Enable ftp to user home directory (SELinux only) setsebool -P ftp_home_dir 1 # Setup autostart chkconfig vsftpd on # Start service vsftpd start # Stop service vsftpd stop # Restart service vsftpd restart # Check port 21 status netstat -tulpn |grep :21
View Log
* Log file is in /var/log directory
tail -f /var/log/xferlog
Enable SFTP for vsFTP
* Generate a new certificate
openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout /etc/vsftpd/vsftpd.pem -out /etc/vsftpd/vsftpd.pem [root@ftp01 vsftpd]# openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout /etc/vsftpd/vsftpd.pem -out /etc/vsftpd/vsftpd.pem Generating a 1024 bit RSA private key .++++++ ..........++++++ writing new private key to '/etc/vsftpd/vsftpd.pem' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [GB]:US State or Province Name (full name) [Berkshire]:Virginia Locality Name (eg, city) [Newbury]:Reston Organization Name (eg, company) [My Company Ltd]:Example Organizational Unit Name (eg, section) []:Example Common Name (eg, your name or your server's hostname) []:ftp01 Email Address []:
* chmod key file:
chmod 600 vsftpd.pem
* Modify vsftpd.conf to include:
ssl_enable=YES allow_anon_ssl=NO force_local_data_ssl=NO force_local_logins_ssl=NO # Set to YES to force sftp ssl_tlsv1=YES ssl_sslv2=NO ssl_sslv3=NO rsa_cert_file=/etc/vsftpd/vsftpd.pem
* Restart vsftpd service:
service vsftpd restart
* Test sftp connection using WinSCP
– Protocol: sftp
– Port: 22
Issues
500 oops chroot
* In SELinux, you need to set one of the following:
setsebool -P allow_ftpd_full_access 1 or setsebool -P ftp_home_dir 1
Access from Windows 7 FTP Client
* ftp command line utility didn’t work for me
* Use File Explorer to access vsftp server instead:
– Open File Explorer
– Type into addressbox: ftp://wxbox
– Enter username and password
References
* VSFTPD.CONF
* Red Hat / CentOS VSFTPD FTP Server Configuration
* Common vsftp problems and likely solutions
* Configuring vsftpd for secure connections (TLS/SSL/SFTP)
One Response to Oracle Linux 5.5: Setup vsftp Server