Bonehead how-to setup vsftp on OpenBSD question! - BSD

This is a discussion on Bonehead how-to setup vsftp on OpenBSD question! - BSD ; O.K., I'm stumped. I'm trying to figure out how to set up vsftp on my OpenBSD (3.7) box, and have it be the "default" FTP service. I want only users who have an account to SFTP to the box (I ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: Bonehead how-to setup vsftp on OpenBSD question!

  1. Bonehead how-to setup vsftp on OpenBSD question!

    O.K., I'm stumped. I'm trying to figure out how to set up vsftp on my
    OpenBSD (3.7) box, and have it be the "default" FTP service. I want
    only users who have an account to SFTP to the box (I don't want any
    anonymous access), and I want them to be chrooted to their home
    directory only. Shouldn't be too tough...but I sure can't figure out
    how to do it! Suggestions???

    Thank you,
    Craig


  2. Re: Bonehead how-to setup vsftp on OpenBSD question!

    On 12 Oct 2005 13:50:26 -0700, "Craig"
    wrote:

    >O.K., I'm stumped. I'm trying to figure out how to set up vsftp on my
    >OpenBSD (3.7) box, and have it be the "default" FTP service. I want
    >only users who have an account to SFTP to the box (I don't want any
    >anonymous access), and I want them to be chrooted to their home
    >directory only. Shouldn't be too tough...but I sure can't figure out
    >how to do it! Suggestions???
    >


    SFTP uses the ssh protocol to transfer files securely ("secure" as in
    "encrypted").

    vsftp is an FTP server that was written to be secure ("secure" as in
    "not exploitable").


    I think you may be mixing apples and oranges, if I understand your
    question correctly.

  3. Re: Bonehead how-to setup vsftp on OpenBSD question!

    What I mean is: I have installed vsftp. I want users to connect to THIS
    ftp service (and not whatever the default FTP daemon is, that comes
    with OpenBSD...which I want to disable), and I only want them to be
    able to connect via SSH.

    Craig


  4. Re: Bonehead how-to setup vsftp on OpenBSD question!

    Craig wrote:
    > What I mean is: I have installed vsftp. I want users to connect to THIS
    > ftp service (and not whatever the default FTP daemon is, that comes
    > with OpenBSD...which I want to disable), and I only want them to be
    > able to connect via SSH.
    >
    > Craig


    SSL, you mean. I hope.

    If I understand you correctly, you want:
    1) To use vsftpd as an FTP daemon
    a) To disable stock ftpd
    2) To chroot people to their home directory
    3) To use SSL/TLS for all FTP traffic.

    I've done this. Let me say that, unless you are using virtual users,
    SFTP (that is, the SSH subsystem) is much easier to set up than FTP+SSL
    (that is, FTP over SSL). The latter will cause people to try all sorts
    of badly-functioning clients first. However, assuming you know what
    you're getting yourself into...

    For true secure communications, you should encrypt both the data and the
    control channel. Few FTP clients grok an encrypted data channel; for
    Windows, I recommend CoreFTP. For *nix, lftp.

    1) and 1a) should be pretty easy. The stock ftpd is in /etc/inetd.conf,
    vsftpd is in ports.

    2) Is done by setting

    chroot_local_user=YES

    in vsftpd.conf. Don't forget to look up local_enable, anonymous_enable,
    write_enable.

    3) Is done by setting

    ssl_enable=YES
    # Should include both certificate and key
    rsa_cert_file=/your/cert/file
    force_local_logins_ssl=YES
    force_local_data_ssh=YES

    in vsftpd.conf. You may want to look at
    ssl_ciphers too.

    All this is in TFM, as well as basic setup information. There are quite
    a few HOWTO's out there, as well as a vsftpd web site with more
    information.

    Joachim

+ Reply to Thread