====== vSFTPD ======
===== Installation =====
apt-get install vsftpd
===== Configuration =====
==== Add a ftp user ====
Add a user for ftp (or use an existing one and skip this step)
useradd --shell /bin/false --home
passwd
Add the created (or existing) user the "allowed users" of your vsftpd.
Create the following file:
# Run standalone? vsftpd can run either from an inetd or as a standalone
# daemon started from an initscript.
listen=YES
# Allow anonymous FTP? (Disabled by default)
anonymous_enable=NO
# Uncomment this to allow local users to log in.
local_enable=YES
#local_enable=YES
# Uncomment this to enable any form of FTP write command.
write_enable=YES
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
local_umask=022
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
anon_upload_enable=NO
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
anon_mkdir_write_enable=NO
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
# If enabled, vsftpd will display directory listings with the time
# in your local time zone. The default is to display GMT. The
# times returned by the MDTM FTP command are also affected by this
# option.
use_localtime=YES
# Activate logging of uploads/downloads.
xferlog_enable=YES
# You may override where the log file goes if you like. The default is shown
# below.
xferlog_file=/var/log/vsftpd.log
# If you want, you can have your log file in standard ftpd xferlog format.
# Note that the default log file location is /var/log/xferlog in this case.
xferlog_std_format=NO
# You may change the default value for timing out an idle session.
idle_session_timeout=600
# You may change the default value for timing out a data connection.
data_connection_timeout=120
# You may fully customise the login banner string:
ftpd_banner=Welcome to Lunetikks FTP
# You may restrict local users to their home directories. See the FAQ for
# the possible risks in this before using chroot_local_user or
# chroot_list_enable below.
chroot_local_user=YES
#
# This option should be the name of a directory which is empty. Also, the
# directory should not be writable by the ftp user. This directory is used
# as a secure chroot() jail at times vsftpd does not require filesystem
# access.
secure_chroot_dir=/var/run/vsftpd/empty
# This string is the name of the PAM service vsftpd will use.
#pam_service_name=vsftpd
pam_service_name=ftp
# This option specifies the location of the RSA certificate to use for SSL
# encrypted connections.
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
# This option specifies the location of the RSA key to use for SSL
# encrypted connections.
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
allow_writeable_chroot=YES
# only allow login by users in /etc/vsftpd.users
userlist_enable=YES
userlist_deny=NO
userlist_file=/etc/vsftpd.users
#split the log into two files (needed for fail2ban)
dual_log_enable=YES
===== Troubleshooting =====
==== 530 Login incorrect ====
Trying to connect fails with the following message: \\
530 Login incorrect
__Reason:__ \\
Wrong pam name on Ubuntu 14 and lower.\\
__Fix:__ \\
Change the "pam_service_name" parameter in your /etc/vsftpd.conf from\\
pam_service_name=vsftpd
to\\
pam_service_name=ftp
and restart your service\\
service vsftpd restart
[[https://askubuntu.com/questions/413677/vsftpd-530-login-incorrect|https://askubuntu.com/questions/413677/vsftpd-530-login-incorrect]]