Marcus Hall

User Tools

Site Tools

Trace: android btrfs minicom encryption
software:linux:vsftpd

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
software:linux:vsftpd [2015/09/30 01:30] – created superwizardsoftware:linux:vsftpd [2024/02/10 04:48] (current) – [Find passive mode port from log] superwizard
Line 1: Line 1:
 +====== explorer only supports plain FTP, not encrypted ======
 +
 +
 +<WRAP center round box >
 +2024-02-08
 +
 +vsftpd
 +
 +Sadly explorer only supports plain FTP, not encrypted
 +
 +From <https://www.reddit.com/r/techsupport/comments/uvzhwy/ftp_with_tls_on_windows_explorer/> 
 +
 +You must use other applications such as Filezilla or WinSCP for this type of connections and make the transfers, edits and deletions that you want.
 +For this you have to change two parameters of vsftpd.conf
 +    force_local_data_ssl=NO 
 +    force_local_logins_ssl=NO
 +
 +From <https://askubuntu.com/questions/1166871/ftp-server-with-tls-does-not-work-in-windows-file-explorer-and-browsers> 
 +
 +
 +</WRAP>
 +
 +
 +====== Find passive mode port from log ======
 +
 +
 +<WRAP center round box >
 +
 +from what I understand the port is aquired by multiplying the 5th octet next to ---> PORT with 256 then adding the 6th octet to that. So the LAN client is connecting on port (196*256)+33 = 50179 While the WAN client is connecting on port (235*256)+162 = 60322
 +
 +https://askubuntu.com/questions/1013520/vsftpd-not-respecting-passive-settings-in-config
 +
 +
 +</WRAP>
 +
 +
 +====== setup of second vsftpd with different port ======
 +
 +From: http://0pointer.de/blog/projects/systemd-for-admins-3.html
 +
 +Also: http://0pointer.de/blog/projects/systemd-for-admins-2.html
 +
 +How Do I Convert A SysV Init Script Into A systemd Service File?
 +
 +<code>
 +From the information extracted above we can now write our systemd service file:
 +
 +[Unit]
 +Description=Daemon to detect crashing apps
 +After=syslog.target
 +
 +[Service]
 +ExecStart=/usr/sbin/abrtd
 +Type=forking
 +
 +[Install]
 +WantedBy=multi-user.target
 +
 +
 +Second vsftpd_2.conf
 +listen=YES
 +anonymous_enable=NO
 +local_enable=YES
 +write_enable=YES
 +dirmessage_enable=YES
 +use_localtime=YES
 +xferlog_enable=YES
 +connect_from_port_20=YES
 +listen_port=21
 +user_sub_token=$USER
 +pasv_enable=YES
 +pasv_min_port=40101
 +pasv_max_port=40200
 +#pasv_address=1.1.1.1
 +userlist_enable=YES
 +userlist_file=/etc/vsftpd.userlist
 +userlist_deny=NO
 +
 +# This option should be the name of a directory which is empty.  Also, the
 +# directory should not be writable by the ftp user. This directory is used
 +# as a secure chroot() jail at times vsftpd does not require filesystem
 +# access.
 +secure_chroot_dir=/var/run/vsftpd/empty
 +#
 +# This string is the name of the PAM service vsftpd will use.
 +pam_service_name=vsftpd
 +#
 +# This option specifies the location of the RSA certificate to use for SSL
 +# encrypted connections.
 +#rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
 +#rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
 +#ssl_enable=NO
 +
 +#
 +# Uncomment this to indicate that vsftpd use a utf8 filesystem.
 +#utf8_filesystem=YES
 +
 +
 +Ubuntu
 +load the systemd service file to:
 +
 +/lib/systemd/system
 +
 +[Unit]
 +Description=vsftpd FTP server
 +After=network.target
 +
 +[Service]
 +Type=simple
 +ExecStart=/usr/sbin/vsftpd /etc/vsftpd_internal_21.conf
 +ExecReload=/bin/kill -HUP $MAINPID
 +ExecStartPre=-/bin/mkdir -p /var/run/vsftpd/empty
 +
 +[Install]
 +WantedBy=multi-user.target
 +
 +</code>
 +
 +====== vsftpd and pasv_address ======
 +
 +From : https://superuser.com/questions/819181/vsftpd-returns-wrong-pasv-address
 +
 +<code>
 +pasv_addr_resolve=YES
 +Then you should be able to put a hostname instead of an IP address as the pasv_address. pasv_addr_resolv defaults to NO.
 +</code>
 +
 +====== Good Overview ======
 +
 +
 +From: https://help.ubuntu.com/community/vsftpd
 +
 +<code>
 +Virtual users with TLS/SSL/FTPS and a common upload directory - Complicated VSFTPD
 +Virtual users are users that do not exist on the system - they are not in /etc/passwd, do not 
 +have a home directory on the system, can not login but in vsftpd - or if they do exist, they 
 +can login in vsftpd with a non system password - security. 
 +
 +You can set different definitions to each virtual user, granting to each of these users different 
 +permissions. If TLS/SSL/FTPS and virtual users are enabled, the level of security of your vsftpd 
 +server is increased: encrypted passwords, with passwords that are not used on the system, and users 
 +that can't access directly to their home directory (if you want). 
 +</code>
 +
 ====== vsftpd: refusing to run with writable root inside chroot () ====== ====== vsftpd: refusing to run with writable root inside chroot () ======
  
software/linux/vsftpd.1443576631.txt.gz · Last modified: by superwizard