Picking an FTPD (vsftpd) Server in Linux Centos/Debian
I decided on using yum to help me decide even though I normaly use proftpd I decided to see what else I could find.
yum search ftp
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* rpmforge: ftp-stud.fht-esslingen.de
* base: mirrors.netdna.com
* updates: updates.interworx.info
* addons: yum.singlehop.com
* extras: mirrors.netdna.com
rpmforge | 1.1 kB 00:00
primary.xml.gz | 3.7 MB 00:02
rpmforge 10237/10237
base | 2.1 kB 00:00
updates | 1.9 kB 00:00
primary.sqlite.bz2 | 588 kB 00:00
addons | 951 B 00:00
extras | 2.1 kB 00:00
=========================================================== Matched: ftp ===========================================================
bug-buddy.i386 : A bug reporting utility for GNOME
esound.i386 : Allows several audio streams to play on a single audio device.
esound-devel.i386 : Development files for EsounD applications.
gdm.i386 : The GNOME Display Manager.
gdm-docs.i386 : GDM Documentation
gftp.i386 : A multi-threaded FTP client for the X Window System.
mc.i386 : User-friendly text console file manager and visual shell
kdebase.i386 : K Desktop Environment - core files
squid.i386 : The Squid proxy caching server.
aria2.i386 : Download utility with BitTorrent and Metalink support
atftp.i386 : Advanced Trivial File Transfer Protocol (TFTP) client
atftp-server.i386 : Advanced Trivial File Transfer Protocol (TFTP) server
atop.i386 : AT Computing System and Process Monitor
autoupdate.noarch : AutoUpdate, a simple perl script to keep your system up2date
awstats.noarch : Powerful and fullfeatured server logfile analyzer
bittorrent.noarch : Network file transfer tool
bootparamd.i386 : A server process which provides boot information to diskless clients.
cfdisk.i386 : Curses based disk partition table manipulator
checkpassword.i386 : Provides a simple, uniform password-checking interface
checkpassword-pam.i386 : Provides a simple, uniform password-checking interface using PAM
chrpath.i386 : Change the dynamic library load path (rpath) of binaries
curl.i386 : A utility for getting files from remote servers (FTP, HTTP, and others).
curl-devel.i386 : Files needed for building applications with libcurl.
dbview.i386 : Display dBase III and IV (.dbf) files
devhelp.i386 : API document browser
devhelp-devel.i386 : Library to embed Devhelp in other applications.
docbook-utils.noarch : Shell scripts for managing DocBook documents.
docbook-utils-pdf.noarch : A script for converting DocBook documents to PDF format.
duplicity.i386 : Untrusted/encrypted backup using rsync algorithm
evolution-sharp.i386 : Evolution Data Server Mono Bindings
evolution-sharp-devel.i386 : Development files for evolution-sharp
expect.i386 : A program-script interaction and testing utility
expect-devel.i386 : A program-script interaction and testing utility
expectk.i386 : A program-script interaction and testing utility
file-roller.i386 : File Roller is a tool for viewing and creating archives
filezilla.i386 : GUI SFTP/FTP client
freeze.i386 : Archiver and compressor
ftp.i386 : The standard UNIX FTP (File Transfer Protocol) client.
ftpproxy.i386 : FTP proxy server
fuse-curlftpfs.i386 : FUSE filesystem for accessing FTP hosts using libcurl
fuse-obexfs.i386 : FUSE based filesystem using ObexFTP
geteltorito.noarch : Tool to extract boot image from an ISO file
gift.i386 : Deamon for communicating with filesharing protocols
gift-devel.i386 : Header files, libraries and development documentation for gift.
gift-gnutella.i386 : Gift plugin to access the Gnutella network
gift-openft.i386 : Gift plugin to access the openft network
gnome-commander.i386 : File manager for the GNOME desktop
gnome-common.i386 : Useful things common to building gnome packages
gnome-netstatus.i386 : Network interface status applet
gnome-sharp.i386 : GTK+ and GNOME bindings for Mono
gnome-sharp-devel.i386 : files needed for developing with gnome-sharp
gnome-themes.noarch : Themes collection for GNOME
gnome-vfs2.i386 : The GNOME virtual file-system libraries
gollem-h3.noarch : The Horde web-based File Manager.
groff.i386 : A document formatting system.
groff-gxditview.i386 : An X previewer for groff text processor output.
groff-perl.i386 : Parts of the groff formatting system that require Perl.
gtk2-engines.i386 : Theme engines for GTK+ 2.0
hardlink.i386 : Tool to hardlink duplicate files in a directory tree
jailkit.i386 : Utilities to limit user accounts to specific files using chroot()
java-1.4.2-gcj-compat.i386 : JPackage runtime scripts for GCJ
java-1.4.2-gcj-compat-devel.i386 : JPackage development scripts for GCJ
java-1.4.2-gcj-compat-javadoc.i386 : API documentation for libgcj
java-1.4.2-gcj-compat-src.i386 : Source files for libgcj
kasablanca.i386 : Ftp/fxp client
konserve.i386 : Small backup application
krusader.i386 : File manager
lftp.i386 : Sophisticated file transfer program
libbonobo.i386 : Bonobo component system
libbonobo-devel.i386 : Libraries and headers for libbonobo
libbonoboui.i386 : Bonobo user interface components
libbonoboui-devel.i386 : Libraries and headers for libbonoboui
libfaketime.i386 : Pre-loadable library for faking the system date
libgnome.i386 : GNOME base library
libgnome-devel.i386 : Libraries and headers for libgnome
libgnomeprint22.i386 : Printing library for GNOME.
libgnomeprint22-devel.i386 : Libraries and include files for developing GNOME printing applications
libgnomeprintui22.i386 : GUI support for libgnomeprint
libgnomeprintui22-devel.i386 : Libraries and headers for libgnomeprintui
libgnomeui.i386 : GNOME base GUI library
libgnomeui-devel.i386 : Libraries and headers for libgnome
libgpg-error.i386 : libgpg-error
libgpg-error-devel.i386 : Development files for the libgpg-error package
libgtop2.i386 : libgtop library (version 2)
libgtop2-devel.i386 : Libraries and include files for developing with libgtop.
libobexftp.i386 : Library to access devices via the OBEX protocol
libobexftp-devel.i386 : Header files, libraries and development documentation for libobexftp.
libole2.i386 : Structured Storage OLE2 library
libole2-devel.i386 : Header files, libraries and development documentation for libole2.
libsoup.i386 : Soup, an HTTP library implementation
libsoup-devel.i386 : Header files for the Soup library
libtermcap.i386 : A basic system library for accessing the termcap database.
libtermcap-devel.i386 : Development tools for programs which will access the termcap database.
libutempter.i386 : A privileged helper for utmp/wtmp updates
libutempter-devel.i386 : Development environment for utempter
libwnck.i386 : Window Navigator Construction Kit
libwnck-devel.i386 : Libraries and headers for libwnck
libxml2.i386 : Library providing XML and HTML support
libxml2-devel.i386 : Libraries, includes, etc. to develop XML and HTML applications
linscope.i386 : Network scanner for network shares
metacity.i386 : Metacity window manager
mirrordir.i386 : Easy to use ftp mirroring package
mirrordir-devel.i386 : Header files, libraries and development documentation for mirrordir.
most.i386 : Text viewer similar to more or less, but with additional capabilities
mpack.i386 : Pack a file in MIME format for mailing and news
mrepo.noarch : Tool to set up a Yum/Apt mirror from various sources (ISO, RHN, rsync, http, ftp, ...)
nautilus-sendto.i386 : Nautilus context menu for sending files
nautilus-sendto-bluetooth.i386 : Nautilus integration for Bluetooth
ncc.i386 : C source code analyzer
netrw.i386 : Tool for transporting data over the internet
numactl.i386 : library for tuning for Non Uniform Memory Access machines
numactl-devel.i386 : Development package for building Applications that use numa
obexftp.i386 : Tool to access devices via the OBEX protocol
pax.i386 : POSIX File System Archiver
perl-AnyData.noarch : Easy access to data in many formats
perl-Audio.i386 : Represents audio data
perl-Crypt-TEA.i386 : Tiny Encryption Algorithm
perl-Net-FTP-AutoReconnect.noarch : FTP client class with automatic reconnect on failure
perl-Net-FTP-RetrHandle.noarch : Tied or IO::Handle-compatible interface to a file retrieved by FTP
perl-Net-SFTP.noarch : Secure File Transfer Protocol client
perl-Net-SFTP-Foreign.noarch : SSH File Transfer Protocol client
perl-Net-TFTP.noarch : TFTP Client class
perl-TFTP.noarch : Perl module that implements a TFTP Client class
perl-Test-AutoBuild.i386 : Automated build engine
perl-Test-AutoBuild.noarch : Automated build engine
perl-Tie-FTP.noarch : Open files on FTP servers as filehandles
perl-URI-sftp.noarch : Perl module to add support for SFTP uris to URI package
pexpect.noarch : Pure Python Expect-like module
pftp.i386 : Port-File-Transfer-Program
piranha.i386 : Cluster administation tools
pktstat.i386 : Displays a live list of active connections and what files are being transferred
proftpd.i386 : Flexible, stable and highly-configurable FTP server
proftpd-devel.i386 : Header files, libraries and development documentation for proftpd.
proftpd-ldap.i386 : Module to add LDAP support to the ProFTPD FTP server
proftpd-mysql.i386 : Module to add MySQL support to the ProFTPD FTP server
proftpd-postgresql.i386 : Module to add PostgreSQL support to the ProFTPD FTP server
pure-ftpd.i386 : Lightweight, fast and secure FTP server
pure-ftpd-selinux.i386 : SELinux support for Pure-FTPD
python-expect.i386 : Expect module for Python
python-memcached.noarch : Python interface to the memcached memory cache daemon
python-obexftp.i386 : Library to access devices via the OBEX protocol
python-pexpect.i386 : Python Expect-like module
python-pexpect.noarch : Python Expect-like module
python-urlgrabber.noarch : High-level cross-protocol url-grabber
rescuept.i386 : Tool that recognizes ext2, FAT, swap and extended partition tables
rssh.i386 : Restricted shell for use with OpenSSH, allowing only scp and/or sftp
sharedance.i386 : Ephemeral key/data pair storing daemon
sitecopy.i386 : Tool for easily maintaining remote web sites
sphere.i386 : NIST SPeech HEader REsources (SPHERE) Package
sphere-devel.i386 : Header files, libraries and development documentation for sphere.
strobe.i386 : Super optimized TCP port surveyor
t1lib.i386 : PostScript Type 1 font rasterizer
t1lib-devel.i386 : Header files, libraries and development documentation for t1lib.
tcp_wrappers.i386 : A security tool which acts as a wrapper for TCP daemons.
tcpspray.i386 : Print average throughput for a tcp connection
tftp.i386 : The client for the Trivial File Transfer Protocol (TFTP)
tftp-server.i386 : The server for the Trivial File Transfer Protocol (TFTP)
tnftp.i386 : Enhanced NetBSD ftp client
urw-fonts.noarch : Free versions of the 35 standard PostScript fonts.
vsftpd.i386 : vsftpd - Very Secure Ftp Daemon
wget.i386 : A utility for retrieving files using the HTTP or FTP protocols.
wput.i386 : Uploads files to FTP servers
x2x.i386 : Link two X displays together, simulating a multiheaded display
xmltv2vdr.noarch : Read EPG information the xmltv site
zoo.i386 : File archiving utility with compression
I decided to try vsftpd because it stands for "very secure" so it must be right? :)
Well anyway I thought I'd try it becaues I've heard good things about in the past
yum install vsftpd
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* rpmforge: ftp-stud.fht-esslingen.de
* base: mirrors.netdna.com
* updates: updates.interworx.info
* addons: yum.singlehop.com
* extras: mirrors.netdna.com
Setting up Install Process
Parsing package install arguments
Resolving Dependencies
--> Running transaction check
---> Package vsftpd.i386 0:2.0.5-16.el5_4.1 set to be updated
filelists.xml.gz | 4.1 MB 00:02
filelists.sqlite.bz2 | 3.3 MB 00:00
filelists.sqlite.bz2 | 3.0 MB 00:00
filelists.sqlite.bz2 | 195 kB 00:00
filelists.xml.gz | 194 B 00:00
--> Finished Dependency Resolution
Dependencies Resolved
====================================================================================================================================
Package Arch Version Repository Size
====================================================================================================================================
Installing:
vsftpd i386 2.0.5-16.el5_4.1 updates 140 k
Transaction Summary
====================================================================================================================================
Install 1 Package(s)
Update 0 Package(s)
Remove 0 Package(s)
Total download size: 140 k
Is this ok [y/N]: y
Downloading Packages:
vsftpd-2.0.5-16.el5_4.1.i386.rpm | 140 kB 00:00
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : vsftpd [1/1]
Installed: vsftpd.i386 0:2.0.5-16.el5_4.1
Complete!
Now I realized vsftpd isn't all that secure, at least in the default configuration. Why would it automatically create a public ftp server?
You better make the following change in: /etc/vsftpd/vsftpd.conf
anonymous_enable=NO
For such a secure server there is not even built-in TLS or SSL encryption either!
Create The VSFTPD Server Key to Enable TLS/SSL
openssl req -x509 -nodes -days 1825 -newkey rsa:2048 -keyout /etc/vsftpd/vsftpd.pem -out /etc/vsftpd/vsftpd.pem
Edit the Server Config file /etc/vsftpd/vsftpd.conf
Add the following but change as you feel fit if you want to force/disable SSL/TLS connections:
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=NO
force_local_logins_ssl=NO
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
rsa_cert_file=/etc/vsftpd/vsftpd.pem
Now restart vsftpd and all local/shell users can connect securely.