VSFTP Configuration

I just wanted to make a few notes about getting vsftp (very secure ftp) to work. It was just a matter of going through the manual and looking at the boolean operators, little fine-grained settings. I ended up setting it so that users with passwords can log in and download/upload into their home directories, but they are jailed there. The default config file that came with my build didn’t include anything about using ssl certificates, so I ended up importing a few things, but looking over it now, it isn’t that much at all.

This is how to create a certificate:

cd /etc/ssl/certs
openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout vsftpd.pem -out vsftpd.pem
chmod 600 vsftpd.pem

Then I could point to it in the vsftp config:

ssl_enable=YES
rsa_cert_file=/etc/ssl/certs/vsftpd.pem
rsa_private_key_file=/etc/ssl/certs/vsftpd.pem

I couldn’t get it to resolve from outside the local network without specifying it use passive ftp and giving it a handful of ports.

pasv_enable=YES
pasv_min_port=2024
pasv_max_port=2228

You turn on listen and you can specify which port it listens on, traditionally port 21, but it can be something else.

To get the jailed local user to work, I added:

chroot_local_user=YES
allow_writeable_chroot=YES

That’s pretty much it in terms of things I needed to add.