Of Stack

Aliyun builds FTP server with vsftpd based on CentOS

  • 2020-05-12 06:38:00
  • OfStack

Recently, we need to set up FTP server on a cloud server of aliyun. In this blog post, we share some configuration we made according to the actual requirements.

ftp USES vsftpd.

vsftpd is one of the most popular FTP server programs in the Linux distribution. It is small and light, safe and easy to use.

The name vsftpd stands for "very secure FTP daemon", and security was a top priority for its developer, Chris Evans. At the beginning of the FTP server design and development, high security was a goal.

The preparatory work

Install vsftpd

yum install vsftpd

Set the vsftpd ftp service to start on startup

chkconfig vsftpd on

Open the vsftpd configuration file

vi /etc/vsftpd/vsftpd.conf

Requirements and configuration

1. Do not allow anonymous access

anonymous_enable=NO

2. Login verification for FTP users using a local account

2.1 allow FTP user login verification using a local account

local_enable=YES

2.2 create a local account for the FTP login

Add user ftpuser, home directory is /home/ftp, disable access to SSH.

useradd -d /home/ftp -g ftp -s /sbin/nologin ftpuser -p password

This command is referenced from the CentOS 6.2 ftp configuration.

useradd command reference documentation: useradd for Linux

2.3 only the newly created ftpuser is allowed to log on to FTP

vi /etc/vsftpd/vsftpd.conf

userlist_enable=YES
userlist_deny=NO

vi /etc/vsftpd/user_list

Comment all accounts and add ftpuser

# vsftpd userlist
# If userlist_deny=NO, only allow users in this file
# If userlist_deny=YES (default), never allow users in this file, and
# do not even prompt for a password.
# Note that the default vsftpd pam config also checks /etc/vsftpd/ftpusers
# for users that are denied.
#root
#bin
#daemon
#adm
#lp
#sync
#shutdown
#halt
#mail
#news
#uucp
#operator
#games
#nobody
ftpuser

Once configured, you can remotely log in and upload files using the FTP client, which will be saved in the home directory of ftpuser, which is /home/ftp.

3. FTP downloads are not allowed

vi /etc/vsftpd/vsftpd.conf

download_enable=NO

4. Only the specified IP is allowed to connect

4.1 installation tcp_wrappers

yum -y install tcp_wrappers

4.2 check whether tcp_wrappers is set to YES

vi /etc/vsftpd/vsftpd.conf

tcp_wrappers=YES

4.3 add back IP allowed

vi /etc/hosts.allow

vsftpd: allowed IP address

4.4 reject all other IP

vi /etc/hosts.deny

vsftpd:ALL

Related articles: