Search Our Database
How to install and configure vsFTPd (Linux)
Introduction
vsftpd (Very Secure FTP Daemon) is a popular and secure FTP server for Unix-like systems. This guide will walk you through the process of installing and configuring vsftpd on a CentOS system. It includes steps for setting up FTP users, securing the connection with SSL, and ensuring the FTP server starts automatically upon system boot.
Prerequisites
- SELinux must be disabled: vsftpd will not work properly if SELinux is enabled. Refer to How to Disable SELinux for instructions.
- Root or sudo access: Ensure you have the necessary privileges to install and configure the software.
- Backup the vsftpd configuration file: Always create a backup before making changes to system files.
Step-by-Step Guide
Step 1: Install vsftpd on CentOS
Run the following command to install vsftpd using the server’s terminal:
yum install vsftpd -y
Step 2: Back up the vsftpd configuration file
Navigate to the /etc/vsftpd directory and create a backup of the default vsftpd.conf file:
cd /etc/vsftpd cp -p vsftpd.conf vsftpd.conf.ori
Step 3: Create a chroot list file
Create a vsftpd.chroot_list file in the /etc/ directory. This file lists the users who will be granted access to the root (/) directory:
touch /etc/vsftpd.chroot_list
Step 4: Modify the vsftpd configuration file
Use the following commands to modify vsftpd.conf. These changes disable anonymous access, configure chroot settings, and enable SSL support:
/usr/bin/perl -pi -e "s/anonymous_enable=YES/anonymous_enable=NO/g" /etc/vsftpd/vsftpd.conf /usr/bin/perl -pi -e "s/xferlog_enable=YES/#xferlog_enable=YES/g" /etc/vsftpd/vsftpd.conf /usr/bin/perl -pi -e "s/connect_from_port_20=YES/#connect_from_port_20=YES/g" /etc/vsftpd/vsftpd.conf /usr/bin/perl -pi -e "s/xferlog_std_format=YES/#xferlog_std_format=YES/g" /etc/vsftpd/vsftpd.conf /usr/bin/perl -pi -e "s/#ftpd_banner=Welcome to blah FTP service./ftpd_banner=Hello./g" /etc/vsftpd/vsftpd.conf echo "chroot_local_user=YES" >> /etc/vsftpd/vsftpd.conf echo "chroot_list_enable=YES" >> /etc/vsftpd/vsftpd.conf echo "chroot_list_file=/etc/vsftpd.chroot_list" >> /etc/vsftpd/vsftpd.conf echo "dual_log_enable=YES" >> /etc/vsftpd/vsftpd.conf echo "ssl_enable=YES" >> /etc/vsftpd/vsftpd.conf echo "allow_anon_ssl=NO" >> /etc/vsftpd/vsftpd.conf echo "force_local_data_ssl=YES" >> /etc/vsftpd/vsftpd.conf echo "force_local_logins_ssl=YES" >> /etc/vsftpd/vsftpd.conf echo "ssl_ciphers=HIGH" >> /etc/vsftpd/vsftpd.conf echo "ssl_tlsv1=YES" >> /etc/vsftpd/vsftpd.conf echo "ssl_sslv2=NO" >> /etc/vsftpd/vsftpd.conf echo "ssl_sslv3=NO" >> /etc/vsftpd/vsftpd.conf echo "rsa_cert_file=/cert/server.crt" >> /etc/vsftpd/vsftpd.conf echo "rsa_private_key_file=/cert/server.key" >> /etc/vsftpd/vsftpd.conf echo "pasv_enable=YES" >> /etc/vsftpd/vsftpd.conf echo "pasv_min_port=40000" >> /etc/vsftpd/vsftpd.conf echo "pasv_max_port=41000" >> /etc/vsftpd/vsftpd.conf
Step 5: Enable vsftpd to start on boot
Ensure that the vsftpd service starts automatically whenever the server is rebooted:
chkconfig vsftpd on
Step 6: Start the vsftpd service
Start the vsftpd service to apply the changes:
service vsftpd start
Step 7: Troubleshoot SSL issues
If you encounter an error, it might be caused by the ssl_enable=YES setting. If necessary, disable SSL by changing ssl_enable=YES to ssl_enable=NO in the vsftpd.conf file, though this is not recommended. For more information on how to generate SSL certificates, refer to: How to Create a Self-Signed SSL Certificate.
Additional Information
If you encountered an ERROR as such:
Refer to the article below on how to secure your FTP access: How to Secure your FTP Access
Conclusion
By following this guide, you’ve successfully installed and configured vsftpd on your CentOS server. Remember to ensure SELinux is disabled before starting. For more information on securing your FTP access, please refer to the guide: How to Secure Your FTP Access. For additional assistance, please contact our support team at support@ipserverone.com.