File Transfer Protocol (FTP) is a TCP protocol for uploading and downloading files between computers. FTP works on a client/server model. The server component is called an FTP daemon. It continuously listens for FTP requests from remote clients. When a request is received, it manages the login and sets up the connection. For the duration of the session it executes any of commands sent by the FTP client.
Access to an FTP server can be managed in two ways:
- Anonymous
- Authenticated
In the Anonymous mode, remote clients can access the FTP server by using the default user account called "anonymous" or "ftp" and sending an email address as the password. In the Authenticated mode a user must have an account and a password. User access to the FTP server directories and files is dependent on the permissions defined for the account used at login. As a general rule, the FTP daemon will hide the root directory of the FTP server and change it to the FTP Home directory. This hides the rest of the file system from remote sessions.
vsftpd is an FTP daemon available in Ubuntu. It is easy to install, set up, and maintain. To install vsftpd you can run the following command:
whoami@whoami:~$ sudo apt-get install vsftpd
[sudo] password for whoami:
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
linux-headers-2.6.35-22 linux-headers-2.6.35-22-generic
Use 'apt-get autoremove' to remove them.
The following NEW packages will be installed:
vsftpd
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 116kB of archives.
After this operation, 442kB of additional disk space will be used.
Get:1 http://id.archive.ubuntu.com/ubuntu/ maverick-updates/main vsftpd i386 2.3.0~pre2-4ubuntu2.3 [116kB]
Fetched 116kB in 6s (16,9kB/s)
Prakonfigurasi paket ...
Memilih paket vsftpd yang sebelumnya tidak dipilih.
(Sedang membaca basis data ...228073 berkas dan direktori telah terpasang.)
Sedang membuka paket vsftpd (dari .../vsftpd_2.3.0~pre2-4ubuntu2.3_i386.deb) ...
Processing triggers for man-db ...
Processing triggers for ureadahead ...
ureadahead will be reprofiled on next reboot
Sedang menyetel vsftpd (2.3.0~pre2-4ubuntu2.3) ...
Adding user ftp to group ftp
vsftpd start/running, process 12131
Anonymous FTP Configuration
/etc/vsftpd.conf changing:anonymous_enable=YesDuring installation a ftp user is created with a home directory of
/srv/ftp. This is the default FTP directory.If you wish to change this location, to
/srv/files/ftp for example, simply create a directory in another location and change the ftp user's home directory:sudo mkdir /srv/files/ftpAfter making the change restart vsftpd:
sudo usermod -d /srv/files/ftp ftp
sudo restart vsftpdFinally, copy any files and directories you would like to make available through anonymous FTP to
/srv/files/ftp, or/srv/ftp if you wish to use the default.By default vsftpd is configured to authenticate system users and allow them to download files. If you want users to be able to upload files, edit
Similarly, by default, the anonymous users are not allowed to upload files to FTP server. To change this setting, you should uncomment the following line, and restart vsftpd:
The configuration file consists of many configuration parameters. The information about each parameter is available in the configuration file. Alternatively, you can refer to the man page, man 5 vsftpd.conf for details of each parameter.
/etc/vsftpd.conf:write_enable=YESNow restart vsftpd:
sudo restart vsftpdNow when system users login to FTP they will start in their home directories where they can download, upload, create directories, etc.
Similarly, by default, the anonymous users are not allowed to upload files to FTP server. To change this setting, you should uncomment the following line, and restart vsftpd:
anon_upload_enable=YES
![[Warning]](https://help.ubuntu.com/10.10/libs/admon/warning.png) | |
| Enabling anonymous FTP upload can be an extreme security risk. It is best to not enable anonymous upload on servers accessed directly from the Internet. |
There are options in
FTP can also be encrypted using FTPS. Different from SFTP, FTPS is FTP over Secure Socket Layer (SSL). SFTP is a FTP like session over an encrypted SSH connection. A major difference is that users of SFTP need to have a shell account on the system, instead of a nologin shell. Providing all users with a shell may not be ideal for some environments, such as a shared web host.
To configure FTPS, edit
Now restart vsftpd, and non-anonymous users will be forced to use FTPS:
Most popular FTP clients can be configured connect using FTPS. The lftp command line FTP client has the ability to use FTPS as well.
#SUMBER#https://help.ubuntu.com/10.10/serverguide/C/ftp-server.html
/etc/vsftpd.conf to help make vsftpd more secure. For example users can be limited to their home directories by uncommenting:chroot_local_user=YESYou can also limit a specific list of users to just their home directories:
chroot_list_enable=YESAfter uncommenting the above options, create a
chroot_list_file=/etc/vsftpd.chroot_list
/etc/vsftpd.chroot_list containing a list of users one per line. Then restart vsftpd:sudo restart vsftpdAlso, the
/etc/ftpusers file is a list of users that are disallowed FTP access. The default list includes root, daemon, nobody, etc. To disable FTP access for additional users simply add them to the list.FTP can also be encrypted using FTPS. Different from SFTP, FTPS is FTP over Secure Socket Layer (SSL). SFTP is a FTP like session over an encrypted SSH connection. A major difference is that users of SFTP need to have a shell account on the system, instead of a nologin shell. Providing all users with a shell may not be ideal for some environments, such as a shared web host.
To configure FTPS, edit
/etc/vsftpd.conf and at the bottom add:ssl_enable=YesAlso, notice the certificate and key related options:
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pemBy default these options are set the certificate and key provided by the ssl-cert package. In a production environment these should be replaced with a certificate and key generated for the specific host. For more information on certificates see the section called �Certificates�.
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
Now restart vsftpd, and non-anonymous users will be forced to use FTPS:
sudo restart vsftpdTo allow users with a shell of
/usr/sbin/nologin access to FTP, but have no shell access, edit /etc/shells adding thenologin shell:# /etc/shells: valid login shellsThis is necessary because, by default vsftpd uses PAM for authentication, and the
/bin/csh
/bin/sh
/usr/bin/es
/usr/bin/ksh
/bin/ksh
/usr/bin/rc
/usr/bin/tcsh
/bin/tcsh
/usr/bin/esh
/bin/dash
/bin/bash
/bin/rbash
/usr/bin/screen
/usr/sbin/nologin
/etc/pam.d/vsftpd configuration file contains:auth required pam_shells.soThe shells PAM module restricts access to shells listed in the
/etc/shells file.Most popular FTP clients can be configured connect using FTPS. The lftp command line FTP client has the ability to use FTPS as well.
#SUMBER#https://help.ubuntu.com/10.10/serverguide/C/ftp-server.html
No comments:
Post a Comment