vsFTPd Server Configuration

@Server

#vi /etc/vsftpd.conf

Check/Edit the configuration according to the below settings.

local_enable=YES
write_enable=YES
chroot_local_user=YES
chroot_list_enable=YES
pam_service_name=ftp
chroot_list_file=/etc/vsftpd.chroot_list
pasv_address=<FTP_SVR_IP>

pasv_min_port=50000
pasv_max_port=50100

The passive ports are used for FTP data transfer once a session is established, to ensure more security we can define a range of random ports to be used by the FTP server so that we can make the firewall configuration on AWS Security Groups accordingly.

The PASV data connection method is enabled to let external users know the IP address of the FTP server. This is a common problem when using FTP from behind a firewall/gateway using IP masquerading or when incoming data connections are disabled. For example.

To add an FTP user in Ubuntu/Debian :
#adduser abc
#passwd abc

Add the user “abc” to the file “/etc/vsftpd.chroot_list”.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s