Vsftpd on Coinidea's Bloghttps://blog.coinidea.com/en/tags/vsftpd/Recent content in Vsftpd on Coinidea's BlogHugo -- gohugo.ioenWed, 10 Apr 2019 02:56:05 +0000[vsftpd] vsftpd Passive Mode Configurationhttps://blog.coinidea.com/en/p/vsftpd-vsftpd-passive-mode-configuration/Wed, 10 Apr 2019 02:56:05 +0000https://blog.coinidea.com/en/p/vsftpd-vsftpd-passive-mode-configuration/<p><strong>vsftpd.conf</strong></p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt"> 1 </span><span class="lnt"> 2 </span><span class="lnt"> 3 </span><span class="lnt"> 4 </span><span class="lnt"> 5 </span><span class="lnt"> 6 </span><span class="lnt"> 7 </span><span class="lnt"> 8 </span><span class="lnt"> 9 </span><span class="lnt"> 10 </span><span class="lnt"> 11 </span><span class="lnt"> 12 </span><span class="lnt"> 13 </span><span class="lnt"> 14 </span><span class="lnt"> 15 </span><span class="lnt"> 16 </span><span class="lnt"> 17 </span><span class="lnt"> 18 </span><span class="lnt"> 19 </span><span class="lnt"> 20 </span><span class="lnt"> 21 </span><span class="lnt"> 22 </span><span class="lnt"> 23 </span><span class="lnt"> 24 </span><span class="lnt"> 25 </span><span class="lnt"> 26 </span><span class="lnt"> 27 </span><span class="lnt"> 28 </span><span class="lnt"> 29 </span><span class="lnt"> 30 </span><span class="lnt"> 31 </span><span class="lnt"> 32 </span><span class="lnt"> 33 </span><span class="lnt"> 34 </span><span class="lnt"> 35 </span><span class="lnt"> 36 </span><span class="lnt"> 37 </span><span class="lnt"> 38 </span><span class="lnt"> 39 </span><span class="lnt"> 40 </span><span class="lnt"> 41 </span><span class="lnt"> 42 </span><span class="lnt"> 43 </span><span class="lnt"> 44 </span><span class="lnt"> 45 </span><span class="lnt"> 46 </span><span class="lnt"> 47 </span><span class="lnt"> 48 </span><span class="lnt"> 49 </span><span class="lnt"> 50 </span><span class="lnt"> 51 </span><span class="lnt"> 52 </span><span class="lnt"> 53 </span><span class="lnt"> 54 </span><span class="lnt"> 55 </span><span class="lnt"> 56 </span><span class="lnt"> 57 </span><span class="lnt"> 58 </span><span class="lnt"> 59 </span><span class="lnt"> 60 </span><span class="lnt"> 61 </span><span class="lnt"> 62 </span><span class="lnt"> 63 </span><span class="lnt"> 64 </span><span class="lnt"> 65 </span><span class="lnt"> 66 </span><span class="lnt"> 67 </span><span class="lnt"> 68 </span><span class="lnt"> 69 </span><span class="lnt"> 70 </span><span class="lnt"> 71 </span><span class="lnt"> 72 </span><span class="lnt"> 73 </span><span class="lnt"> 74 </span><span class="lnt"> 75 </span><span class="lnt"> 76 </span><span class="lnt"> 77 </span><span class="lnt"> 78 </span><span class="lnt"> 79 </span><span class="lnt"> 80 </span><span class="lnt"> 81 </span><span class="lnt"> 82 </span><span class="lnt"> 83 </span><span class="lnt"> 84 </span><span class="lnt"> 85 </span><span class="lnt"> 86 </span><span class="lnt"> 87 </span><span class="lnt"> 88 </span><span class="lnt"> 89 </span><span class="lnt"> 90 </span><span class="lnt"> 91 </span><span class="lnt"> 92 </span><span class="lnt"> 93 </span><span class="lnt"> 94 </span><span class="lnt"> 95 </span><span class="lnt"> 96 </span><span class="lnt"> 97 </span><span class="lnt"> 98 </span><span class="lnt"> 99 </span><span class="lnt">100 </span><span class="lnt">101 </span><span class="lnt">102 </span><span class="lnt">103 </span><span class="lnt">104 </span><span class="lnt">105 </span><span class="lnt">106 </span><span class="lnt">107 </span><span class="lnt">108 </span><span class="lnt">109 </span><span class="lnt">110 </span><span class="lnt">111 </span><span class="lnt">112 </span><span class="lnt">113 </span><span class="lnt">114 </span><span class="lnt">115 </span><span class="lnt">116 </span><span class="lnt">117 </span><span class="lnt">118 </span><span class="lnt">119 </span><span class="lnt">120 </span><span class="lnt">121 </span><span class="lnt">122 </span><span class="lnt">123 </span><span class="lnt">124 </span><span class="lnt">125 </span><span class="lnt">126 </span><span class="lnt">127 </span><span class="lnt">128 </span><span class="lnt">129 </span><span class="lnt">130 </span><span class="lnt">131 </span><span class="lnt">132 </span><span class="lnt">133 </span><span class="lnt">134 </span><span class="lnt">135 </span><span class="lnt">136 </span><span class="lnt">137 </span><span class="lnt">138 </span><span class="lnt">139 </span><span class="lnt">140 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Example config file /etc/vsftpd/vsftpd.conf</span> </span></span><span class="line"><span class="cl"><span class="c1">#</span> </span></span><span class="line"><span class="cl"><span class="c1"># The default compiled in settings are fairly paranoid. This sample file</span> </span></span><span class="line"><span class="cl"><span class="c1"># loosens things up a bit, to make the ftp daemon more usable.</span> </span></span><span class="line"><span class="cl"><span class="c1"># Please see vsftpd.conf.5 for all compiled in defaults.</span> </span></span><span class="line"><span class="cl"><span class="c1">#</span> </span></span><span class="line"><span class="cl"><span class="c1"># READ THIS: This example file is NOT an exhaustive list of vsftpd options.</span> </span></span><span class="line"><span class="cl"><span class="c1"># Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd&#39;s</span> </span></span><span class="line"><span class="cl"><span class="c1"># capabilities.</span> </span></span><span class="line"><span class="cl"><span class="c1">#</span> </span></span><span class="line"><span class="cl"><span class="c1"># Allow anonymous FTP? (Beware - allowed by default if you comment this out).</span> </span></span><span class="line"><span class="cl"><span class="nv">anonymous_enable</span><span class="o">=</span>NO </span></span><span class="line"><span class="cl"><span class="c1">#</span> </span></span><span class="line"><span class="cl"><span class="c1"># Uncomment this to allow local users to log in.</span> </span></span><span class="line"><span class="cl"><span class="c1"># When SELinux is enforcing check for SE bool ftp_home_dir</span> </span></span><span class="line"><span class="cl"><span class="nv">local_enable</span><span class="o">=</span>YES </span></span><span class="line"><span class="cl"><span class="c1">#</span> </span></span><span class="line"><span class="cl"><span class="c1"># Uncomment this to enable any form of FTP write command.</span> </span></span><span class="line"><span class="cl"><span class="nv">write_enable</span><span class="o">=</span>YES </span></span><span class="line"><span class="cl"><span class="c1">#</span> </span></span><span class="line"><span class="cl"><span class="c1"># Default umask for local users is 077. You may wish to change this to 022,</span> </span></span><span class="line"><span class="cl"><span class="c1"># if your users expect that (022 is used by most other ftpd&#39;s)</span> </span></span><span class="line"><span class="cl"><span class="nv">local_umask</span><span class="o">=</span><span class="m">022</span> </span></span><span class="line"><span class="cl"><span class="c1">#</span> </span></span><span class="line"><span class="cl"><span class="c1"># Uncomment this to allow the anonymous FTP user to upload files. This only</span> </span></span><span class="line"><span class="cl"><span class="c1"># has an effect if the above global write enable is activated. Also, you will</span> </span></span><span class="line"><span class="cl"><span class="c1"># obviously need to create a directory writable by the FTP user.</span> </span></span><span class="line"><span class="cl"><span class="c1"># When SELinux is enforcing check for SE bool allow_ftpd_anon_write, allow_ftpd_full_access</span> </span></span><span class="line"><span class="cl"><span class="c1">#anon_upload_enable=YES</span> </span></span><span class="line"><span class="cl"><span class="c1">#</span> </span></span><span class="line"><span class="cl"><span class="c1"># Uncomment this if you want the anonymous FTP user to be able to create</span> </span></span><span class="line"><span class="cl"><span class="c1"># new directories.</span> </span></span><span class="line"><span class="cl"><span class="c1">#anon_mkdir_write_enable=YES</span> </span></span><span class="line"><span class="cl"><span class="c1">#</span> </span></span><span class="line"><span class="cl"><span class="c1"># Activate directory messages - messages given to remote users when they</span> </span></span><span class="line"><span class="cl"><span class="c1"># go into a certain directory.</span> </span></span><span class="line"><span class="cl"><span class="nv">dirmessage_enable</span><span class="o">=</span>YES </span></span><span class="line"><span class="cl"><span class="c1">#</span> </span></span><span class="line"><span class="cl"><span class="c1"># Activate logging of uploads/downloads.</span> </span></span><span class="line"><span class="cl"><span class="nv">xferlog_enable</span><span class="o">=</span>YES </span></span><span class="line"><span class="cl"><span class="c1">#</span> </span></span><span class="line"><span class="cl"><span class="c1"># Make sure PORT transfer connections originate from port 20 (ftp-data).</span> </span></span><span class="line"><span class="cl"><span class="nv">connect_from_port_20</span><span class="o">=</span>YES </span></span><span class="line"><span class="cl"><span class="c1">#</span> </span></span><span class="line"><span class="cl"><span class="c1"># If you want, you can arrange for uploaded anonymous files to be owned by</span> </span></span><span class="line"><span class="cl"><span class="c1"># a different user. Note! Using &#34;root&#34; for uploaded files is not</span> </span></span><span class="line"><span class="cl"><span class="c1"># recommended!</span> </span></span><span class="line"><span class="cl"><span class="c1">#chown_uploads=YES</span> </span></span><span class="line"><span class="cl"><span class="c1">#chown_username=whoever</span> </span></span><span class="line"><span class="cl"><span class="c1">#</span> </span></span><span class="line"><span class="cl"><span class="c1"># You may override where the log file goes if you like. The default is shown</span> </span></span><span class="line"><span class="cl"><span class="c1"># below.</span> </span></span><span class="line"><span class="cl"><span class="c1">#xferlog_file=/var/log/xferlog</span> </span></span><span class="line"><span class="cl"><span class="c1">#</span> </span></span><span class="line"><span class="cl"><span class="c1"># If you want, you can have your log file in standard ftpd xferlog format.</span> </span></span><span class="line"><span class="cl"><span class="c1"># Note that the default log file location is /var/log/xferlog in this case.</span> </span></span><span class="line"><span class="cl"><span class="nv">xferlog_std_format</span><span class="o">=</span>YES </span></span><span class="line"><span class="cl"><span class="c1">#</span> </span></span><span class="line"><span class="cl"><span class="c1"># You may change the default value for timing out an idle session.</span> </span></span><span class="line"><span class="cl"><span class="c1">#idle_session_timeout=600</span> </span></span><span class="line"><span class="cl"><span class="c1">#</span> </span></span><span class="line"><span class="cl"><span class="c1"># You may change the default value for timing out a data connection.</span> </span></span><span class="line"><span class="cl"><span class="c1">#data_connection_timeout=120</span> </span></span><span class="line"><span class="cl"><span class="c1">#</span> </span></span><span class="line"><span class="cl"><span class="c1"># It is recommended that you define on your system a unique user which the</span> </span></span><span class="line"><span class="cl"><span class="c1"># ftp server can use as a totally isolated and unprivileged user.</span> </span></span><span class="line"><span class="cl"><span class="c1">#nopriv_user=ftpsecure</span> </span></span><span class="line"><span class="cl"><span class="c1">#</span> </span></span><span class="line"><span class="cl"><span class="c1"># Enable this and the server will recognise asynchronous ABOR requests. Not</span> </span></span><span class="line"><span class="cl"><span class="c1"># recommended for security (the code is non-trivial). Not enabling it,</span> </span></span><span class="line"><span class="cl"><span class="c1"># however, may confuse older FTP clients.</span> </span></span><span class="line"><span class="cl"><span class="c1">#async_abor_enable=YES</span> </span></span><span class="line"><span class="cl"><span class="c1">#</span> </span></span><span class="line"><span class="cl"><span class="c1"># By default the server will pretend to allow ASCII mode but in fact ignore</span> </span></span><span class="line"><span class="cl"><span class="c1"># the request. Turn on the below options to have the server actually do ASCII</span> </span></span><span class="line"><span class="cl"><span class="c1"># mangling on files when in ASCII mode.</span> </span></span><span class="line"><span class="cl"><span class="c1"># Beware that on some FTP servers, ASCII support allows a denial of service</span> </span></span><span class="line"><span class="cl"><span class="c1"># attack (DoS) via the command &#34;SIZE /big/file&#34; in ASCII mode. vsftpd</span> </span></span><span class="line"><span class="cl"><span class="c1"># predicted this attack and has always been safe, reporting the size of the</span> </span></span><span class="line"><span class="cl"><span class="c1"># raw file.</span> </span></span><span class="line"><span class="cl"><span class="c1"># ASCII mangling is a horrible feature of the protocol.</span> </span></span><span class="line"><span class="cl"><span class="c1">#ascii_upload_enable=YES</span> </span></span><span class="line"><span class="cl"><span class="c1">#ascii_download_enable=YES</span> </span></span><span class="line"><span class="cl"><span class="c1">#</span> </span></span><span class="line"><span class="cl"><span class="c1"># You may fully customise the login banner string:</span> </span></span><span class="line"><span class="cl"><span class="nv">ftpd_banner</span><span class="o">=</span>Welcome to blah FTP service. </span></span><span class="line"><span class="cl"><span class="c1">#</span> </span></span><span class="line"><span class="cl"><span class="c1"># You may specify a file of disallowed anonymous e-mail addresses. Apparently</span> </span></span><span class="line"><span class="cl"><span class="c1"># useful for combatting certain DoS attacks.</span> </span></span><span class="line"><span class="cl"><span class="c1">#deny_email_enable=YES</span> </span></span><span class="line"><span class="cl"><span class="c1"># (default follows)</span> </span></span><span class="line"><span class="cl"><span class="c1">#banned_email_file=/etc/vsftpd/banned_emails</span> </span></span><span class="line"><span class="cl"><span class="c1">#</span> </span></span><span class="line"><span class="cl"><span class="c1"># You may specify an explicit list of local users to chroot() to their home</span> </span></span><span class="line"><span class="cl"><span class="c1"># directory. If chroot_local_user is YES, then this list becomes a list of</span> </span></span><span class="line"><span class="cl"><span class="c1"># users to NOT chroot().</span> </span></span><span class="line"><span class="cl"><span class="c1"># (Warning! chroot&#39;ing can be very dangerous. If using chroot, make sure that</span> </span></span><span class="line"><span class="cl"><span class="c1"># the user does not have write access to the top level directory within the</span> </span></span><span class="line"><span class="cl"><span class="c1"># chroot)</span> </span></span><span class="line"><span class="cl"><span class="nv">chroot_local_user</span><span class="o">=</span>YES </span></span><span class="line"><span class="cl"><span class="nv">chroot_list_enable</span><span class="o">=</span>NO </span></span><span class="line"><span class="cl"><span class="c1"># (default follows)</span> </span></span><span class="line"><span class="cl"><span class="nv">chroot_list_file</span><span class="o">=</span>/etc/vsftpd/chroot_list </span></span><span class="line"><span class="cl"><span class="c1">#</span> </span></span><span class="line"><span class="cl"><span class="c1"># You may activate the &#34;-R&#34; option to the builtin ls. This is disabled by</span> </span></span><span class="line"><span class="cl"><span class="c1"># default to avoid remote users being able to cause excessive I/O on large</span> </span></span><span class="line"><span class="cl"><span class="c1"># sites. However, some broken FTP clients such as &#34;ncftp&#34; and &#34;mirror&#34; assume</span> </span></span><span class="line"><span class="cl"><span class="c1"># the presence of the &#34;-R&#34; option, so there is a strong case for enabling it.</span> </span></span><span class="line"><span class="cl"><span class="c1">#ls_recurse_enable=YES</span> </span></span><span class="line"><span class="cl"><span class="c1">#</span> </span></span><span class="line"><span class="cl"><span class="c1"># When &#34;listen&#34; directive is enabled, vsftpd runs in standalone mode and</span> </span></span><span class="line"><span class="cl"><span class="c1"># listens on IPv4 sockets. This directive cannot be used in conjunction</span> </span></span><span class="line"><span class="cl"><span class="c1"># with the listen_ipv6 directive.</span> </span></span><span class="line"><span class="cl"><span class="nv">listen</span><span class="o">=</span>YES </span></span><span class="line"><span class="cl"><span class="c1">#</span> </span></span><span class="line"><span class="cl"><span class="c1"># This directive enables listening on IPv6 sockets. By default, listening</span> </span></span><span class="line"><span class="cl"><span class="c1"># on the IPv6 &#34;any&#34; address (::) will accept connections from both IPv6</span> </span></span><span class="line"><span class="cl"><span class="c1"># and IPv4 clients. It is not necessary to listen on *both* IPv4 and IPv6</span> </span></span><span class="line"><span class="cl"><span class="c1"># sockets. If you want that (perhaps because you want to listen on specific</span> </span></span><span class="line"><span class="cl"><span class="c1"># addresses) then you must run two copies of vsftpd with two configuration</span> </span></span><span class="line"><span class="cl"><span class="c1"># files.</span> </span></span><span class="line"><span class="cl"><span class="c1"># Make sure, that one of the listen options is commented !!</span> </span></span><span class="line"><span class="cl"><span class="nv">listen_ipv6</span><span class="o">=</span>NO </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="nv">pam_service_name</span><span class="o">=</span>vsftpd </span></span><span class="line"><span class="cl"><span class="nv">userlist_enable</span><span class="o">=</span>YES </span></span><span class="line"><span class="cl"><span class="nv">tcp_wrappers</span><span class="o">=</span>YES </span></span><span class="line"><span class="cl"><span class="nv">local_root</span><span class="o">=</span>/ftp </span></span><span class="line"><span class="cl"><span class="nv">anon_root</span><span class="o">=</span>/ftp </span></span><span class="line"><span class="cl"><span class="nv">use_localtime</span><span class="o">=</span>YES </span></span><span class="line"><span class="cl"><span class="nv">user_config_dir</span><span class="o">=</span>/etc/vsftpd/userconfig </span></span><span class="line"><span class="cl"><span class="nv">pasv_enable</span><span class="o">=</span>yes </span></span><span class="line"><span class="cl"><span class="nv">pasv_min_port</span><span class="o">=</span><span class="m">41000</span> </span></span><span class="line"><span class="cl"><span class="nv">pasv_max_port</span><span class="o">=</span><span class="m">42000</span> </span></span><span class="line"><span class="cl"><span class="nv">allow_writeable_chroot</span><span class="o">=</span>YES </span></span><span class="line"><span class="cl"><span class="nv">listen_port</span><span class="o">=</span><span class="m">21</span> </span></span><span class="line"><span class="cl"><span class="nv">xferlog_file</span><span class="o">=</span>/var/log/vsftpd.log </span></span><span class="line"><span class="cl"><span class="nv">pasv_address</span><span class="o">=</span>your_ip </span></span><span class="line"><span class="cl"><span class="nv">pasv_addr_resolve</span><span class="o">=</span>yes </span></span><span class="line"><span class="cl"><span class="nv">pasv_promiscuous</span><span class="o">=</span>YES </span></span></code></pre></td></tr></table> </div> </div><p><strong>user_list</strong></p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># Comment out everything in this file</span> </span></span></code></pre></td></tr></table> </div> </div><p><strong>chroot_list</strong></p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">ftpuser </span></span><span class="line"><span class="cl">ftpsubuser </span></span></code></pre></td></tr></table> </div> </div><p><strong>/etc/vsftpd/userconfig/ftpsubuser</strong></p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="nv">local_root</span><span class="o">=</span>/ftp/ftpsubuser/ </span></span></code></pre></td></tr></table> </div> </div><p><strong>Commands to execute:</strong></p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span><span class="lnt">3 </span><span class="lnt">4 </span><span class="lnt">5 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">sudo useradd ftpuser -d /ftp -s /sbin/nologin -m </span></span><span class="line"><span class="cl">passwd ftpuser </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">sudo useradd ftpsubuser -d /ftp/ftpsubuser -s /sbin/nologin -m </span></span><span class="line"><span class="cl">passwd ftpsubuser </span></span></code></pre></td></tr></table> </div> </div><div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-fallback" data-lang="fallback"></code></pre></td></tr></table> </div> </div>[CentOS]Upgrading OpenSSH and vsftpd on CentOShttps://blog.coinidea.com/en/p/centosupgrading-openssh-and-vsftpd-on-centos/Thu, 23 Nov 2017 08:05:04 +0000https://blog.coinidea.com/en/p/centosupgrading-openssh-and-vsftpd-on-centos/<h2 id="upgrading-openssh-to-version-74-or-above">Upgrading OpenSSH to Version 7.4 or Above </h2><h3 id="background">Background </h3><p>Currently, OpenSSH versions below 7.4 on Linux have some critical vulnerabilities, and OpenSSH needs to be upgraded to version 7.4 or above. On a machine without external network access (no yum), this is quite troublesome. Online resources generally recommend backing up SSH and installing Telnet first, so you can still access the machine via Telnet if the upgrade fails.</p> <h3 id="common-issues-and-solutions">Common Issues and Solutions </h3><h4 id="1-cannot-find-zlibh">1. Cannot find <code>zlib.h</code> </h4><p>Reference: <a class="link" href="http://www.linuxidc.com/Linux/2012-10/72036.htm" target="_blank" rel="noopener" >http://www.linuxidc.com/Linux/2012-10/72036.htm</a></p> <h4 id="2-zlib-download-link">2. zlib download link </h4><ul> <li><a class="link" href="http://www.zlib.net/" target="_blank" rel="noopener" >http://www.zlib.net/</a></li> </ul> <h4 id="3-installing-zlib">3. Installing zlib </h4><p>Reference: <a class="link" href="http://www.360doc.com/content/13/0124/17/1200324_262179628.shtml" target="_blank" rel="noopener" >http://www.360doc.com/content/13/0124/17/1200324_262179628.shtml</a></p> <h4 id="4-dependencies-required-for-manually-compiling-openssh">4. Dependencies required for manually compiling OpenSSH </h4><ul> <li><code>zlib</code></li> <li><code>pam</code></li> <li><code>pam-devel</code></li> </ul> <p>If you get the error <code>configure: error: PAM headers not found</code>, you can download <code>pam-devel</code>:</p> <ul> <li><a class="link" href="http://rpm.pbone.net/index.php3?stat=26&amp;dist=74&amp;size=208492&amp;name=pam-devel-1.1.1-17.el6.x86_64.rpm" target="_blank" rel="noopener" >http://rpm.pbone.net/index.php3?stat=26&amp;dist=74&amp;size=208492&amp;name=pam-devel-1.1.1-17.el6.x86_64.rpm</a></li> </ul> <h4 id="5-openssl-download">5. OpenSSL download </h4><ul> <li><a class="link" href="ftp://ftp.openssl.org/source/" >ftp://ftp.openssl.org/source/</a></li> </ul> <h4 id="6-installing-openssl">6. Installing OpenSSL </h4><p>References:</p> <ul> <li><a class="link" href="http://blog.csdn.net/ikownyou/article/details/53021686" target="_blank" rel="noopener" >http://blog.csdn.net/ikownyou/article/details/53021686</a></li> <li><a class="link" href="http://www.linuxidc.com/Linux/2011-10/45738.htm" target="_blank" rel="noopener" >http://www.linuxidc.com/Linux/2011-10/45738.htm</a></li> </ul> <h3 id="notes">Notes </h3><p>If SecureCRT cannot log in after upgrading OpenSSH, it may be because the SecureCRT version is too old to support certain encryption protocols:</p> <p>Reference: <a class="link" href="http://blog.csdn.net/yangg1991/article/details/51755562" target="_blank" rel="noopener" >http://blog.csdn.net/yangg1991/article/details/51755562</a></p> <h3 id="steps-to-upgrade-openssh">Steps to Upgrade OpenSSH </h3><p>Reference: <a class="link" href="http://blog.csdn.net/u011080082/article/details/64503534" target="_blank" rel="noopener" >http://blog.csdn.net/u011080082/article/details/64503534</a></p> <h2 id="upgrading-vsftpd-from-222-to-234">Upgrading vsftpd from 2.2.2 to 2.3.4 </h2><p>Download the <code>vsftpd-2.3.4.tar.gz</code> package. For 64-bit systems, note:</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">sed -i <span class="s1">&#39;s/lib\/lib64\/g&#39;</span> vsf_findlibs.sh </span></span><span class="line"><span class="cl">sed -i <span class="s1">&#39;s/lib\//lib64\//g&#39;</span> vsf_findlibs.sh </span></span></code></pre></td></tr></table> </div> </div><h3 id="configuring-vsftpd">Configuring vsftpd </h3><p>Using active mode:</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">vsftpd /etc/vsftpd/vsftpd.conf <span class="p">&amp;</span> </span></span></code></pre></td></tr></table> </div> </div><p>When starting in <code>standard_alone</code> mode, you need to add the following two lines to the top of the configuration file:</p> <p>Reference: <a class="link" href="http://wingjang.blog.163.com/blog/static/47913442200811113104509/" target="_blank" rel="noopener" >http://wingjang.blog.163.com/blog/static/47913442200811113104509/</a></p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="nv">listen</span><span class="o">=</span>YES </span></span><span class="line"><span class="cl"><span class="nv">listen_port</span><span class="o">=</span><span class="m">21</span> </span></span></code></pre></td></tr></table> </div> </div><p>After installation, only anonymous users are allowed to log in by default, so you need to modify the configuration:</p> <p>Reference: <a class="link" href="http://blog.sina.com.cn/s/blog_7e16680c01018ox1.html" target="_blank" rel="noopener" >http://blog.sina.com.cn/s/blog_7e16680c01018ox1.html</a></p> <h3 id="handling-tcp_wrapper-issues">Handling TCP_Wrapper Issues </h3><p>If there are issues, pay attention to removing spaces, or you can remove it entirely:</p> <p>References:</p> <ul> <li><a class="link" href="http://blog.csdn.net/u010098331/article/details/50699914" target="_blank" rel="noopener" >http://blog.csdn.net/u010098331/article/details/50699914</a></li> <li><a class="link" href="http://blog.csdn.net/yylklshmyt20090217/article/details/8500608" target="_blank" rel="noopener" >http://blog.csdn.net/yylklshmyt20090217/article/details/8500608</a></li> </ul> <h3 id="vsftpd-download">vsftpd Download </h3><ul> <li><a class="link" href="http://pkgs.fedoraproject.org/repo/pkgs/vsftpd/" target="_blank" rel="noopener" >http://pkgs.fedoraproject.org/repo/pkgs/vsftpd/</a></li> </ul>