![]() sudo chown root:root /home/harry Step 17 » Create a directory “upload” inside home directory and modify ownership. Step 16 » Modify home directory permission. sudo useradd -m harry -s /usr/sbin/nologin -G ftpaccess sudo passwd harry Perform below steps to chroot users to their home directories. Step 14 » Now restart ssh service.**Please perform this step in the console since you may loose SSH connection while doing the service restart.** sudo systemctl restart ssh Step 15 » Create an user with nologin shell and with group ftpacess. Subsystem sftp internal-sftp Match group ftpaccess ChrootDirectory %h X11Forwarding no AllowTcpForwarding no ForceCommand internal-sftp #Subsystem sftp /usr/lib/openssh/sftp-serverand add these lines at the end of the file. sudo addgroup ftpaccess Step 13 » Edit /etc/ssh/sshd_config file and comment the below line. sudo apt-get install openssh-server Step 12 » Create a new group for SFTP users. Step 11 » Install OpenSSH package if it is not installed. SFTP uses different protocol, It is more secure than FTP since it uses ssh port for data transfer. After successful login, You will be able to tranfer data with encrypted. This option can be found in Winscp and filezilla tools. sudo systemctl restart vsftpd Step 10 » Try to connect FTP using with TLS/SSL explicit options. rsa_cert_file=/etc/ssl/private/ftps_vsftpd.pem rsa_private_key_file=/etc/ssl/private/ftps_vsftpd.pem ssl_enable=YES Step 9 » Now restart vsftpd service and check the status. Find and modify below lines as per our certificate location and enable SSL. sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/ftps_vsftpd.pem -out /etc/ssl/private/ftps_vsftpd.pem Step 8 » Now make changes in /etc/nf file to enable and configure SSL. Here we are going to create 2048 bit RSA certificate with 365 days validity. Step 7 » Create new SSL certificate using below command. We can create self signed SSL certificate using openssl command. ftp> Secure FTP ( FTPS )įTP connections can be secured by using SSL certificate. echo "/usr/sbin/nologin" | sudo tee -a /etc/shells Test your FTP configuration. sudo useradd -m jack -s /usr/sbin/nologin sudo passwd jack Step 6 » Add “/usr/sbin/nologin” to /etc/shells file to enable login access for the users who uses nologin shell. Use /usr/sbin/nologin shell to limit access. Step 5 » Now create an user to test FTP server. Status should be active and running.If the service is failed to start, Troubleshoot yourself by commenting the lines one by one and check the status after service restart. Feb 25 14:32:35 leela systemd: Started vsftpd FTP server.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |