newmember
12th December 2008, 05:29
I have been having good success with vsftpd instead of proftpd, here is my vsftpd.conf file.
I installed chrooted to prevents SFTP users from getting to the root directory.
ftp_username=root
listen=YES
listen_ipv6=NO
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
idle_session_timeout=600
data_connection_timeout=120
##
#Welcome Banner
##
ftpd_banner=Welcome to FTP service.
deny_email_enable=NO
chroot_local_user=YES
# users to NOT chroot().
chroot_list_enable=NO
secure_chroot_dir=/var/run/vsftpd
##
#Authentication is done through PAM to ISP config
##
pam_service_name=vsftpd
##
#Set up for SSL access conections
##
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
##
#This hides the .filenames in the folders
##
force_dot_files=NO
##
#Enable SSL, a very good thing
##
ssl_enable=YES
allow_anon_ssl=NO
##
#Have to leave these as NO so that the web-ftp in ispconfig can access ftp folders
##
force_local_data_ssl=NO
force_local_logins_ssl=NO
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
# Filezilla uses port 21 if you don't set any port
# in Servertype "FTPES - FTP over explicit TLS/SSL"
# Port 990 is the default used for FTPS protocol.
# Uncomment it if you want/have to use port 990.
##
#Since I can only use either 21 or 990 I will use port 21.
#I used a port forward on my firewall to match port 990 --> port 21
##
#listen_port=990
##
#I didn't use pasv becuase I only want people to use SFTP or FTPS.
#I only need FTP for the ISPConfig web interface which is on the local server.
#I should set up a rule to only allow local listening for FTP unsecure.
##
#pasv_min_port=12000
#pasv_max_port=12100
I installed chrooted to prevents SFTP users from getting to the root directory.
ftp_username=root
listen=YES
listen_ipv6=NO
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
idle_session_timeout=600
data_connection_timeout=120
##
#Welcome Banner
##
ftpd_banner=Welcome to FTP service.
deny_email_enable=NO
chroot_local_user=YES
# users to NOT chroot().
chroot_list_enable=NO
secure_chroot_dir=/var/run/vsftpd
##
#Authentication is done through PAM to ISP config
##
pam_service_name=vsftpd
##
#Set up for SSL access conections
##
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
##
#This hides the .filenames in the folders
##
force_dot_files=NO
##
#Enable SSL, a very good thing
##
ssl_enable=YES
allow_anon_ssl=NO
##
#Have to leave these as NO so that the web-ftp in ispconfig can access ftp folders
##
force_local_data_ssl=NO
force_local_logins_ssl=NO
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
# Filezilla uses port 21 if you don't set any port
# in Servertype "FTPES - FTP over explicit TLS/SSL"
# Port 990 is the default used for FTPS protocol.
# Uncomment it if you want/have to use port 990.
##
#Since I can only use either 21 or 990 I will use port 21.
#I used a port forward on my firewall to match port 990 --> port 21
##
#listen_port=990
##
#I didn't use pasv becuase I only want people to use SFTP or FTPS.
#I only need FTP for the ISPConfig web interface which is on the local server.
#I should set up a rule to only allow local listening for FTP unsecure.
##
#pasv_min_port=12000
#pasv_max_port=12100