Stop! The Very Secure FTP Server (vsftps) Addon package was discontinued as of Core Update 117
The vsftps is a FTP server for UNIX and Linux and licensed under the GPL. He is secure, extreme fast and also very stable. The configuration takes place in the vsftps config file under /etc/vsftps.conf. You can edit the file comfortably via “nano” or “vi”.
pakfire install -y vsftpd
To simplify, let's take the following example scenario:
FTP-user named “ftpuser”
The home directory is placed in “/var/ftp/ftpuser” .
First create the directories with a:
By default, local user logins are allowed. To apply now a local user enter the following lines into the Console
useradd ftpuser -d /var/ftp/ftpuser -s /bin/false
FTP users can be named arbitrary, but you have to take care that no system users like “root”, “samba” ( or some likely!!) will be taken:
The “-s /bin/false” disable the possibility for the ftpuser to connect over ssh, this should also not be possible even for any FTP user.
You can apply the user password with a:
Now you should lock up the user into his home directory, therefor use the following command line in the Console:
chown -R ftpuser /var/ftp/ftpuser
A small step is still necessary to give the applied user access. Edit the file /etc/vsftpd_user.list and attach the user name to the end of the file. You can do this with the Midnight Commander, which is also available over Pakfire or type simply a
echo ftpuser >> /etc/vsftpd.user_list
into the Console.
At the end start vsftpd with a:
First, a SSL certificate must be applied:
openssl req -new -x509 -days 365 -keyout vsftp.key -out vsftp.crt
Thereafter, the passphrase must be removed from the key, to run vsftpd without password authentication.
openssl rsa -in vsftp.key -out vsftp_clear.key
Then the certificate and the key should be copied to a file and will be stored for vsftpd in /etc :
cat vsftp.crt vsftp_clear.key > /etc/vsftpd.pem
Now the configuration file /etc/vsftpd.conf will be edit and it should be inserted the following lines.
ssl_enable=YES force_local_data_ssl=YES force_local_logins_ssl=YES rsa_cert_file=/etc/vsftpd.pem
Who wants also allow some client connections without SSL, needs to set “force_local_data_ssl” and “force_local_login_ssl” to =NO . Save then this file and restart vsftpd with a
that the changes takes effect.
Important! If the FTP server should be reachable from outside with SSL, the passive port must be set correct in addition to the port were vsftpd are listening (default: 21), this can be done with the following procedure:
Edit the following into /etc/vsftpd.conf:
pasv_min_port=2000 pasv_max_port=2020 listen_port=21
In this example the FTP server are listening on the standard port 21 and the amount of 20 passive ports are also available, this should be quite sufficient for 5 users. You should only open the really needed amount of ports.
Now you have to open the destination port: 21 and also the passive destination ports: 2000:2020 in the web interface under firewall → External Access
Don't forget to restart vsftpd with a
that the changes takes affect.
However, Filezilla has got a bug when connecting to SSL secured FTP servers such as described above. The error message is as follows:
Status: Initializing TLS... Error: GnuTLS error -12: A TLS fatal alert has been received. Error: Could not connect to server
This error can be worked around by adding the following line to
More information can be found in the Filezilla bugtracker: http://trac.filezilla-project.org/ticket/7873
If you have created a Samba user via the web interface, you can apply this user for the usage of vsftpd. You only need to give him a password which should be the same like in the “sambauser” configuration and don't forget to write it into /etc/vsftpd_user.list .
Who have problems behind a router or with the passive transmission should take a look in here .
# Default config for vsftpd on ipfire ## Run in daemon mode background=YES listen=YES # ## User to run daemon as nopriv_user=vsftpd # ## Ftp ports pasv_min_port=2000 pasv_max_port=2020 connect_from_port_20=YES listen_port=21 # ## SSL ssl_enable=YES # If not forced edit to NO force_local_data_ssl=YES force_local_logins_ssl=YES rsa_cert_file=/etc/vsftpd.pem require_ssl_reuse=NO # ## Timeout idle_session_timeout=600 data_connection_timeout=120 # ## Information messages ftpd_banner=Welcome on ftp.ipfire.org dirmessage_enable=YES # ## Allow local user access? local_enable=YES write_enable=YES local_umask=022 # Chown #chown_uploads=YES #chown_username=whoever # Chroot chroot_local_user=YES #chroot_list_enable=YES secure_chroot_dir=/var/ftp/empty # ## Anonymous login? #anonymous_enable=YES #anon_upload_enable=YES #anon_mkdir_write_enable=YES # ## Logging xferlog_enable=YES xferlog_file=/var/log/vsftpd.log xferlog_std_format=YES # ## Timeout idle_session_timeout=600 data_connection_timeout=120 # ## Preferences #async_abor_enable=YES #ascii_upload_enable=YES #ascii_download_enable=YES ls_recurse_enable=YES # ## Userlist userlist_deny=NO userlist_enable=YES userlist_file=/etc/vsftpd.user_list # ## Max. failed logins max_login_fails=3 #