wzdftpd is a portable, modular, and highly efficient FTP server daemon for Linux and Unix-like systems. Unlike more common alternatives like vsftpd, wzdftpd is explicitly designed to work under high loads while providing extensive customization through its modular plugin-based architecture and online administration capabilities.
To set up a secure FTP environment using wzdftpd, you need to configure explicit FTP over TLS (FTPS) to ensure that user credentials and data streams are completely encrypted in transit. 1. Installation
To start, update your package repository lists and install the wzdftpd server along with standard OpenSSL tools needed for certificate generation. sudo apt update sudo apt install wzdftpd openssl Use code with caution. 2. Generate an SSL/TLS Certificate
Standard FTP passes credentials in plain text, making them vulnerable. You must generate a self-signed TLS certificate to enable encryption.
Create a dedicated directory to securely store your cryptographic files: sudo mkdir -p /etc/wzdftpd/ssl Use code with caution.
Generate a 2048-bit RSA private key and a self-signed certificate valid for one year:
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048-keyout /etc/wzdftpd/ssl/wzdftpd.key -out /etc/wzdftpd/ssl/wzdftpd.crt Use code with caution. Secure the file permissions so only root can modify them: sudo chmod 600 /etc/wzdftpd/ssl/wzdftpd.key Use code with caution. 3. Configure Security in wzdftpd.conf
Open the main configuration file located at /etc/wzdftpd/wzdftpd.conf using a terminal text editor to fine-tune access and enforce TLS.
Disable Anonymous Access: Ensure unauthenticated users cannot browse your files.
Enforce TLS: Force the application to accept only encrypted sessions.
Define Passive Ports: Set predictable port ranges to navigate server firewalls easily.
Locate or append the following security directives within the file:
# Disable public anonymous logins disable_anonymous = yes # TLS/SSL Explicit Configuration ssl_enable = yes ssl_cert_file = /etc/wzdftpd/ssl/wzdftpd.crt ssl_key_file = /etc/wzdftpd/ssl/wzdftpd.key # Force clients to use explicit TLS encryption for security force_tls_login = yes force_tls_data = yes # Bound passive mode ports for firewall traversal pasv_min_port = 40000 pasv_max_port = 40100 Use code with caution. 4. Adjust the System Firewall
If you use the Uncomplicated Firewall (UFW), you must allow control traffic on port 21, secure implicit connection mappings, and the assigned range of passive data ports.
sudo ufw allow 21/tcp sudo ufw allow 990/tcp sudo ufw allow 40000:40100/tcp sudo ufw reload Use code with caution. 5. Start and Test the Daemon EASY FTP/FTPS Server for Ubuntu/Linux
Leave a Reply