https://wiki.archlinux.org/index.php/Very_Secure_FTP_Daemon
(시간날때 한글화 하겠습니다)
Installation
Vsftpd is included in the official repository. Simply install it with pacman:
# pacman -S vsftpd
The server can be started by using the script below:
# /etc/rc.d/vsftpd start
You can also add vsftpd to your daemon array in /etc/rc.conf
if you want it to be started automatically at boot.
See the xinetd section below for procedures to use vsftpd with xinetd.
Configuration
Most of the settings in vsftpd are done by editing the file /etc/vsftpd.conf
. The file itself is well-documented, so this section only highlights some important changes you may want to modify. For all available options and documentation, one can man vsftpd.conf (5). Files are served by default from /srv/ftp
.
Enabling uploading
The WRITE_ENABLE
flag must be set to YES in /etc/vsftpd.conf
in order to allow changes to the filesystem, such as uploading:
write_enable=YES
Local user login
One must set the line to /etc/vsftpd.conf
to allow users in /etc/passwd
to login:
local_enable=YES
Anonymous login
The line in /etc/vsftpd.conf
controls whether anonymous users can login:
anonymous_enable=YES # Allow anonymous login no_anon_password=YES # No password is required for an anonymous login anon_max_rate=30000 # Maximum transfer rate for an anonymous client in bytes per second
Using SSL to Secure FTP
Generate an SSL Cert, e.g. like that:
# cd /etc/ssl/certs # openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout /etc/ssl/certs/vsftpd.pem -out /etc/ssl/certs/vsftpd.pem # chmod 600 /etc/ssl/certs/vsftpd.pem
You will be asked alot of Questions about your Company etc., as your Certificate is not a trusted one it doesn't really matter what you fill in. You will use this for encryption! If you plan to use this in a matter of trust get one from a CA like thawte, verisign etc.
edit your configuration /etc/vsftpd.conf
#this is important ssl_enable=YES #choose what you like, if you accept anon-connections # you may want to enable this # allow_anon_ssl=NO #choose what you like, # it's a matter of performance i guess # force_local_data_ssl=NO #choose what you like force_local_logins_ssl=YES #you should at least enable this if you enable ssl... ssl_tlsv1=YES #choose what you like ssl_sslv2=YES #choose what you like ssl_sslv3=YES #give the correct path to your currently generated *.pem file rsa_cert_file=/etc/ssl/certs/vsftpd.pem #the *.pem file contains both the key and cert rsa_private_key_file=/etc/ssl/certs/vsftpd.pem