viki - vsftpd Wiki

You are here :

 Explicit FTPS

Tuesday, 5. June 2007 19:40:41, by Igor Galić

 

Contents

Standard virtual user setup with pam_pwdfile

# vim: set ft=sh:
#

# a simple config utilizing pam_pwdfile
# for authenticating virtual users

listen=YES

anonymous_enable=NO
local_enable=YES
guest_enable=YES

guest_username=ftp
user_sub_token=$USER
local_root=/home/ftp/$USER
chroot_local_user=YES

hide_ids=YES

write_enable=YES
virtual_use_local_privs=YES

local_umask=0022

xferlog_enable=YES
log_ftp_protocol=YES
setproctitle_enable=YES

pam_service_name=vsftpd_pwd

ssl_enable=YES
ssl_ciphers=HIGH:!MD5:!ADH

# even though disabled, I'm making it explicit for anonymous users
# who try to connect to be pissed at.
force_anon_data_ssl=YES
force_anon_logins_ssl=YES
force_local_data_ssl=YES
force_local_logins_ssl=YES

rsa_cert_file=/etc/vsftpd/vsftpd.cert
rsa_private_key_file=/etc/vsftpd/vsftpd.key

/etc/pam.d/vsftpd_pwd

auth required pam_pwdfile.so pwdfile /etc/vsftpd/virtual.pwd 
account required pam_permit.so

http://viki.brainsware.org/?en/Virtual_Users_jMCg + http://lists.freebsd.org/pipermail/freebsd-questions/2007-March/145713.html

extended for ssl [see your config, loony!]

recources:

http://sial.org/howto/openssl/self-signed/ http://wiki.splitbrain.org/sslca http://www.mail-archive.com/lftp@uniyar.ac.ru/msg02725.html

No comments yet