sudo apt-get updatesudo apt-get install vsftpdsudo cp /etc/vsftpd.conf /etc/

1. sudo apt-get update
2. sudo apt-get install vsftpd
3. sudo cp /etc/vsftpd.conf /etc/vsftpd.conf.orig
4. sudo ufw status
5.  
6. Output
7. Status: active
8.  
9. To Action From
10. -- ------ ----
11. OpenSSH ALLOW Anywhere
12. OpenSSH (v6) ALLOW Anywhere (v6)
13.  
14. sudo ufw allow 20/tcp
15. sudo ufw allow 21/tcp
16. sudo ufw allow 990/tcp
17. sudo ufw allow 40000:50000/tcp
18. sudo ufw status
19.  
20. Output
21. Status: active
22.  
23. To Action From
24. -- ------ ----
25. OpenSSH ALLOW Anywhere
26. 990/tcp ALLOW Anywhere
27. 20/tcp ALLOW Anywhere
28. 21/tcp ALLOW Anywhere
29. 40000:50000/tcp ALLOW Anywhere
30. OpenSSH (v6) ALLOW Anywhere (v6)
31. 20/tcp (v6) ALLOW Anywhere (v6)
32. 21/tcp (v6) ALLOW Anywhere (v6)
33. 990/tcp (v6) ALLOW Anywhere (v6)
34. 40000:50000/tcp (v6) ALLOW Anywhere (v6)
35.  
36.  
37. sudo adduser samp01
38.  
39.  
40. sudo mkdir /home/samp01/ftp
41. sudo chown nobody:nogroup /home/samp01/ftp
42. sudo chmod a-w /home/samp01/ftp
43.  
44. sudo ls -la /home/samp01/ftp
45.  
46.  
47.  
48. Output
49. total 8
50. 4 dr-xr-xr-x 2 nobody nogroup 4096 Aug 24 21:29 .
51. 4 drwxr-xr-x 3 samp01 samp01 4096 Aug 24 21:29 ..
52.  
53.  
54.  
55. sudo mkdir /home/samp01/ftp/files
56. sudo chown samp01:samp01 /home/samp01/ftp/files
57.  
58.  
59. sudo ls -la /home/samp01/ftp
60.  
61.  
62. Output
63. total 12
64. dr-xr-xr-x 3 nobody nogroup 4096 Aug 26 14:01 .
65. drwxr-xr-x 3 samp01 samp01 4096 Aug 26 13:59 ..
66. drwxr-xr-x 2 samp01 samp01 4096 Aug 26 14:01 files
67.  
68.  
69.  
70. echo "vsftpd test file" | sudo tee /home/samp01/ftp/files/test.txt
71.  
72.  
73. sudo nano /etc/vsftpd.conf
74.  
75. . . .
76. # Allow anonymous FTP? (Disabled by default).
77. anonymous_enable=NO
78. #
79. # Uncomment this to allow local users to log in.
80. local_enable=YES
81. . . .
82.  
83.  
84. . . .
85. write_enable=YES
86. . . .
87.  
88.  
89. . . .
90. chroot_local_user=YES
91. . . .
92.  
93.  
94.  
95.  
96. user_sub_token=$USER
97. local_root=/home/$USER/ftp
98.  
99.  
100.  
101. pasv_min_port=40000
102. pasv_max_port=50000
103.  
104.  
105.  
106. userlist_enable=YES
107. userlist_file=/etc/vsftpd.userlist
108. userlist_deny=NO
109.  
110.  
111. echo "samp01" | sudo tee -a /etc/vsftpd.userlist
112.  
113.  
114. cat /etc/vsftpd.userlist
115.  
116.  
117. Output
118. samp01
119.  
120.  
121. sudo systemctl restart vsftpd
122.  
123.  
124.  
125.  
126. ftp -p 203.0.113.0
127.  
128.  
129. Output
130. Connected to 203.0.113.0.
131. 220 (vsFTPd 3.0.3)
132. Name (203.0.113.0:default): anonymous
133. 530 Permission denied.
134. ftp: Login failed.
135. ftp>
136.  
137. ftp>bye
138.  
139. ftp -p 203.0.113.0
140.  
141.  
142.  
143. Output
144. Connected to 203.0.113.0.
145. 220 (vsFTPd 3.0.3)
146. Name (203.0.113.0:default): sudo_user
147. 530 Permission denied.
148. ftp: Login failed.
149. ftp>
150.  
151. ftp> bye
152.  
153. ftp -p 203.0.113.0
154.  
155.  
156. Output
157. Connected to 203.0.113.0.
158. 220 (vsFTPd 3.0.3)
159. Name (203.0.113.0:default): samp01
160. 331 Please specify the password.
161. Password: your_user's_password
162. 230 Login successful.
163. Remote system type is UNIX.
164. Using binary mode to transfer files.
165. ftp>
166.  
167. cd files
168. get test.txt
169.  
170.  
171. Output
172. 227 Entering Passive Mode (203,0,113,0,169,12).
173. 150 Opening BINARY mode data connection for test.txt (16 bytes).
174. 226 Transfer complete.
175. 16 bytes received in 0.0101 seconds (1588 bytes/s)
176. ftp>
177.  
178.  
179. ftp> put test.txt upload.txt
180.  
181.  
182.  
183.  
184. Output
185. 227 Entering Passive Mode (203,0,113,0,164,71).
186. 150 Ok to send data.
187. 226 Transfer complete.
188. 16 bytes sent in 0.000894 seconds (17897 bytes/s)
189.  
190.  
191.  
192. ftp>bye
193.  
194.  
195. sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/vsftpd.pem -out /etc/ssl/private/vsftpd.pem
196.  
197. Output
198. Generating a 2048 bit RSA private key
199. ............................................................................+++
200. ...........+++
201. writing new private key to '/etc/ssl/private/vsftpd.pem'
202. -----
203. You are about to be asked to enter information that will be incorporated
204. into your certificate request.
205. What you are about to enter is what is called a Distinguished Name or a DN.
206. There are quite a few fields but you can leave some blank
207. For some fields there will be a default value,
208. If you enter '.', the field will be left blank.
209. -----
210. Country Name (2 letter code) [AU]:US
211. State or Province Name (full name) [Some-State]:NY
212. Locality Name (eg, city) []:New York City
213. Organization Name (eg, company) [Internet Widgits Pty Ltd]:DigitalOcean
214. Organizational Unit Name (eg, section) []:
215. Common Name (e.g. server FQDN or YOUR name) []:
216. Email Address []:
217.  
218.  
219. sudo nano /etc/vsftpd.conf
220.  
221.  
222. rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
223. # rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
224.  
225.  
226. rsa_cert_file=/etc/ssl/private/vsftpd.pem
227. rsa_private_key_file=/etc/ssl/private/vsftpd.pem
228.  
229.  
230. ssl_enable=YES
231.  
232.  
233. allow_anon_ssl=NO
234. force_local_data_ssl=YES
235. force_local_logins_ssl=YES
236.  
237.  
238. ssl_tlsv1=YES
239. ssl_sslv2=NO
240. ssl_sslv3=NO
241.  
242.  
243.  
244. require_ssl_reuse=NO
245. ssl_ciphers=HIGH
246.  
247.  
248.  
249.  
250. sudo systemctl restart vsftpd
251.  
252.  
253.  
254. ftp -p 203.0.113.0
255. Connected to 203.0.113.0.
256. 220 (vsFTPd 3.0.3)
257. Name (203.0.113.0:default): samp01
258. 530 Non-anonymous sessions must use encryption.
259. ftp: Login failed.
260. 421 Service not available, remote server has closed connection
261. ftp>
262.  
263.  
264.  
265.  
266. sudo nano /bin/ftponly
267.  
268.  
269.  
270. #!/bin/sh
271. echo "This account is limited to FTP access only."
272.  
273.  
274. sudo nano /etc/shells
275.  
276.  
277.  
278. . . .
279. /bin/ftponly
280.  
281.  
282. sudo usermod samp01 -s /bin/ftponly
283.  
284.  
285. ssh samp01@203.0.113.0
286.  
287.  
288. Output
289. This account is limited to FTP access only.
290. Connection to 203.0.113.0 closed.
291.  
292.  
293. sudo chmod a+x /bin/ftponly
294. sudo apt-get update
295. sudo apt-get install vsftpd
296. sudo cp /etc/vsftpd.conf /etc/vsftpd.conf.orig
297. sudo ufw status
298.  
299. Output
300. Status: active
301.  
302. To Action From
303. -- ------ ----
304. OpenSSH ALLOW Anywhere
305. OpenSSH (v6) ALLOW Anywhere (v6)
306.  
307. sudo ufw allow 20/tcp
308. sudo ufw allow 21/tcp
309. sudo ufw allow 990/tcp
310. sudo ufw allow 40000:50000/tcp
311. sudo ufw status
312.  
313. Output
314. Status: active
315.  
316. To Action From
317. -- ------ ----
318. OpenSSH ALLOW Anywhere
319. 990/tcp ALLOW Anywhere
320. 20/tcp ALLOW Anywhere
321. 21/tcp ALLOW Anywhere
322. 40000:50000/tcp ALLOW Anywhere
323. OpenSSH (v6) ALLOW Anywhere (v6)
324. 20/tcp (v6) ALLOW Anywhere (v6)
325. 21/tcp (v6) ALLOW Anywhere (v6)
326. 990/tcp (v6) ALLOW Anywhere (v6)
327. 40000:50000/tcp (v6) ALLOW Anywhere (v6)
328.  
329.  
330. sudo adduser samp01
331.  
332.  
333. sudo mkdir /home/samp01/ftp
334. sudo chown nobody:nogroup /home/samp01/ftp
335. sudo chmod a-w /home/samp01/ftp
336.  
337. sudo ls -la /home/samp01/ftp
338.  
339.  
340.  
341. Output
342. total 8
343. 4 dr-xr-xr-x 2 nobody nogroup 4096 Aug 24 21:29 .
344. 4 drwxr-xr-x 3 samp01 samp01 4096 Aug 24 21:29 ..
345.  
346.  
347.  
348. sudo mkdir /home/samp01/ftp/files
349. sudo chown samp01:samp01 /home/samp01/ftp/files
350.  
351.  
352. sudo ls -la /home/samp01/ftp
353.  
354.  
355. Output
356. total 12
357. dr-xr-xr-x 3 nobody nogroup 4096 Aug 26 14:01 .
358. drwxr-xr-x 3 samp01 samp01 4096 Aug 26 13:59 ..
359. drwxr-xr-x 2 samp01 samp01 4096 Aug 26 14:01 files
360.  
361.  
362.  
363. echo "vsftpd test file" | sudo tee /home/samp01/ftp/files/test.txt
364.  
365.  
366. sudo nano /etc/vsftpd.conf
367.  
368. . . .
369. # Allow anonymous FTP? (Disabled by default).
370. anonymous_enable=NO
371. #
372. # Uncomment this to allow local users to log in.
373. local_enable=YES
374. . . .
375.  
376.  
377. . . .
378. write_enable=YES
379. . . .
380.  
381.  
382. . . .
383. chroot_local_user=YES
384. . . .
385.  
386.  
387.  
388.  
389. user_sub_token=$USER
390. local_root=/home/$USER/ftp
391.  
392.  
393.  
394. pasv_min_port=40000
395. pasv_max_port=50000
396.  
397.  
398.  
399. userlist_enable=YES
400. userlist_file=/etc/vsftpd.userlist
401. userlist_deny=NO
402.  
403.  
404. echo "samp01" | sudo tee -a /etc/vsftpd.userlist
405.  
406.  
407. cat /etc/vsftpd.userlist
408.  
409.  
410. Output
411. samp01
412.  
413.  
414. sudo systemctl restart vsftpd
415.  
416.  
417.  
418.  
419. ftp -p 203.0.113.0
420.  
421.  
422. Output
423. Connected to 203.0.113.0.
424. 220 (vsFTPd 3.0.3)
425. Name (203.0.113.0:default): anonymous
426. 530 Permission denied.
427. ftp: Login failed.
428. ftp>
429.  
430. ftp>bye
431.  
432. ftp -p 203.0.113.0
433.  
434.  
435.  
436. Output
437. Connected to 203.0.113.0.
438. 220 (vsFTPd 3.0.3)
439. Name (203.0.113.0:default): sudo_user
440. 530 Permission denied.
441. ftp: Login failed.
442. ftp>
443.  
444. ftp> bye
445.  
446. ftp -p 203.0.113.0
447.  
448.  
449. Output
450. Connected to 203.0.113.0.
451. 220 (vsFTPd 3.0.3)
452. Name (203.0.113.0:default): samp01
453. 331 Please specify the password.
454. Password: your_user's_password
455. 230 Login successful.
456. Remote system type is UNIX.
457. Using binary mode to transfer files.
458. ftp>
459.  
460. cd files
461. get test.txt
462.  
463.  
464. Output
465. 227 Entering Passive Mode (203,0,113,0,169,12).
466. 150 Opening BINARY mode data connection for test.txt (16 bytes).
467. 226 Transfer complete.
468. 16 bytes received in 0.0101 seconds (1588 bytes/s)
469. ftp>
470.  
471.  
472. ftp> put test.txt upload.txt
473.  
474.  
475.  
476.  
477. Output
478. 227 Entering Passive Mode (203,0,113,0,164,71).
479. 150 Ok to send data.
480. 226 Transfer complete.
481. 16 bytes sent in 0.000894 seconds (17897 bytes/s)
482.  
483.  
484.  
485. ftp>bye
486.  
487.  
488. sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/vsftpd.pem -out /etc/ssl/private/vsftpd.pem
489.  
490. Output
491. Generating a 2048 bit RSA private key
492. ............................................................................+++
493. ...........+++
494. writing new private key to '/etc/ssl/private/vsftpd.pem'
495. -----
496. You are about to be asked to enter information that will be incorporated
497. into your certificate request.
498. What you are about to enter is what is called a Distinguished Name or a DN.
499. There are quite a few fields but you can leave some blank
500. For some fields there will be a default value,
501. If you enter '.', the field will be left blank.
502. -----
503. Country Name (2 letter code) [AU]:US
504. State or Province Name (full name) [Some-State]:NY
505. Locality Name (eg, city) []:New York City
506. Organization Name (eg, company) [Internet Widgits Pty Ltd]:DigitalOcean
507. Organizational Unit Name (eg, section) []:
508. Common Name (e.g. server FQDN or YOUR name) []:
509. Email Address []:
510.  
511.  
512. sudo nano /etc/vsftpd.conf
513.  
514.  
515. rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
516. # rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
517.  
518.  
519. rsa_cert_file=/etc/ssl/private/vsftpd.pem
520. rsa_private_key_file=/etc/ssl/private/vsftpd.pem
521.  
522.  
523. ssl_enable=YES
524.  
525.  
526. allow_anon_ssl=NO
527. force_local_data_ssl=YES
528. force_local_logins_ssl=YES
529.  
530.  
531. ssl_tlsv1=YES
532. ssl_sslv2=NO
533. ssl_sslv3=NO
534.  
535.  
536.  
537. require_ssl_reuse=NO
538. ssl_ciphers=HIGH
539.  
540.  
541.  
542.  
543. sudo systemctl restart vsftpd
544.  
545.  
546.  
547. ftp -p 203.0.113.0
548. Connected to 203.0.113.0.
549. 220 (vsFTPd 3.0.3)
550. Name (203.0.113.0:default): samp01
551. 530 Non-anonymous sessions must use encryption.
552. ftp: Login failed.
553. 421 Service not available, remote server has closed connection
554. ftp>
555.  
556.  
557.  
558.  
559. sudo nano /bin/ftponly
560.  
561.  
562.  
563. #!/bin/sh
564. echo "This account is limited to FTP access only."
565.  
566.  
567. sudo nano /etc/shells
568.  
569.  
570.  
571. . . .
572. /bin/ftponly
573.  
574.  
575. sudo usermod samp01 -s /bin/ftponly
576.  
577.  
578. ssh samp01@203.0.113.0
579.  
580.  
581. Output
582. This account is limited to FTP access only.
583. Connection to 203.0.113.0 closed.
584.  
585.  
586. sudo chmod a+x /bin/ftponly