====== explorer only supports plain FTP, not encrypted ======
2024-02-08
vsftpd
Sadly explorer only supports plain FTP, not encrypted
From
You must use other applications such as Filezilla or WinSCP for this type of connections and make the transfers, edits and deletions that you want.
For this you have to change two parameters of vsftpd.conf
force_local_data_ssl=NO
force_local_logins_ssl=NO
From
====== Find passive mode port from log ======
from what I understand the port is aquired by multiplying the 5th octet next to ---> PORT with 256 then adding the 6th octet to that. So the LAN client is connecting on port (196*256)+33 = 50179 While the WAN client is connecting on port (235*256)+162 = 60322
https://askubuntu.com/questions/1013520/vsftpd-not-respecting-passive-settings-in-config
====== setup of second vsftpd with different port ======
From: http://0pointer.de/blog/projects/systemd-for-admins-3.html
Also: http://0pointer.de/blog/projects/systemd-for-admins-2.html
How Do I Convert A SysV Init Script Into A systemd Service File?
From the information extracted above we can now write our systemd service file:
[Unit]
Description=Daemon to detect crashing apps
After=syslog.target
[Service]
ExecStart=/usr/sbin/abrtd
Type=forking
[Install]
WantedBy=multi-user.target
Second vsftpd_2.conf
listen=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
listen_port=21
user_sub_token=$USER
pasv_enable=YES
pasv_min_port=40101
pasv_max_port=40200
#pasv_address=1.1.1.1
userlist_enable=YES
userlist_file=/etc/vsftpd.userlist
userlist_deny=NO
# This option should be the name of a directory which is empty. Also, the
# directory should not be writable by the ftp user. This directory is used
# as a secure chroot() jail at times vsftpd does not require filesystem
# access.
secure_chroot_dir=/var/run/vsftpd/empty
#
# This string is the name of the PAM service vsftpd will use.
pam_service_name=vsftpd
#
# This option specifies the location of the RSA certificate to use for SSL
# encrypted connections.
#rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
#rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
#ssl_enable=NO
#
# Uncomment this to indicate that vsftpd use a utf8 filesystem.
#utf8_filesystem=YES
Ubuntu
load the systemd service file to:
/lib/systemd/system
[Unit]
Description=vsftpd FTP server
After=network.target
[Service]
Type=simple
ExecStart=/usr/sbin/vsftpd /etc/vsftpd_internal_21.conf
ExecReload=/bin/kill -HUP $MAINPID
ExecStartPre=-/bin/mkdir -p /var/run/vsftpd/empty
[Install]
WantedBy=multi-user.target
====== vsftpd and pasv_address ======
From : https://superuser.com/questions/819181/vsftpd-returns-wrong-pasv-address
pasv_addr_resolve=YES
Then you should be able to put a hostname instead of an IP address as the pasv_address. pasv_addr_resolv defaults to NO.
====== Good Overview ======
From: https://help.ubuntu.com/community/vsftpd
Virtual users with TLS/SSL/FTPS and a common upload directory - Complicated VSFTPD
Virtual users are users that do not exist on the system - they are not in /etc/passwd, do not
have a home directory on the system, can not login but in vsftpd - or if they do exist, they
can login in vsftpd with a non system password - security.
You can set different definitions to each virtual user, granting to each of these users different
permissions. If TLS/SSL/FTPS and virtual users are enabled, the level of security of your vsftpd
server is increased: encrypted passwords, with passwords that are not used on the system, and users
that can't access directly to their home directory (if you want).
====== vsftpd: refusing to run with writable root inside chroot () ======
From: https://www.benscobie.com/fixing-500-oops-vsftpd-refusing-to-run-with-writable-root-inside-chroot/
For the standard vsFTPd build (vsftpd):
allow_writeable_chroot=YES
For the extended vsFTPd build (vsftpd-ext):
allow_writable_chroot=YES