{"id":4065,"date":"2012-01-06T12:31:02","date_gmt":"2012-01-06T17:31:02","guid":{"rendered":"http:\/\/jianmingli.com\/wp\/?p=4065"},"modified":"2013-10-22T09:01:49","modified_gmt":"2013-10-22T14:01:49","slug":"oracle-linux-5-5-setup-vsftp-server","status":"publish","type":"post","link":"https:\/\/jianmingli.com\/wp\/?p=4065","title":{"rendered":"Oracle Linux 5.5: Setup vsftp Server"},"content":{"rendered":"
\n

Contents<\/h2>\n
    \n\t
  1. \n\t\tSetup yum Repository<\/a>\n\t<\/li>\n\t
  2. \n\t\tInstall vsftpd<\/a>\n\t<\/li>\n\t
  3. \n\t\tConfigure vsftpd<\/a>\n\t\t
      \n\t\t\t
    1. \n\t\t\t\tOpen ports<\/a>\n\t\t\t<\/li>\n\t\t\t
    2. \n\t\t\t\tConfigure SELinux to Allow FTP Traffic<\/a>\n\t\t\t<\/li>\n\t\t<\/ol>\n\t
    3. \n\t\tStart\/stop\/restart Service<\/a>\n\t\t
        \n\t\t\t
      1. \n\t\t\t\tView Log<\/a>\n\t\t\t<\/li>\n\t\t<\/ol>\n\t
      2. \n\t\tEnable SFTP for vsFTP<\/a>\n\t<\/li>\n\t
      3. \n\t\tIssues<\/a>\n\t\t
          \n\t\t\t
        1. \n\t\t\t\t500 oops chroot<\/a>\n\t\t\t<\/li>\n\t\t\t
        2. \n\t\t\t\tAccess from Windows 7 FTP Client<\/a>\n\t\t\t<\/li>\n\t\t<\/ol>\n\t
        3. \n\t\tReferences<\/a>\n\t<\/li>\n<\/ol>\n<\/ol>\n<\/div>\n
           <\/div>\n

          Setup yum Repository<\/h2><\/span>\n

          * See this post <\/a>to setup yum repository if it’s not already done.<\/p>\n

          Install vsftpd<\/h2><\/span>\n
          \r\nsu -\r\nyum install vsftpd\r\n<\/pre>\n
          Configure vsftpd<\/h2><\/span>\n
          * Config file is: \/etc\/vsftpd\/vsftpd.conf<\/em>
          \n* Append to default vsftpd.conf<\/em> file:<\/p>\n
          \r\n# Make sure chroot jail is turned off. This is the default\r\nchroot_local_user=NO\r\n\r\n# Turn on passive ports\r\npasv_enable=YES\r\npasv_min_port=11000\r\npasv_max_port=11010\r\n<\/pre>\n
          Open ports<\/h3><\/span>\n
          * Add to \/etc\/sysconfig\/iptables<\/em> immediately under –dport 22<\/em> entry:<\/p>\n
          \r\n-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT # This opens up port 21\r\n-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT # This opens up port 22 for sftp\r\n-A RH-Firewall-1-INPUT -p tcp --dport 11000:11010 -j ACCEPT # This opens up passive ports\r\n<\/pre>\n
          Configure SELinux to Allow FTP Traffic<\/h3><\/span>\n
          * Check that to see if SELINUX is enabled in \/etc\/selinux\/config<\/em> file<\/p>\n
          \r\nSELINUX=enforcing\r\n#SELINUX=disabled\r\n<\/pre>\n
          * If SELinux is enforced, you need to set one of the following: <\/p>\n
          \r\nsetsebool -P allow_ftpd_full_access 1 \r\nor \r\nsetsebool -P ftp_home_dir 1\r\n<\/pre>\n
          Start\/stop\/restart Service<\/h2><\/span>\n
          \r\n# Enable ftp to user home directory (SELinux only)\r\nsetsebool -P ftp_home_dir 1\r\n\r\n# Setup autostart\r\nchkconfig vsftpd on\r\n\r\n# Start\r\nservice vsftpd start\r\n\r\n# Stop\r\nservice vsftpd stop\r\n\r\n# Restart\r\nservice vsftpd restart\r\n\r\n# Check port 21 status\r\nnetstat -tulpn |grep :21\r\n<\/pre>\n
          View Log<\/h3><\/span>\n
          * Log file is in \/var\/log directory<\/p>\n
          \r\ntail -f \/var\/log\/xferlog\r\n<\/pre>\n
          Enable SFTP for vsFTP<\/h2><\/span>\n
          * Generate a new certificate<\/p>\n
          \r\nopenssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout \/etc\/vsftpd\/vsftpd.pem -out \/etc\/vsftpd\/vsftpd.pem\r\n\r\n[root@ftp01 vsftpd]# openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout \/etc\/vsftpd\/vsftpd.pem -out \/etc\/vsftpd\/vsftpd.pem\r\nGenerating a 1024 bit RSA private key\r\n.++++++\r\n..........++++++\r\nwriting new private key to '\/etc\/vsftpd\/vsftpd.pem'\r\n-----\r\nYou are about to be asked to enter information that will be incorporated\r\ninto your certificate request.\r\nWhat you are about to enter is what is called a Distinguished Name or a DN.\r\nThere are quite a few fields but you can leave some blank\r\nFor some fields there will be a default value,\r\nIf you enter '.', the field will be left blank.\r\n-----\r\nCountry Name (2 letter code) [GB]:US\r\nState or Province Name (full name) [Berkshire]:Virginia\r\nLocality Name (eg, city) [Newbury]:Reston\r\nOrganization Name (eg, company) [My Company Ltd]:Example\r\nOrganizational Unit Name (eg, section) []:Example\r\nCommon Name (eg, your name or your server's hostname) []:ftp01\r\nEmail Address []:\r\n<\/pre>\n
          * chmod key file:<\/p>\n
          \r\nchmod 600 vsftpd.pem\r\n<\/pre>\n
          * Modify vsftpd.conf<\/em> to include:<\/p>\n
          \r\nssl_enable=YES\r\nallow_anon_ssl=NO\r\nforce_local_data_ssl=NO\r\nforce_local_logins_ssl=NO # Set to YES to force sftp\r\nssl_tlsv1=YES\r\nssl_sslv2=NO\r\nssl_sslv3=NO\r\nrsa_cert_file=\/etc\/vsftpd\/vsftpd.pem\r\n<\/pre>\n
          * Restart vsftpd service:<\/p>\n
          \r\nservice vsftpd restart\r\n<\/pre>\n
          * Test sftp connection using WinSCP<\/em>
          \n– Protocol: sftp
          \n– Port: 22<\/p>\n
          \"\"<\/a><\/h6><\/span>\n
          Issues<\/h2><\/span>\n
          500 oops chroot<\/h3><\/span>\n
          * In SELinux, you need to set one of the following: <\/p>\n
          \r\nsetsebool -P allow_ftpd_full_access 1\r\nor\r\nsetsebool -P ftp_home_dir 1\r\n<\/pre>\n
          Access from Windows 7 FTP Client<\/h3><\/span>\n
          * ftp command line utility didn’t work for me<\/p>\n
          \"\"<\/a><\/h6><\/span>\n
          * Use File Explorer to access vsftp server instead:
          \n– Open File Explorer
          \n– Type into addressbox: ftp:\/\/wxbox
          \n– Enter username and password<\/p>\n
          \"\"<\/a><\/h6><\/span>\n
          References<\/h2><\/span>\n
          * VSFTPD.CONF<\/a>
          \n*           Red Hat \/ CentOS VSFTPD FTP Server Configuration<\/a>
          \n*           Common vsftp problems and likely solutions<\/a>
          \n*           Configuring vsftpd for secure connections (TLS\/SSL\/SFTP)<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"
          Setup yum Repository * See this post to setup yum repository if it’s not already done. Install vsftpd su – yum install vsftpd Configure vsftpd * Config file is: \/etc\/vsftpd\/vsftpd.conf * Append to default vsftpd.conf file: # Make sure chroot … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[61],"tags":[],"class_list":["post-4065","post","type-post","status-publish","format-standard","hentry","category-linux"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p8cRUO-13z","_links":{"self":[{"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/posts\/4065","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=4065"}],"version-history":[{"count":23,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/posts\/4065\/revisions"}],"predecessor-version":[{"id":4101,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/posts\/4065\/revisions\/4101"}],"wp:attachment":[{"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=4065"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=4065"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=4065"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}