VSFTPD Configuration – RedHat Enterprise 6.x
Past week, I had to research and learn about “VSFTPD” and implement SFTP server for one of our customers.
I want to share the instructions and my experiences about that. May be, It will help you in future.
What is “VSFTPD”?
“VSFTPD”, (or very secure FTP daemon) is an FTP server for Unix-like systems, including Linux. It is licensed under the GNU General Public License. It supports IPv6 and SSL.
“VSFTPD” supports explicit (since 2.0.0) and implicit (since 2.1.0) FTPS.
“VSFTPD” is the default FTP server in the Ubuntu, CentOS, Fedora, NimbleX, Slackware and RHEL Linux distributions.
What is scenario?
We need to create an user for SFTP connection and restrict the user in the user’s home directory.
The user can put files to “Outgoing” directory for upload and put files to “Incoming” directory for download.
The directories are in “/home/the_user_folder/” and the user will be restricted and the user can’t create directory in home directory but can create directory in “Incoming” and “Outgoing” directories.
Implementation
First Step, Installation
In order to implement VSFTPD server, we need to install two packages:
- OpenSSL
- VSFTPD
You can install them by YUM or by RPM.
Like this:
rpm -i /media/RHEL-6.8\ Server.x86_64/Packages/openssl098e-0.9.8e-20.el6_7.1.x86_64.rpm rpm -i /media/RHEL-6.8\ Server.x86_64/Packages/vsftpd-2.2.2-21.el6.x86_64.rpm
Don’t forget mark the service as a startup service:
chkconfig vsftpd on
VSFTPD Configuration
At first step of configuration, we should configure our vsftpd.conf file. Take backup from original file before editing that.
mv /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf.original
Then create a new file and add the below lines to that:
vi /etc/vsftpd/vsftpd.conf
listen=YES anonymous_enable=NO local_enable=YES pam_service_name=vsftpd chroot_local_user=YES write_enable=YES local_umask=022 tcp_wrappers=YES userlist_enable=YES userlist_file=/etc/vsftpd/user_list_access userlist_deny=NO
Create user list file and the user to that:
vi /etc/vsftpd/user_list_access
Then restart vsftpd service to reload the new configurations:
service vsftpd restart
User and Group Creation
We need to an user and a group for our SFTP users, so create them by run the below commands:
groupadd sftpusers useradd -g sftpusers sftpuser passwd sftpuser
Logon to the system by sftpuser and create two folders on its home directory:
su - sftpuser mkdir incoming mkdir outgoing
Now exit and logon to root account again and change the sftpuser’s home directory owner:
chown root:root /home/sftpuser chmod 750 /home/sftpuser OR chmod 755 /home/sftpuser
Configuring SSH
After creating user and group, we need to do some changes on our SSH configuration file.
So edit “/etc/ssh/sshd_config” file and find “Subsystem sftp /usr/libexec/openssh/sftp-server”.
Comment it and insert the below lines to the file:
Subsystem sftp internal-sftp Match Group sftpusers ChrootDirectory %h X11Forwarding no AllowTcpForwarding no ForceCommand internal-sftp
Save the file and exit. Then restart SSH service:
service sshd restart
[quotes_and_tips]