Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


How to secure an ftp daemon?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

How to secure an ftp daemon?

djvdorpdjvdorp Member
edited August 2012 in General

Some of my clients want an FTP server on the hosting account I gave them.. what to use?
vsFTPd? ProFTPd?

And how do I make them secure so nobody hack's my VPS through FTP? I myself only use sFTP for security reasons..

Thanks for all tips and help, much appreciated.

Comments

  • KuJoeKuJoe Member, Host Rep

    We use vsftp and offer it to our clients. It's simple to setup and use, if you want to get more secure you can setup chroot.

    Thanked by 1djvdorp
  • Setup SSL/TLS with vsFTPd and require users to connect with a secure connection. Then usernames/passwords are encrypted when transmitted.

    Have a look at http://www.cyberciti.biz/tips/configure-vsfptd-secure-connections-via-ssl-tls.html

    In vsftpd.conf I tend to set

    force_local_logins_ssl=YES

    to force users to use ssl (plaintext login attempts will then fail), and

    force_local_data_ssl=NO

    as generally I don't see a need to encrypt every file transfer.

    Also, make sure to set

    require_ssl_reuse=NO

    in vsftpd.conf or some FTP clients won't work.

    And you can chroot users to the home dirs with

    chroot_local_user=YES

    Free FTP clients that support TLS/SSL include CoreFTP for Windows (use the 'TLS connection' option in the dropdown selector) and FileZilla for Windows/Linux (use the 'FTP over explicit TLS' option for connections).

    Thanked by 1djvdorp
  • i use pureftpd (TLS/SSL) in all my ispconfig installation. but yeah, i never use it. scp/sftp much better and more easy for me.

  • MaouniqueMaounique Host Rep, Veteran

    @djvdorp said: vsFTPd?

    yes. If you manage to convince them go the extra mile to setup ssl, fine, but many use panels of sorts to automate backups and might not know how to setup ssl.
    M

  • additional as sleddog,
    vsftpd
    allow only certain IP :D and remember to use combination character and number as password, block port you don't use. disable anonymous

  • GaryGary Member

    addline? :P

  • I find that I very rarely use it, so I have a minimal setup and then have a bash script to open or close the port in iptables when I need it. (The default boot rules have it closed.) This is a really lazy way to do it though.

Sign In or Register to comment.