Monthly Archives: January 2015

vsftpd with SSL for anonymous user on Linux Mint 17.1

Here is how I install and configure vsftpd with SSL for anonymous user on Linux Mint 17.1

1. Install vsftpd

$ sudo apt-get install vsftpd

2. Edit file “/etc/vsftpd.conf”. Here is my configuration file:

listen=YES
anonymous_enable=YES
anon_root=/home/ftp
local_enable=YES
write_enable=YES
local_umask=022
anon_upload_enable=YES
anon_umask=022
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
chown_uploads=YES
chown_username=ftp
async_abor_enable=YES
ascii_upload_enable=YES
ftpd_banner=Welcome to Linux Mint Server FTP service.
chroot_local_user=NO
chroot_list_enable=NO
ls_recurse_enable=YES
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
rsa_cert_file=/etc/ssl/private/vsftpd.pem
rsa_private_key_file=/etc/ssl/private/vsftpd.pem
ssl_enable=YES
allow_anon_ssl=YES
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=YES
ssl_sslv3=YES
require_ssl_reuse=NO
ssl_ciphers=HIGH
force_dot_files=YES
hide_ids=YES
anon_world_readable_only=NO
file_open_mode=0755

3. Create ftp directory for anonymous. I also created 2 subdirectories, one directory only for anonymous download (files or folders in this directory cannot be modified or deleted) and the other one for anonymous upload (files and folders in this directory can be modified by anonymous user).

$ sudo mkdir /home/ftp
$ sudo mkdir /home/ftp/download
$ sudo mkdir /home/ftp/upload

4. Set folder permissions

$ sudo chown -R ftp:ftp /home/ftp
$ sudo chmod a-w /home/ftp
$ sudo chmod 555 /home/ftp/download
$ sudo chmod 777 /home/ftp/upload

5. Create SSL certificate

$ sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/vsftpd.pem -out /etc/ssl/private/vsftpd.pem

6. Start vsftpd. Test vsftpd by starting it manually.

$ sudo vsftpd

7. Restart the system.

8. Now we can test the new ftp server using Filezilla. Open Filezilla and put the server address in and leave the username and password blank. We should see something like this.

vsftpd_anonymous9. If we want to connect using existing username, we have to set an account for that server. To open this window click File->Server Manager. After put in username, password and account name click connect.

vsftpd_user10. That’s it!