- explicit FTP over SSL/TLS
- better than SFTP
- connects on 21, but can encrypt credentials before they are sent
- encrypts data sent too
- implicit SSL/TLS
- deprecated
- default port 990
- runs over SSH
- can't lock users into the home folder with chroot
- deactivate SSL: ssl_enable=NO
- connect
- look for new messages
- bad:
allow_writeable_chroot=YES - they can
cdhigher in system directories
chmod a-w /home/user
- replacement shell field to deny login access to account
- vsftpd checks for a valid shell like
/bin/bashin file/etc/shells
usermod -s /sbin/nologin abc123
echo '/usr/sbin/nologin
/sbin/nologin' | sudo tee -a /etc/shells- Does it take the filesystem space in GB? No! (double check)
mkdir /home/abc123/ftp/downloads
mount --bind /real/files/ /home/abc123/ftp/downloads
umount /home/abc123/ftp/downloads
rmdir /home/abc123/ftp/downloads- Edit
/etc/fstabif desired
/real/files /home/abc123/ftp/downloads none bind 0 0
/real/files /home/abc123/ftp/downloads none bind,nofail,x-systemd.device-timeout=10000ms 0 0
- not working, why?
- probably have to edit chroot list
- probably have to usermod new home directory to
/home/abc123/ftp/downloads/
- router
- Port Forwarding (NOT Virtual Server with external-to-internal mapping)
- local IP
- 5000-5003
- Port Forwarding (NOT Virtual Server with external-to-internal mapping)
- vsftpd.conf
- pasv_addr_resolve=YES
- pasv_address=my.domain.com
- pasv_min_port=5000
- pasv_max_port=5003
- potentially just a FileZilla problem
- GnuTLS error -15 in gnutls_record_recv: An unexpected TLS packet was received.
- Could not read from socket: ECONNABORTED - Connection aborted
- disable SSL and then you see overloading of passive ports
- make sure to have a lot of passive ports opened
- pasv_min_port=5000
- pasv_max_port=6000
seccomp_sandbox=NO
- use IPv4 only
- vsftpd.conf
- listen=YES
- listen_ipv6=NO