Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- sudo apt-get update
- sudo apt-get install vsftpd
- sudo cp /etc/vsftpd.conf /etc/vsftpd.conf.orig
- sudo ufw status
- Output
- Status: active
- To Action From
- -- ------ ----
- OpenSSH ALLOW Anywhere
- OpenSSH (v6) ALLOW Anywhere (v6)
- sudo ufw allow 20/tcp
- sudo ufw allow 21/tcp
- sudo ufw allow 990/tcp
- sudo ufw allow 40000:50000/tcp
- sudo ufw status
- Output
- Status: active
- To Action From
- -- ------ ----
- OpenSSH ALLOW Anywhere
- 990/tcp ALLOW Anywhere
- 20/tcp ALLOW Anywhere
- 21/tcp ALLOW Anywhere
- 40000:50000/tcp ALLOW Anywhere
- OpenSSH (v6) ALLOW Anywhere (v6)
- 20/tcp (v6) ALLOW Anywhere (v6)
- 21/tcp (v6) ALLOW Anywhere (v6)
- 990/tcp (v6) ALLOW Anywhere (v6)
- 40000:50000/tcp (v6) ALLOW Anywhere (v6)
- sudo adduser samp01
- sudo mkdir /home/samp01/ftp
- sudo chown nobody:nogroup /home/samp01/ftp
- sudo chmod a-w /home/samp01/ftp
- sudo ls -la /home/samp01/ftp
- Output
- total 8
- 4 dr-xr-xr-x 2 nobody nogroup 4096 Aug 24 21:29 .
- 4 drwxr-xr-x 3 samp01 samp01 4096 Aug 24 21:29 ..
- sudo mkdir /home/samp01/ftp/files
- sudo chown samp01:samp01 /home/samp01/ftp/files
- sudo ls -la /home/samp01/ftp
- Output
- total 12
- dr-xr-xr-x 3 nobody nogroup 4096 Aug 26 14:01 .
- drwxr-xr-x 3 samp01 samp01 4096 Aug 26 13:59 ..
- drwxr-xr-x 2 samp01 samp01 4096 Aug 26 14:01 files
- echo "vsftpd test file" | sudo tee /home/samp01/ftp/files/test.txt
- sudo nano /etc/vsftpd.conf
- . . .
- # Allow anonymous FTP? (Disabled by default).
- anonymous_enable=NO
- #
- # Uncomment this to allow local users to log in.
- local_enable=YES
- . . .
- . . .
- write_enable=YES
- . . .
- . . .
- chroot_local_user=YES
- . . .
- user_sub_token=$USER
- local_root=/home/$USER/ftp
- pasv_min_port=40000
- pasv_max_port=50000
- userlist_enable=YES
- userlist_file=/etc/vsftpd.userlist
- userlist_deny=NO
- echo "samp01" | sudo tee -a /etc/vsftpd.userlist
- cat /etc/vsftpd.userlist
- Output
- samp01
- sudo systemctl restart vsftpd
- ftp -p 203.0.113.0
- Output
- Connected to 203.0.113.0.
- 220 (vsFTPd 3.0.3)
- Name (203.0.113.0:default): anonymous
- 530 Permission denied.
- ftp: Login failed.
- ftp>
- ftp>bye
- ftp -p 203.0.113.0
- Output
- Connected to 203.0.113.0.
- 220 (vsFTPd 3.0.3)
- Name (203.0.113.0:default): sudo_user
- 530 Permission denied.
- ftp: Login failed.
- ftp>
- ftp> bye
- ftp -p 203.0.113.0
- Output
- Connected to 203.0.113.0.
- 220 (vsFTPd 3.0.3)
- Name (203.0.113.0:default): samp01
- 331 Please specify the password.
- Password: your_user's_password
- 230 Login successful.
- Remote system type is UNIX.
- Using binary mode to transfer files.
- ftp>
- cd files
- get test.txt
- Output
- 227 Entering Passive Mode (203,0,113,0,169,12).
- 150 Opening BINARY mode data connection for test.txt (16 bytes).
- 226 Transfer complete.
- 16 bytes received in 0.0101 seconds (1588 bytes/s)
- ftp>
- ftp> put test.txt upload.txt
- Output
- 227 Entering Passive Mode (203,0,113,0,164,71).
- 150 Ok to send data.
- 226 Transfer complete.
- 16 bytes sent in 0.000894 seconds (17897 bytes/s)
- ftp>bye
- sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/vsftpd.pem -out /etc/ssl/private/vsftpd.pem
- Output
- Generating a 2048 bit RSA private key
- ............................................................................+++
- ...........+++
- writing new private key to '/etc/ssl/private/vsftpd.pem'
- -----
- You are about to be asked to enter information that will be incorporated
- into your certificate request.
- What you are about to enter is what is called a Distinguished Name or a DN.
- There are quite a few fields but you can leave some blank
- For some fields there will be a default value,
- If you enter '.', the field will be left blank.
- -----
- Country Name (2 letter code) [AU]:US
- State or Province Name (full name) [Some-State]:NY
- Locality Name (eg, city) []:New York City
- Organization Name (eg, company) [Internet Widgits Pty Ltd]:DigitalOcean
- Organizational Unit Name (eg, section) []:
- Common Name (e.g. server FQDN or YOUR name) []:
- Email Address []:
- sudo nano /etc/vsftpd.conf
- rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
- # rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
- rsa_cert_file=/etc/ssl/private/vsftpd.pem
- rsa_private_key_file=/etc/ssl/private/vsftpd.pem
- ssl_enable=YES
- allow_anon_ssl=NO
- force_local_data_ssl=YES
- force_local_logins_ssl=YES
- ssl_tlsv1=YES
- ssl_sslv2=NO
- ssl_sslv3=NO
- require_ssl_reuse=NO
- ssl_ciphers=HIGH
- sudo systemctl restart vsftpd
- ftp -p 203.0.113.0
- Connected to 203.0.113.0.
- 220 (vsFTPd 3.0.3)
- Name (203.0.113.0:default): samp01
- 530 Non-anonymous sessions must use encryption.
- ftp: Login failed.
- 421 Service not available, remote server has closed connection
- ftp>
- sudo nano /bin/ftponly
- #!/bin/sh
- echo "This account is limited to FTP access only."
- sudo nano /etc/shells
- . . .
- /bin/ftponly
- sudo usermod samp01 -s /bin/ftponly
- ssh samp01@203.0.113.0
- Output
- This account is limited to FTP access only.
- Connection to 203.0.113.0 closed.
- sudo chmod a+x /bin/ftponly
- sudo apt-get update
- sudo apt-get install vsftpd
- sudo cp /etc/vsftpd.conf /etc/vsftpd.conf.orig
- sudo ufw status
- Output
- Status: active
- To Action From
- -- ------ ----
- OpenSSH ALLOW Anywhere
- OpenSSH (v6) ALLOW Anywhere (v6)
- sudo ufw allow 20/tcp
- sudo ufw allow 21/tcp
- sudo ufw allow 990/tcp
- sudo ufw allow 40000:50000/tcp
- sudo ufw status
- Output
- Status: active
- To Action From
- -- ------ ----
- OpenSSH ALLOW Anywhere
- 990/tcp ALLOW Anywhere
- 20/tcp ALLOW Anywhere
- 21/tcp ALLOW Anywhere
- 40000:50000/tcp ALLOW Anywhere
- OpenSSH (v6) ALLOW Anywhere (v6)
- 20/tcp (v6) ALLOW Anywhere (v6)
- 21/tcp (v6) ALLOW Anywhere (v6)
- 990/tcp (v6) ALLOW Anywhere (v6)
- 40000:50000/tcp (v6) ALLOW Anywhere (v6)
- sudo adduser samp01
- sudo mkdir /home/samp01/ftp
- sudo chown nobody:nogroup /home/samp01/ftp
- sudo chmod a-w /home/samp01/ftp
- sudo ls -la /home/samp01/ftp
- Output
- total 8
- 4 dr-xr-xr-x 2 nobody nogroup 4096 Aug 24 21:29 .
- 4 drwxr-xr-x 3 samp01 samp01 4096 Aug 24 21:29 ..
- sudo mkdir /home/samp01/ftp/files
- sudo chown samp01:samp01 /home/samp01/ftp/files
- sudo ls -la /home/samp01/ftp
- Output
- total 12
- dr-xr-xr-x 3 nobody nogroup 4096 Aug 26 14:01 .
- drwxr-xr-x 3 samp01 samp01 4096 Aug 26 13:59 ..
- drwxr-xr-x 2 samp01 samp01 4096 Aug 26 14:01 files
- echo "vsftpd test file" | sudo tee /home/samp01/ftp/files/test.txt
- sudo nano /etc/vsftpd.conf
- . . .
- # Allow anonymous FTP? (Disabled by default).
- anonymous_enable=NO
- #
- # Uncomment this to allow local users to log in.
- local_enable=YES
- . . .
- . . .
- write_enable=YES
- . . .
- . . .
- chroot_local_user=YES
- . . .
- user_sub_token=$USER
- local_root=/home/$USER/ftp
- pasv_min_port=40000
- pasv_max_port=50000
- userlist_enable=YES
- userlist_file=/etc/vsftpd.userlist
- userlist_deny=NO
- echo "samp01" | sudo tee -a /etc/vsftpd.userlist
- cat /etc/vsftpd.userlist
- Output
- samp01
- sudo systemctl restart vsftpd
- ftp -p 203.0.113.0
- Output
- Connected to 203.0.113.0.
- 220 (vsFTPd 3.0.3)
- Name (203.0.113.0:default): anonymous
- 530 Permission denied.
- ftp: Login failed.
- ftp>
- ftp>bye
- ftp -p 203.0.113.0
- Output
- Connected to 203.0.113.0.
- 220 (vsFTPd 3.0.3)
- Name (203.0.113.0:default): sudo_user
- 530 Permission denied.
- ftp: Login failed.
- ftp>
- ftp> bye
- ftp -p 203.0.113.0
- Output
- Connected to 203.0.113.0.
- 220 (vsFTPd 3.0.3)
- Name (203.0.113.0:default): samp01
- 331 Please specify the password.
- Password: your_user's_password
- 230 Login successful.
- Remote system type is UNIX.
- Using binary mode to transfer files.
- ftp>
- cd files
- get test.txt
- Output
- 227 Entering Passive Mode (203,0,113,0,169,12).
- 150 Opening BINARY mode data connection for test.txt (16 bytes).
- 226 Transfer complete.
- 16 bytes received in 0.0101 seconds (1588 bytes/s)
- ftp>
- ftp> put test.txt upload.txt
- Output
- 227 Entering Passive Mode (203,0,113,0,164,71).
- 150 Ok to send data.
- 226 Transfer complete.
- 16 bytes sent in 0.000894 seconds (17897 bytes/s)
- ftp>bye
- sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/vsftpd.pem -out /etc/ssl/private/vsftpd.pem
- Output
- Generating a 2048 bit RSA private key
- ............................................................................+++
- ...........+++
- writing new private key to '/etc/ssl/private/vsftpd.pem'
- -----
- You are about to be asked to enter information that will be incorporated
- into your certificate request.
- What you are about to enter is what is called a Distinguished Name or a DN.
- There are quite a few fields but you can leave some blank
- For some fields there will be a default value,
- If you enter '.', the field will be left blank.
- -----
- Country Name (2 letter code) [AU]:US
- State or Province Name (full name) [Some-State]:NY
- Locality Name (eg, city) []:New York City
- Organization Name (eg, company) [Internet Widgits Pty Ltd]:DigitalOcean
- Organizational Unit Name (eg, section) []:
- Common Name (e.g. server FQDN or YOUR name) []:
- Email Address []:
- sudo nano /etc/vsftpd.conf
- rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
- # rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
- rsa_cert_file=/etc/ssl/private/vsftpd.pem
- rsa_private_key_file=/etc/ssl/private/vsftpd.pem
- ssl_enable=YES
- allow_anon_ssl=NO
- force_local_data_ssl=YES
- force_local_logins_ssl=YES
- ssl_tlsv1=YES
- ssl_sslv2=NO
- ssl_sslv3=NO
- require_ssl_reuse=NO
- ssl_ciphers=HIGH
- sudo systemctl restart vsftpd
- ftp -p 203.0.113.0
- Connected to 203.0.113.0.
- 220 (vsFTPd 3.0.3)
- Name (203.0.113.0:default): samp01
- 530 Non-anonymous sessions must use encryption.
- ftp: Login failed.
- 421 Service not available, remote server has closed connection
- ftp>
- sudo nano /bin/ftponly
- #!/bin/sh
- echo "This account is limited to FTP access only."
- sudo nano /etc/shells
- . . .
- /bin/ftponly
- sudo usermod samp01 -s /bin/ftponly
- ssh samp01@203.0.113.0
- Output
- This account is limited to FTP access only.
- Connection to 203.0.113.0 closed.
- sudo chmod a+x /bin/ftponly
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement