sudo apt update
sudo apt install vsftpd
sudo cp /etc/vsftpd.conf /etc/vsftpd.conf.orig
sudo ufw allow 20,21,990/tcp
ftp passive ports
sudo ufw allow 40000:50000/tcp
sudo adduser ftpuser
sudo mkdir /home/ftpuser/ftp
sudo chown nobody:nogroup /home/ftpuser/ftp
sudo chmod a-w /home/ftpuser/ftp
sudo mkdir /home/ftpuser/ftp/uploads
sudo chown ftpuser:ftpuser /home/ftpuser/ftp/uploads
sudo vi /etc/vsftpd.conf
anonymous_enable=NO
#
local_enable=YES
#
write_enable=YES
#
chroot_local_user=YES
#
user_sub_token=$USER
local_root=/home/$USER/ftp
#
pasv_min_port=40000
pasv_max_port=50000
#
userlist_enable=YES
userlist_file=/etc/vsftpd.userlist
userlist_deny=NO
#
bash$ echo “ftpuser” | sudo tee -a /etc/vsftpd.userlist
bash$ sudo systemctl restart vsftpd
bash$ ftp -p 192.168.1.100
bash$ sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/vsftpd.pem -out /etc/ssl/private/vsftpd.pem
bash$ sudo vi /etc/vsftpd.conf
#rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
#rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
rsa_cert_file=/etc/ssl/private/vsftpd.pem
rsa_private_key_file=/etc/ssl/private/vsftpd.pem
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
#
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
#
require_ssl_reuse=NO
ssl_ciphers=HIGH
wq!
bash$ sudo systemctl restart vsftpd
Disabling Shell access:
If secure connection is not possible, ftpuser shell access must be deny:
bash$ sudo vi /bin/ftponly
!/bin/sh
echo “This account is limited to FTP access only.”
bash$ sudo chmod a+x /bin/ftponly
bash$ sudo vi /etc/shells
/bin/ftponly
sudo usermod ftpuser -s /bin/ftponly
Notes to Myself 