The officially official Devuan Forum!

You are not logged in.

#1 2020-08-03 13:11:42

Devuman
Member
Registered: 2018-02-27
Posts: 29  

vsftpd TLS/SSL/FTPS

Re: https://help.ubuntu.com/community/vsftp … SSL.2FFTPS

No need to create a certificate if openssl package is installed!

Is this true?

Last edited by Devuman (2020-08-03 13:37:24)

Offline

#2 2020-08-03 16:33:02

Vernon
Member
Registered: 2020-07-19
Posts: 89  

Re: vsftpd TLS/SSL/FTPS

Not sure why anyone would fool around with TLS/SSL/FTPS vsptd when you can accomplish the same thing, only better with sftp whcih is enabled in most sshd servers.

Filezilla supports sftp and if the user is using Linux, the user can simply put an sftp  URL in their File Manager window

Example: sftp://share@my-public-ssh-server.org/

and access your ssh/sftp server graphically through their file manager.

I have some friends with whom I share data. They are not malicious but are not tech savvy and could accidentally create havoc. I wanted to restrict them to a share home directory for downloads while only allowing uploads in one sub-directory called upload - similar to an anonymous ftp server.

Create a user called share with adduser as root.

Change the share user /etc/passwd entry to look, something like the below.

share:x:1010:1010:Share,,,:/home/share:/usr/sbin/nologin

/usr/sbin/nologin will only allow sftp logins and disallow ssh logins - files can be transferred but the user can never get a shell. This also restricts sftp to directory /home/share and its subdirectories.

Make sure that there /etc/group entry something like

share:x:1010:

As root. issue the following command.

mkdir -p /home/share/dev/
cd /home/share/dev/
mknod -m 666 null c 1 3
mknod -m 666 tty c 5 0
mknod -m 666 zero c 1 5
mknod -m 666 random c 1 8

Make sure that /home/share is owned by root in order to ensure that users can only download and not upload or delete files except in the upload sub-directory.

In the end, you should have something that looks like the below.

drwxr-xr-x 5 root root 4096 Jan 24 16:02 /home/share
drwxr-xr-x 2 root  root    4096 Apr 29 00:52 /home/share/dev
drwxr-xr-x 2 share share  12288 Jan 29 21:44 /home/share/upload
crw-rw-rw- 1 root root 1, 3 Jan 29 00:52 /home/share/dev/null
crw-rw-rw- 1 root root 1, 8 Jan 29 00:52 /home/share/dev/random
crw-rw-rw- 1 root root 5, 0 Jan 29 00:52 /home/share/dev/tty
crw-rw-rw- 1 root root 1, 5 Jan 29 00:52 /home/share/dev/zero

The above are modified instructions from here

I also have an anonymous ftp server. Good instructions are here. Note that transferring files via FTP is extremely secure if every file is encrypted. But when you get tired of encrypting every file, SFTP is the best choice.

Last edited by Vernon (2020-08-03 16:38:45)

Offline

Board footer