FTP / SFTP configuration

From Elvanör's Technical Wiki
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

FTP configuration

  • One of the best FTP servers available for UNIX platforms is vsftpd. It allows to create a chroot on the user's home directory, allows for anonymous access configuration etc.
  • Some noteworthy configuration settings:
chroot_local_user=YES  # chroot local users

chroot_list_file=/opt/local/etc/vsftpd.chroot_list  # users present in this list will NOT be chrooted

# The following forbid access to all users except those in the userlist_file

userlist_enable=YES
userlist_deny=NO
userlist_file=/opt/local/etc/vsftpd.user_list

listen=YES  # turn on vsftpd into the standalone mode
  • Note that it is recommended to forbid access to sensitive users, because of FTP inherent security problems. See below.

SFTP configuration

  • The problem with the FTP protocol is that passwords are sent in clear, thus is very insecure. It should never be used for important accounts.
  • SFTP has actually nothing common with FTP; SFTP only requires SSH to be running on the server. No FTP server at all is needed for SFTP, which makes SFTP very, very simple to configure.
  • It is possible to setup a chroot with SFTP though this would require some work.
  • You can test a SFTP server by using the command line client sftp (which actually calls ssh under the hood).
Retrieved from "https://wiki.elvanor.net/index.php?title=FTP_/_SFTP_configuration&oldid=2271"