Howto Setup vsftpd for AML2 on EC2 With TLS

in ec2 •  4 years ago 

Howto Setup vsftpd for AML2 on EC2 With TLS

Open ports under security groups

Custom TCP Rule / TCP / port 21
Custom TCP Rule / TCP / ports 1024 - 1048

Install vsftpd

SSH into EC2 instance (tutorial) and install vsftpd:

$ sudo yum update -y
$ sudo yum install vsftpd mod_ssl

Create SSL Certs

$ cd /etc/pki/tls/certs

This will create a key file and a self-signed certificate file in 4096-bit RSA (change to rsa:2048 for lower bit encryption)
$ sudo openssl req -x509 -nodes -days 365 -newkey rsa:4096 -keyout vsftpd.key -out vsftpd.crt -subj "/C=NA/ST=NA/L=NA/O=NA/OU=NA/CN=NA"

Configure FTP

Use Linux's nano tool to open and edit vsftpd.conf from the command line:

$ sudo nano /etc/vsftpd/vsftpd.conf

Change anonymous_enable from YES to NO (optional but recommended). This will disable anonymous FTP users:

anonymous_enable=NO

Set chroot_local_user to YES (optional). This will restrict users to their home directories for security. This line may already exist but is commented out with #:

chroot_local_user=YES

Add the following to the end of the file. Replace [YOUR_IP] with the public IP of your EC2 instance:

rsa_cert_file=/etc/pki/tls/certs/vsftpd.crt
rsa_private_key_file=/etc/pki/tls/certs/vsftpd.key
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=NO
force_local_logins_ssl=NO
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
require_ssl_reuse=NO
ssl_ciphers=HIGH
pasv_enable=YES
pasv_min_port=1024
pasv_max_port=1048
pasv_address=[Your IP Address]
allow_writeable_chroot=YES

Change the default FTP upload folder (optional). Add the following to the end of the file:

local_root=/var/www/html

Note that you may need to use chmod to change file permissions and allow FTP users to read and write to this folder:

$ sudo find /var/www/html -type d -exec chmod 777 {} ;

Start vsftpd service:

$ sudo systemctl restart vsftpd

Set vsftpd service to automatically run when restarting server:

$ sudo systemctl is-enabled vsftpd

Create FTP User

Add FTP user with adduser. Replace [USERNAME] with the new username to be added:

$ sudo adduser [USERNAME]

Add password for user with passwd:

$ sudo passwd [USERNAME]

Restrict user's access to a specific folder (optional). Restrict access to folder then add to apache group to allow access to /var/www folder:

$ sudo usermod -a -G apache [USERNAME]

ec2 vsftpd aws ftp server ssl tls
4 years ago by

Downvoting a post can decrease pending rewards and make it less visible. Common reasons:

  • Disagreement on rewards
  • Fraud or plagiarism
  • Hate speech or trolling
  • Miscategorized content or spam

Submit
$0.00
    1 vote
    1
    Authors get paid when people like you upvote their post.
    If you enjoyed what you read here, create your account today and start earning FREE STEEM!
    Sort Order:  
  • Trending
    • [-]
      ·  4 years ago 

    TLS Tunnel is a simple, fast VPN and allows customization of the connection :
    https://dailynetupdate.blogspot.com/2020/04/tls-tunnel-vpn-free-for-live-and-clear.html

    Downvoting a post can decrease pending rewards and make it less visible. Common reasons:

    • Disagreement on rewards
    • Fraud or plagiarism
    • Hate speech or trolling
    • Miscategorized content or spam

    Submit
    $0.00