Technical Recipes

How to install Vsftpd server on centOS

If you have sshd service on, you can always use sftp on the client side to upload or download files from the remote SSH server. If you do need to use vsftpd instead, you must open ftp default port 21 on the firewall.

Vsftpd (Very Secure FTP Daemon) is an FTP server for Linux distributions. Vsftpd is the default FTP server of Fedora, RHEL, CentOS, Ubuntu, NimbleX Linux distributions. It is not just secure as the name suggests but also delivers excellent performance by consuming less memory.

1. Install the vsftpd package as a service

	# yum install vsftpd

2. Run the FTP service

	# service vsftpd start|stop|restart
	
3. Configure Vsftpd

	# vi /etc/vsftpd/vsftpd.conf
	anonymous_enable=NO
	local_enable=YES
	write_enable=YES
	connect_from_port_20=NO
	chroot_local_user=YES
	chroot_list_enable=YES
	chroot_list_file=/etc/vsftpd/chroot_list
	local_umask=022
	xferlog_std_format=NO
	idle_session_timeout=600
	ascii_upload_enable=YES
	ascii_download_enable=YES
		
	You may turn on the upload/download logging by adding the following line:
		
		xferlog_file=/var/log/vsftpd.log
	  	  
4. Create user 'user1' as nologin user and add him to the access list

	# useradd -s /usr/sbin/nologin ftpuser
	# passwd ftpuser
	
	Make sure /usr/sbin/nologin is included in the file /etc/shells
	
	# vi /etc/vsftpd/chroot_list
	user1
	
	You may put the users that are not allowed to login via ftp in file /etc/vsftpd/ftpusers
	     
5. Set SELinux for ftp access if SELinux is on or turn off SELinux

	# getsebool -a | grep ftp
	# setsebool -P ftp_home_dir on

6.  Restart and test remote access using user 'user1'
	
7.  Start the vsftpd service automatically when the system boots
	
	# chkconfig vsfptd on
	
8. Delete old keys on the client side for sftp after server reprovisioning
	
	# cd /root/.ssh
	# vi known_hosts