FTP / SFTP configuration

From Elvanör's Technical Wiki
Jump to: navigation, search

FTP configuration

  • One of the best FTP servers available for UNIX platforms is vsftpd. It allows to create a chroot on the user's home directory, allows for anonymous access configuration etc.
  • Some noteworthy configuration settings:
chroot_local_user=YES  # chroot local users

chroot_list_file=/opt/local/etc/vsftpd.chroot_list  # users present in this list will NOT be chrooted

# The following forbid access to all users except those in the userlist_file

userlist_enable=YES
userlist_deny=NO
userlist_file=/opt/local/etc/vsftpd.user_list

listen=YES  # turn on vsftpd into the standalone mode
  • Note that it is recommended to forbid access to sensitive users, because of FTP inherent security problems. See below.

SFTP configuration

  • The problem with the FTP protocol is that passwords are sent in clear, thus is very insecure. It should never be used for important accounts.
  • SFTP has actually nothing common with FTP; SFTP only requires SSH to be running on the server. No FTP server at all is needed for SFTP, which makes SFTP very, very simple to configure.
  • It is possible to setup a chroot with SFTP though this would require some work.
  • You can test a SFTP server by using the command line client sftp (which actually calls ssh under the hood).