Module -11 VSFTP Configuration RHEL 6.x

VSFTP:

Vsftpd (Very Secure FTP Daemon) is an FTP server for UNIX-like systems, including CentOS / RHEL / Fedora and other Linux distributions.

It supports IPv6, SSL, locking users to their home directories and many other advanced features.

VSFTPD offer security, performance and stability over other servers. A quick list of vsftpd features:

  1. Virtual IP configurations
  2. Virtual users
  3. Per-user configuration
  4. Bandwidth throttling
  5. Per-source-IP configurability
  6. Per-source-IP limits
  7. IPv6 ready
  8. Encryption support through SSL integration
  9. And much more.

Vsftpd Defaults

  1. Default port: TCP  – 21
  2. The main configuration file: /etc/vsftpd/vsftpd.conf
  3. Users in this file are not allowed to login via ftp: /etc/vsftpd/ftpusers
  4. Users in this file are allowed to login via ftp: /etc/vsftpd/users_list

Let us install VSFTP Master server:

Login to master servers as a “root” user.

Step:1    Install Vsftpd FTP Server

Install the vsftpd package via yum command:
# yum install vsftpd

# yum install ftp

Step:2    Verify Vsftpd package

# rpm -qa | grep ftp
vsftpd-3.0.2-9.el7.x86_64


Step:3 Start the vsftpd services

# service vsftpd start
Starting vsftpd for vsftpd:                                [  OK  ]

#chkconfig vsftpd on

Step:4   Verfiy vsftpd service is running

#service vsftpd status
vsftpd (pid 3824) is running…

or

#netstat -an | grep 21
tcp        0      0 0.0.0.0:21                  0.0.0.0:*                   LISTEN

 Step:5  Configure VSFTPD server

Open the configuration file, and add the new line “userlist_deny=NO”

# vi /etc/vsftpd/vsftpd.conf

userlist_deny=NO

:wq!

Step:6   Restart the VSFTPD service

#service vsftpd restart
Shutting down vsftpd:                                      [  OK  ]
Starting vsftpd for vsftpd:                                [  OK  ]

…..Good, Now our VSFTP server is ready.

To test the FTP connection, we need to create user in master server.

Step:7  Add the test user & set password

#useradd -d /home/ftpuser -m ftpuser

# passwd ftpuser

New password: ******
Retype new password:******   (remember your password)

Step:8  Login as “ftpuser” and create some sample files & change permission

su – ftpuser

touch file-a

touch file-b

touch file-c

chmod -R 777 /home/ftpuser

 

Step: 8  Add this new user “ftpuser” in our “FTP allow list”

vi /etc/vsftpd/user_list

ftpuser

:wq!

Step:9   Disable  IPTABLES & SELINUX in master server  & client server

#service iptables stop

#chkconfig iptabls off

#setenforce 0

Now, user is ready to connect from client server

Step:10  Login to client server and connect FTP

# cd /tmp

# ftp 10.0.0.10
Connected to remote host (10.0.0.10).
220 (vsFTPd 2.2.2)
Name (localhost:root): ftpuser
331 Please specify the password.
Password:xxxx
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>

Note:  You are now connected with remote (master) server

Step:11  List, get the files

ftp> ls

file-a   file-b   file-c  file-d

ftp> get file-a

local: apple remote: file-a
227 Entering Passive Mode (127,0,0,1,215,115).
150 Opening BINARY mode data connection for file-a (0 bytes).
226 Transfer complete.

ftp> quit

Now you have successfully downloaded the ” file-a” from master server to your client server.

To check :

cd /tmp

ls -ltr ( you  should see a file)

Step:12  To put (upload) the file from client to Server

ftp> put a.txt

Go to Master server and check.

We are done !!

 

Error: Entering passive mode:

http://stackoverflow.com/questions/7052875/setting-up-ftp-on-amazon-cloud-server

Note: If you are using AWS ec2 instance as FTP master, add the following lines in /etc/vsftpd/vsftpd.config

# Additional configuration
#write_enable=YES
pasv_max_port=41000
pasv_min_port=40000
port_enable=YES
pasv_enable=YES

and  this enables passive mode and restricts it to using the thousand ports for data connections. This is useful as you need to open these ports on your firewall.

Add the port ranges as above (20-21 and 40000-41000) and apply the rule changes in inbound.

and …

restart the vsftpd service

What happens when you make a connection

  • Your client makes a connection to the vsftpd server on port 21.
  • The sever responds to the client telling it which port to connect to from the range specified above.
  • The client makes a data connection on the specified port and the session continues.

Leave a Comment

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>