Ssh – configure VSFTPD to listen only to localhost

ftpsftpsshssh-tunnelvsftpd

I have a legacy app that needs FTP and cannot do SFTP.

My solution is:

put an FTP server in place using VSFTPD
configure the firewall to accept port 21 connections only from localhost
Set up an SSH connection from the client with the legacy app
Tunnel the FTP through SSH

I'm wondering though if I can configure VSFTPD to ignore connections from anywhere but localhost on its own, in addition to the firewall. Belt and bracers both.

Best Answer

Yes. Configure the vsftp server to listen only on 127.0.0.1: this can be done in the vsftp.conf file:

listen_address=127.0.0.1

To use this parameter, the server needs to be in standalone mode:

listen=yes

If you want to use IPv6, use these entries instead:

listen_ipv6=yes
listen_address6=::1

This is the same as the first, but uses IPv6.

You'll almost certainly have to restart to make this work.

Related Solutions

Linux – Allow anonymous upload for Vsftpd

You have created a dir called pub/upload:

# mkdir /var/ftp/pub/upload

But then you configured uploads to go to pub/incoming:

anon_root=/var/ftp/pub/incoming

So it's a simple path mismatch, all the rest seems OK.

Ssh – How forward one port to other using ssh or any other tool

You might also be able to configure xinetd to do this:

Define a new service running on port 7070, and configure it using redirect (from man xinetd.conf)

redirect Allows a tcp service to be redirected to another host. When xinetd receives a tcp connection on this port it spawns a process that establishes a connection to the host and port number specified, and forwards all data between the two hosts.

Best Answer

Related Solutions

Linux – Allow anonymous upload for Vsftpd

Ssh – How forward one port to other using ssh or any other tool

Related Topic