Table of Contents
explorer only supports plain FTP, not encrypted
2024-02-08
vsftpd
Sadly explorer only supports plain FTP, not encrypted
From <https://www.reddit.com/r/techsupport/comments/uvzhwy/ftp_with_tls_on_windows_explorer/>
You must use other applications such as Filezilla or WinSCP for this type of connections and make the transfers, edits and deletions that you want. For this you have to change two parameters of vsftpd.conf
force_local_data_ssl=NO force_local_logins_ssl=NO
Find passive mode port from log
from what I understand the port is aquired by multiplying the 5th octet next to —> PORT with 256 then adding the 6th octet to that. So the LAN client is connecting on port (196*256)+33 = 50179 While the WAN client is connecting on port (235*256)+162 = 60322
https://askubuntu.com/questions/1013520/vsftpd-not-respecting-passive-settings-in-config
setup of second vsftpd with different port
From: http://0pointer.de/blog/projects/systemd-for-admins-3.html
Also: http://0pointer.de/blog/projects/systemd-for-admins-2.html
How Do I Convert A SysV Init Script Into A systemd Service File?
From the information extracted above we can now write our systemd service file: [Unit] Description=Daemon to detect crashing apps After=syslog.target [Service] ExecStart=/usr/sbin/abrtd Type=forking [Install] WantedBy=multi-user.target Second vsftpd_2.conf listen=YES anonymous_enable=NO local_enable=YES write_enable=YES dirmessage_enable=YES use_localtime=YES xferlog_enable=YES connect_from_port_20=YES listen_port=21 user_sub_token=$USER pasv_enable=YES pasv_min_port=40101 pasv_max_port=40200 #pasv_address=1.1.1.1 userlist_enable=YES userlist_file=/etc/vsftpd.userlist userlist_deny=NO # This option should be the name of a directory which is empty. Also, the # directory should not be writable by the ftp user. This directory is used # as a secure chroot() jail at times vsftpd does not require filesystem # access. secure_chroot_dir=/var/run/vsftpd/empty # # This string is the name of the PAM service vsftpd will use. pam_service_name=vsftpd # # This option specifies the location of the RSA certificate to use for SSL # encrypted connections. #rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem #rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key #ssl_enable=NO # # Uncomment this to indicate that vsftpd use a utf8 filesystem. #utf8_filesystem=YES Ubuntu load the systemd service file to: /lib/systemd/system [Unit] Description=vsftpd FTP server After=network.target [Service] Type=simple ExecStart=/usr/sbin/vsftpd /etc/vsftpd_internal_21.conf ExecReload=/bin/kill -HUP $MAINPID ExecStartPre=-/bin/mkdir -p /var/run/vsftpd/empty [Install] WantedBy=multi-user.target
vsftpd and pasv_address
From : https://superuser.com/questions/819181/vsftpd-returns-wrong-pasv-address
pasv_addr_resolve=YES Then you should be able to put a hostname instead of an IP address as the pasv_address. pasv_addr_resolv defaults to NO.
Good Overview
From: https://help.ubuntu.com/community/vsftpd
Virtual users with TLS/SSL/FTPS and a common upload directory - Complicated VSFTPD Virtual users are users that do not exist on the system - they are not in /etc/passwd, do not have a home directory on the system, can not login but in vsftpd - or if they do exist, they can login in vsftpd with a non system password - security. You can set different definitions to each virtual user, granting to each of these users different permissions. If TLS/SSL/FTPS and virtual users are enabled, the level of security of your vsftpd server is increased: encrypted passwords, with passwords that are not used on the system, and users that can't access directly to their home directory (if you want).
vsftpd: refusing to run with writable root inside chroot ()
From: https://www.benscobie.com/fixing-500-oops-vsftpd-refusing-to-run-with-writable-root-inside-chroot/
For the standard vsFTPd build (vsftpd): allow_writeable_chroot=YES For the extended vsFTPd build (vsftpd-ext): allow_writable_chroot=YES