Enable SFTP in Oracle Linux 6

 

Install VSFTP RPM from the DVD media

*Mount the Media and go to Directory

cd /media

rpm -ivh vsftpd-2.2.2-11.el6.x86_64.rpm
Configure vsftpd

* Config file is: /etc/vsftpd/vsftpd.conf
* Append to default vsftpd.conf file:
# Make sure chroot jail is turned off. This is the default
chroot_local_user=NO

# Turn on passive ports
pasv_enable=YES
pasv_min_port=11000
pasv_max_port=11010

Open ports

* Add to /etc/sysconfig/iptables immediately under –dport 22 entry:
-A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 21 -j ACCEPT # This opens up port 21
-A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 22 -j ACCEPT # This opens up port 22 for sftp
-A RH-Firewall-1-INPUT -p tcp –dport 11000:11010 -j ACCEPT # This opens up passive ports

Configure SELinux to Allow FTP Traffic

* Check that to see if SELINUX is enabled in /etc/selinux/config file
SELINUX=enforcing
#SELINUX=disabled

* If SELinux is enforced, you need to set one of the following:
setsebool -P allow_ftpd_full_access 1
or
setsebool -P ftp_home_dir 1

Start/stop/restart Service
# Enable ftp to user home directory (SELinux only)
setsebool -P ftp_home_dir 1

# Setup autostart
chkconfig vsftpd on

# Start
service vsftpd start

# Stop
service vsftpd stop

# Restart
service vsftpd restart

# Check port 21 status
netstat -tulpn |grep :21

View Log

* Log file is in /var/log directory
tail -f /var/log/xferlog

 

Enable SFTP for vsFTP

* Generate a new certificate
openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout /etc/vsftpd/vsftpd.pem -out /etc/vsftpd/vsftpd.pem

[root@ftp_test 1 vsftpd]# openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout /etc/vsftpd/vsftpd.pem -out /etc/vsftpd/vsftpd.pem
Generating a 1024 bit RSA private key
.++++++
……….++++++
writing new private key to ‘/etc/vsftpd/vsftpd.pem’
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [GB]:QA
State or Province Name (full name) []:DOHA
Locality Name (eg, city) []: DOHA
Organization Name (eg, company) [My Company Ltd]:Example
Organizational Unit Name (eg, section) []:Example
Common Name (eg, your name or your server’s hostname) []:ftp_test
Email Address []:

* chmod key file:
chmod 600 vsftpd.pem

* Modify vsftpd.conf to include:

ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=NO
force_local_logins_ssl=NO # Set to YES to force sftp
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
rsa_cert_file=/etc/vsftpd/vsftpd.pem

* Restart vsftpd service:
service vsftpd restart

* Test sftp connection using WinSCP
– Protocol: sftp
– Port: 22
Issues
500 oops chroot

* In SELinux, you need to set one of the following:
setsebool -P allow_ftpd_full_access 1
or
setsebool -P ftp_home_dir 1

Access from Windows 7 FTP Client

* ftp command line utility didn’t work for me

* Use File Explorer to access vsftp server instead:
– Open File Explorer
– Type into addressbox: ftp://wxbox
– Enter username and password

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s