June 20, 2021

Vsftp sftp server howto

Vsftp server is an ftp server that can be configured to accept sftp (encrypted port 22) traffic, for more security. In this howto, we will create an sftp server that can allow virtual users to upload to web directories, that can be accessed by apache. This will work for a shared virtual hosting server if you want to allow multiple users to upload to their web directories, for example.

Vsftp sftp server setup

First, you have to install the sftp server. This tutorial is on Debian, though it will work with other distributions with some modification

ssh you@server.ip.or.hostname
su (or sudo if you want to do that, your choice)
apt-get install vsftpd libpam-pwdfile apache2
mkdir /var/secure
htpasswd -cd /var/secure/.htpasswd someuser (just -c under squeeze)
(to add more users run:) htpasswd -d /var/secure/.htpasswd someotheruser (do not need -d under squeeze)
mv /etc/vsftpd.conf /etc/vsftpd.bak
vi /etc/vsftpd.conf (put only this stuff in here, nothing else)
  listen=YES
  anonymous_enable=NO
  local_enable=YES
  write_enable=YES
  local_umask=022
  nopriv_user=vsftpd
  virtual_use_local_privs=YES
  guest_enable=YES
  user_sub_token=$USER
  local_root=/var/www/$USER
  chroot_local_user=YES
  hide_ids=YES
  guest_username=vsftpd
  xferlog_file=/var/log/vsftpd.log
  xferlog_enable=YES
  dirmessage_enable=YES
  xferlog_std_format=YES
  data_connection_timeout=600
  dual_log_enable=YES
mv /etc/pam.d/vsftpd /etc/pam.d/vsftpd.bak
vi /etc/pam.d/vsftpd (put only these two lines in here, nothing else)
  auth required pam_pwdfile.so pwdfile /var/secure/.htpasswd
  account required pam_permit.so
useradd --home /home/vsftpd --gid nogroup -m --shell /bin/false vsftpd
id vsftpd (you should see the stuff on the next line)
uid=1002(vsftpd) gid=65534(nogroup) groups=65534(nogroup)
mkdir /var/www/someuser
mkdir /var/www/someuser/www
chmod 555 /var/www/someuser
chown -R vsftpd:nogroup /var/www/someuser
(if /var/www/someuser does not exist, the connection will fail)
/etc/init.d/vsftpd restart

Remember you can add a new virtual user by using the htpasswd command above and using the new username. Now test from the SERVER first by doing something like:

ftp 127.0.0.1
Connected to 127.0.0.1.
220 (vsFTPd 2.3.2)
Name (127.0.0.1:someuser): someuser
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
200 PORT command successful. Consider using PASV.
150 Here comes the directory listing.
drwxr-xr-x    2 ftp      ftp          4096 Oct 10 03:23 www
226 Directory send OK.
ftp> quit

if you see your connection is refused, or something else odd, start troubleshooting. Now go load an FTP client (like Filezilla or whatever) on your LAPTOP and test using:

hostname: server.ip.or.hostname
username: someuser
password: whateverpassword

and it should show you the files in that directory if things went well…

references: here, and here, YMMV