Vsftp server is an ftp server that can be configured to accept sftp (encrypted port 22) traffic, for more security. In this howto, we will create an sftp server that can allow virtual users to upload to web directories, that can be accessed by apache. This will work for a shared virtual hosting server if you want to allow multiple users to upload to their web directories, for example.
Vsftp sftp server setup
First, you have to install the sftp server. This tutorial is on Debian, though it will work with other distributions with some modification
ssh you@server.ip.or.hostname su (or sudo if you want to do that, your choice) apt-get install vsftpd libpam-pwdfile apache2 mkdir /var/secure htpasswd -cd /var/secure/.htpasswd someuser (just -c under squeeze) (to add more users run:) htpasswd -d /var/secure/.htpasswd someotheruser (do not need -d under squeeze) mv /etc/vsftpd.conf /etc/vsftpd.bak vi /etc/vsftpd.conf (put only this stuff in here, nothing else) listen=YES anonymous_enable=NO local_enable=YES write_enable=YES local_umask=022 nopriv_user=vsftpd virtual_use_local_privs=YES guest_enable=YES user_sub_token=$USER local_root=/var/www/$USER chroot_local_user=YES hide_ids=YES guest_username=vsftpd xferlog_file=/var/log/vsftpd.log xferlog_enable=YES dirmessage_enable=YES xferlog_std_format=YES data_connection_timeout=600 dual_log_enable=YES mv /etc/pam.d/vsftpd /etc/pam.d/vsftpd.bak vi /etc/pam.d/vsftpd (put only these two lines in here, nothing else) auth required pam_pwdfile.so pwdfile /var/secure/.htpasswd account required pam_permit.so useradd --home /home/vsftpd --gid nogroup -m --shell /bin/false vsftpd id vsftpd (you should see the stuff on the next line) uid=1002(vsftpd) gid=65534(nogroup) groups=65534(nogroup) mkdir /var/www/someuser mkdir /var/www/someuser/www chmod 555 /var/www/someuser chown -R vsftpd:nogroup /var/www/someuser (if /var/www/someuser does not exist, the connection will fail) /etc/init.d/vsftpd restart |
Remember you can add a new virtual user by using the htpasswd command above and using the new username. Now test from the SERVER first by doing something like:
ftp 127.0.0.1 Connected to 127.0.0.1. 220 (vsFTPd 2.3.2) Name (127.0.0.1:someuser): someuser 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> ls 200 PORT command successful. Consider using PASV. 150 Here comes the directory listing. drwxr-xr-x 2 ftp ftp 4096 Oct 10 03:23 www 226 Directory send OK. ftp> quit |
if you see your connection is refused, or something else odd, start troubleshooting. Now go load an FTP client (like Filezilla or whatever) on your LAPTOP and test using:
hostname: server.ip.or.hostname username: someuser password: whateverpassword |
and it should show you the files in that directory if things went well…