Re: Definitive guide to setting up FTPIS on vsftpd

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Followup:

I gave up on the Implicit and configured vsftpd for Explicit, that revealed some configuration errors (displayed on the client, Filezilla in my case).   I then corrected these errors and switched back to Implicit and all is well.

Frank M. Ramaekers Jr.

-----Original Message-----
From: CentOS [mailto:centos-bounces@xxxxxxxxxx] On Behalf Of Kenneth Porter
Sent: Thursday, May 31, 2018 12:18 PM
To: centos@xxxxxxxxxx
Subject: Re:  Definitive guide to setting up FTPIS on vsftpd

On 5/31/2018 8:01 AM, Frank M. Ramaekers wrote:
> I have a new CentOS 7.4 (recently upgraded to 7.5) system that I have been struggling with in configuring vsftpd for FTPS Implicit (port 990).
> (The latest instructions I've used are 
> at:https://urldefense.proofpoint.com/v2/url?u=https-3A__www.unixmen.co
> m_configure-2Dvsftpd-2Dssltls-2Dcentos-2D7_&d=DwICAg&c=laxeQK7vPmHfouI
> IPNyCfbQd49eK3u00U8Jdo0RFvts&r=EOaM1MkMLG24_TOy4m7EdDoX0CP9-c0YJ2kTdea
> gcqQ&m=pOhXDNk2HbQgZLcLf-QR_SwfNLQr4nYWByJ7xBAEhzo&s=MIMN2O4U1bk8mfuZf
> mBjQkQ6zM-uOHJ2XrMyrqs_U3E&e=)

Here's what I'm using. The tutorial site I used is currently down with a bandwidth exceeded warning, so I guess it must be quite popular.

I'm using LetsEncrypt certificates. My site domain is replaced with example.com. Use your own domain name there as registered with LetsEncrypt.

# see
# https://urldefense.proofpoint.com/v2/url?u=http-3A__beginlinux.com_blog_2009_01_secure-2Dftp-2Dwith-2Dssl-2Don-2Dcentos_&d=DwICAg&c=laxeQK7vPmHfouIIPNyCfbQd49eK3u00U8Jdo0RFvts&r=EOaM1MkMLG24_TOy4m7EdDoX0CP9-c0YJ2kTdeagcqQ&m=pOhXDNk2HbQgZLcLf-QR_SwfNLQr4nYWByJ7xBAEhzo&s=BtdOGrSrWbyXnhcXRGrpjCnjzIHLoKYhtVyCn7OhEWQ&e=

rsa_cert_file=/etc/letsencrypt/live/example.com/fullchain.pem
rsa_private_key_file=/etc/letsencrypt/live/example.com/privkey.pem
ssl_enable=YES
force_local_logins_ssl=NO
force_local_data_ssl=NO
ssl_tlsv1=YES
ssl_sslv2=YES
ssl_sslv3=YES

# limit pasv ports to range that iptables can check
pasv_min_port=6900
pasv_max_port=6969

# added 20120213 to deal with FileZilla 3.5.3 stricter cipher list # see https://urldefense.proofpoint.com/v2/url?u=http-3A__forum.filezilla-2Dproject.org_viewtopic.php-3Ff-3D2-26t-3D23275&d=DwICAg&c=laxeQK7vPmHfouIIPNyCfbQd49eK3u00U8Jdo0RFvts&r=EOaM1MkMLG24_TOy4m7EdDoX0CP9-c0YJ2kTdeagcqQ&m=pOhXDNk2HbQgZLcLf-QR_SwfNLQr4nYWByJ7xBAEhzo&s=IKSWGNlSjgyMbNAv1TsKXFqj_bECF2hyTJWq54tUOhc&e=
ssl_ciphers=HIGH

dual_log_enable=YES

allow_writeable_chroot=YES
user_sub_token=$USER

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.centos.org_mailman_listinfo_centos&d=DwICAg&c=laxeQK7vPmHfouIIPNyCfbQd49eK3u00U8Jdo0RFvts&r=EOaM1MkMLG24_TOy4m7EdDoX0CP9-c0YJ2kTdeagcqQ&m=pOhXDNk2HbQgZLcLf-QR_SwfNLQr4nYWByJ7xBAEhzo&s=LtJPbS9khXrxKH7BPWHAXtuV3IuYDmFY4q_KSl7TaVI&e=

----------------------------------------------------------------------
This message contains information which is privileged and confidential and is solely for the use of the intended recipient. If you are not the intended recipient, be aware that any review, disclosure, copying, distribution, or use of the contents of this message is strictly prohibited. If you have received this in error, please destroy it immediately and notify us at PrivacyAct@xxxxxxxxxxxxxxxxx.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos



[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]


  Powered by Linux