$ sudo dnf install -y
リポジトリの更新を読み込み中: Docker CE Stable - x86_64 100% | 19.5 KiB/s | 10.9 KiB | 00m01s Remi's RPM repository - Fedora 41 - x86_64 100% | 76.8 KiB/s | 422.0 KiB | 00m05s RPM Fusion for Fedora 41 - Nonfree - NVIDIA Driver 100% | 11.7 KiB/s | 26.5 KiB | 00m02s Fedora 41 - x86_64 - Updates 100% | 130.7 KiB/s | 3.4 MiB | 00m27s RPM Fusion for Fedora 41 - Free - Updates 100% | 10.9 KiB/s | 66.6 KiB | 00m06s Remi's Modular repository - Fedora 41 - x86_64 100% | 50.3 KiB/s | 225.2 KiB | 00m04s RPM Fusion for Fedora 41 - Nonfree - Updates 100% | 22.0 KiB/s | 53.5 KiB | 00m02s リポジトリを読み込みました。 Package Arch Version Repository Size Installing: vsftpd x86_64 3.0.5-8.fc41 fedora 343.8 KiB Transaction Summary: Installing: 1 package パッケージサイズ 167 KiB 、ダウンロードサイズ 167 KiB 。 完了後、344 KiB のサイズが利用されます(インストール 344 KiB、削除 0 B)。 [1/1] vsftpd-0:3.0.5-8.fc41.x86_64 100% | 125.9 KiB/s | 167.1 KiB | 00m01s -------------------------------------------------------------------------------------------------------------- [1/1] Total 100% | 75.5 KiB/s | 167.1 KiB | 00m02s トランザクションを実行中 [1/3] パッケージ ファイルを検証 100% | 100.0 B/s | 1.0 B | 00m00s [2/3] トランザクションの準備 100% | 0.0 B/s | 1.0 B | 00m07s [3/3] インストール中 vsftpd-0:3.0.5-8.fc41.x86_64 100% | 27.7 KiB/s | 353.0 KiB | 00m13s 完了しました!
$ openssl req -x509 -newkey rsa:4096 -nodes -sha256 -days 3650 -keyout vsftpd.pem -out vsftpd.pem \ -subj "/C=JP/ST=Hokkaido Pref./L=Sapporo City/O=Monsters Garage Co.,Ltd./OU=-/CN=localhost,highway-x,highway-x.fireball.local" \ -addext "subjectAltName=DNS:localhost,DNS:highway-x,DNS:highway-x.fireball.local"
......+......+...+...+........+......+++++++++++++++++++++++++++++++++++++++++++++*........+...+..+......+.......+........+.......+..+.......+.....+....+.....+............+...+......+.+..+.+.....+.......+..+.+......+++++++++++++++++++++++++++++++++++++++++++++*.....+...............+.+......+............+..+.............+......+.........+......+............+....................+....+...+..+.+..+......+....+..+....+...............+....................+....+...+.....+.........+.+..+...............+.+..+.........+......+.........................+..+..........+........+...+.+..................+...........+..........+...........+...+..................+...+..........+................................+...+..........+.....+.........+...+.......+...............+...+.....+.......+........+....+.......................+..........+.....+.+.....+......+...............+.+..................+...........+.+..............+.........+....+.....+............+...+.............+...+......+.....+......+...+....+...+...+.....+......+...................+......+...+.....+.+.............................+...+...+......+..........+......+.....+.......+...+.....+....+++++ .+.+......+.....+....+.....+.............+.....+...+.......+.....+.+......+...........+..................+.........+.+++++++++++++++++++++++++++++++++++++++++++++*..+...+++++++++++++++++++++++++++++++++++++++++++++*........+...+......+......+...............+............+..+.+...+...........+...+......+..........+.....+.+........+.......+..................+........+...+....+........+.......+............+...........+...+....+.....+.+..+..........+.................+.+..+...+...........................+............+...+....+..................+.....+............+.+.........+.....+.............+...+..+......+.+...+...........+.......+............+..+...+.............+...+.....+......+...+.......+........+...............+.......+...+++++ -----
$ openssl x509 -in vsftpd.pem -text -noout
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
14:0d:6a:0f:ae:71:d4:0a:77:b0:c1:f9:f8:78:b6:4c:e8:65:f5:7d
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=JP, ST=Hokkaido Pref., L=Sapporo City, O=Monsters Garage Co.,Ltd., OU=-, CN=localhost,highway-x,highway-x.fireball.local
Validity
Not Before: Feb 27 07:58:50 2025 GMT
Not After : Feb 25 07:58:50 2035 GMT
Subject: C=JP, ST=Hokkaido Pref., L=Sapporo City, O=Monsters Garage Co.,Ltd., OU=-, CN=localhost,highway-x,highway-x.fireball.local
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:ed:86:f3:c1:18:02:69:ac:8f:0c:e6:ab:9c:1a:
a3:09:58:dd:64:13:28:60:68:12:6b:c6:00:c2:ce:
38:b3:a4:7c:94:aa:2f:0d:6d:17:d5:73:29:57:a4:
db:0e:5e:f3:dc:d2:f2:ea:9a:c9:56:b3:ce:71:8d:
55:95:40:98:25:a2:db:d7:38:9a:58:32:4f:54:cc:
c4:b2:d2:09:47:d5:0b:46:ce:cc:23:04:7d:5b:da:
7c:95:20:14:d0:d8:f9:80:cd:97:1a:f5:65:35:de:
86:ca:4e:76:b6:28:dc:a8:a1:41:fa:18:f3:7f:a5:
7e:3c:78:54:32:e7:15:f9:f6:22:c3:dc:27:3e:2b:
e2:e0:84:3b:d0:98:ae:db:aa:86:03:f6:5e:2a:7f:
58:ea:9f:30:5c:e4:f0:24:35:8b:33:95:30:7c:35:
fc:8e:02:6e:76:37:2d:e2:92:4b:5b:d9:98:1b:5c:
e8:d4:d9:43:da:ef:2f:0f:04:13:bd:e7:66:c8:8f:
04:18:23:dd:8e:8e:6f:b0:73:d4:a3:00:12:ed:61:
48:b1:d8:56:2b:a9:3d:e5:87:43:68:ff:e0:cd:82:
62:a5:2c:cc:d8:e3:d0:44:94:1b:c9:40:71:f2:67:
88:87:cb:e1:b1:70:38:04:91:d7:a8:59:53:b8:76:
fd:83:0a:d6:c3:94:12:87:4b:5f:a8:b9:06:32:c7:
9e:c2:bb:53:6c:8b:b1:16:8d:a7:a5:8d:ca:9e:cf:
8b:e1:79:4d:ff:43:fb:af:3f:4c:db:83:be:31:f7:
10:af:1c:c1:dd:fd:61:8f:9d:fc:51:82:0f:13:1f:
c0:52:d2:04:38:2d:1b:3b:bb:2e:db:24:f7:7f:9a:
d9:69:b2:dc:68:00:e1:2e:cc:21:b8:9a:9f:29:0c:
88:79:d4:00:3b:46:21:b3:14:9d:1e:17:ec:97:0e:
58:b2:ed:cd:6d:d1:ba:6e:2a:5b:28:fd:1a:e5:d7:
3f:ed:e2:e3:eb:c5:c2:0a:20:b3:25:a6:bd:cd:fa:
16:dd:e0:0b:3d:74:8e:a4:05:28:b8:18:3c:52:56:
c4:7d:59:3a:d6:bb:4c:6f:9f:e5:c7:b2:82:8c:34:
c2:3c:ad:dd:32:f6:cc:27:26:f8:2b:3d:c8:a6:36:
1b:8a:d0:1a:b3:09:9c:32:df:04:37:d4:b5:f5:05:
61:bd:a0:2c:40:e1:ff:3b:ef:19:90:b1:dc:48:22:
c7:b7:59:9c:49:8a:e5:31:33:ac:14:46:7c:91:3b:
40:b3:3e:73:8a:08:37:8c:9f:bc:d6:26:1f:cc:49:
5a:40:35:e0:78:68:c2:d6:02:fd:62:e5:84:87:26:
1d:95:17
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E7:DB:0E:9C:68:C0:5A:B1:63:1C:53:88:8A:81:4C:52:96:BD:CA:6F
X509v3 Authority Key Identifier:
E7:DB:0E:9C:68:C0:5A:B1:63:1C:53:88:8A:81:4C:52:96:BD:CA:6F
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Subject Alternative Name:
DNS:localhost, DNS:highway-x, DNS:highway-x.fireball.local
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
9c:ab:af:94:fd:03:e2:76:57:f1:cf:2b:99:a3:dc:13:5c:11:
94:aa:b6:f6:e0:0e:56:89:64:49:30:ab:f8:2f:09:6c:16:ce:
84:49:78:eb:16:d7:c4:0e:e3:20:a2:53:ed:2b:33:4d:fc:c2:
29:3b:cd:4b:53:0e:9f:3d:72:aa:5d:c9:d1:97:01:4f:88:46:
51:9a:f5:f5:50:97:e6:bd:03:93:d2:cf:0d:bf:a7:8a:65:60:
ff:6d:fa:23:31:60:c1:b2:e4:e8:dd:8a:c2:c2:15:97:13:49:
1b:3b:13:8d:96:10:c9:f0:e1:4c:04:ab:16:02:6e:c5:7f:71:
97:8a:e6:e1:fe:28:e8:af:5b:43:57:2a:37:7e:11:23:d1:c9:
06:1f:2d:77:d2:3e:19:b1:a3:42:67:9d:5c:3b:5c:c1:3b:e3:
3b:df:5a:9e:c3:01:bb:69:2a:9a:b7:c7:a7:7c:e8:b5:4d:27:
01:d1:74:69:ae:09:05:11:2b:a7:a1:eb:05:12:31:60:6b:68:
46:b6:fb:69:f2:a9:c1:ee:dc:eb:35:4f:34:f3:21:40:21:99:
19:08:4c:17:b0:73:bf:6a:ab:ef:af:39:40:f8:0d:aa:fa:e3:
32:80:b6:ec:0b:4d:6c:37:4e:71:f9:a6:3e:de:cf:f8:09:6b:
06:b2:0f:fd:f9:0f:5e:48:1c:3a:8a:3c:ae:24:a9:9e:68:d2:
c4:a3:75:23:77:03:f2:8e:69:43:7f:3b:99:b5:98:e6:11:a7:
02:cf:3a:d1:dd:02:78:21:a2:75:56:e6:c2:1c:c0:c6:f1:47:
8a:c2:10:99:76:ab:38:be:6f:3c:68:56:67:49:01:13:50:ad:
5b:57:3a:72:4a:f4:a1:38:2b:08:c0:28:c3:6a:9b:9e:d1:30:
b6:65:d8:35:4c:1c:7d:9e:4a:18:4c:91:2d:e8:94:16:1b:de:
aa:a8:bd:ae:78:ca:52:b6:5e:5a:d7:10:27:5c:38:6b:27:5a:
ef:56:0f:b5:d6:82:b4:8c:fd:a2:55:0e:4c:01:e1:94:c7:01:
43:79:25:e5:81:86:2b:36:0e:7b:c4:a7:47:db:37:79:58:f8:
52:f3:b9:be:b7:58:50:b0:11:35:e1:e5:d0:cb:4d:62:40:66:
dc:c6:42:21:0b:9a:be:b2:30:11:74:07:c0:65:ca:9d:8a:16:
54:01:8d:be:ea:0a:d9:b3:72:8b:34:fb:e6:40:4d:50:92:4b:
d8:fe:9d:43:9f:06:5a:00:e6:2f:25:ca:78:0e:92:a5:33:c4:
6a:f3:bc:39:ad:d1:a1:13:28:bc:6d:3a:a2:9d:30:8c:60:07:
ba:f4:ff:3a:83:c9:ba:c5
$ sudo cp vsftpd.pem /etc/vsftpd
$ sudo nano /etc/vsftpd/vsftpd.conf
# Example config file /etc/vsftpd/vsftpd.conf # # The default compiled in settings are fairly paranoid. This sample file # loosens things up a bit, to make the ftp daemon more usable. # Please see vsftpd.conf.5 for all compiled in defaults. # # READ THIS: This example file is NOT an exhaustive list of vsftpd options. # Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's # capabilities. # # Allow anonymous FTP? (Beware - allowed by default if you comment this out). anonymous_enable=NO # # Uncomment this to allow local users to log in. local_enable=YES # # Uncomment this to enable any form of FTP write command. write_enable=YES # # Default umask for local users is 077. You may wish to change this to 022, # if your users expect that (022 is used by most other ftpd's) local_umask=022 # # Uncomment this to allow the anonymous FTP user to upload files. This only # has an effect if the above global write enable is activated. Also, you will # obviously need to create a directory writable by the FTP user. # When SELinux is enforcing check for SE bool allow_ftpd_anon_write, allow_ftpd_full_access #anon_upload_enable=YES # # Uncomment this if you want the anonymous FTP user to be able to create # new directories. #anon_mkdir_write_enable=YES # # Activate directory messages - messages given to remote users when they # go into a certain directory. dirmessage_enable=YES # # Activate logging of uploads/downloads. xferlog_enable=YES # # Make sure PORT transfer connections originate from port 20 (ftp-data). connect_from_port_20=YES # # If you want, you can arrange for uploaded anonymous files to be owned by # a different user. Note! Using "root" for uploaded files is not # recommended! #chown_uploads=YES #chown_username=whoever # # You may override where the log file goes if you like. The default is shown # below. #xferlog_file=/var/log/xferlog # # If you want, you can have your log file in standard ftpd xferlog format. # Note that the default log file location is /var/log/xferlog in this case. xferlog_std_format=YES # # You may change the default value for timing out an idle session. #idle_session_timeout=600 # # You may change the default value for timing out a data connection. #data_connection_timeout=120 # # It is recommended that you define on your system a unique user which the # ftp server can use as a totally isolated and unprivileged user. #nopriv_user=ftpsecure # # Enable this and the server will recognise asynchronous ABOR requests. Not # recommended for security (the code is non-trivial). Not enabling it, # however, may confuse older FTP clients. #async_abor_enable=YES # # By default the server will pretend to allow ASCII mode but in fact ignore # the request. Turn on the below options to have the server actually do ASCII # mangling on files when in ASCII mode. The vsftpd.conf(5) man page explains # the behaviour when these options are disabled. # Beware that on some FTP servers, ASCII support allows a denial of service # attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd # predicted this attack and has always been safe, reporting the size of the # raw file. # ASCII mangling is a horrible feature of the protocol. #ascii_upload_enable=YES #ascii_download_enable=YES # # You may fully customise the login banner string: #ftpd_banner=Welcome to blah FTP service. # # You may specify a file of disallowed anonymous e-mail addresses. Apparently # useful for combatting certain DoS attacks. #deny_email_enable=YES # (default follows) #banned_email_file=/etc/vsftpd/banned_emails # # You may specify an explicit list of local users to chroot() to their home # directory. If chroot_local_user is YES, then this list becomes a list of # users to NOT chroot(). # (Warning! chroot'ing can be very dangerous. If using chroot, make sure that # the user does not have write access to the top level directory within the # chroot) #chroot_local_user=YES #chroot_list_enable=YES # (default follows) #chroot_list_file=/etc/vsftpd/chroot_list # # You may activate the "-R" option to the builtin ls. This is disabled by # default to avoid remote users being able to cause excessive I/O on large # sites. However, some broken FTP clients such as "ncftp" and "mirror" assume # the presence of the "-R" option, so there is a strong case for enabling it. #ls_recurse_enable=YES # # When "listen" directive is enabled, vsftpd runs in standalone mode and # listens on IPv4 sockets. This directive cannot be used in conjunction # with the listen_ipv6 directive. listen=NO # # This directive enables listening on IPv6 sockets. By default, listening # on the IPv6 "any" address (::) will accept connections from both IPv6 # and IPv4 clients. It is not necessary to listen on *both* IPv4 and IPv6 # sockets. If you want that (perhaps because you want to listen on specific # addresses) then you must run two copies of vsftpd with two configuration # files. # Make sure, that one of the listen options is commented !! listen_ipv6=YES pam_service_name=vsftpd userlist_enable=YES
ssl_enable=YES allow_anon_ssl=NO force_local_data_ssl=YES force_local_logins_ssl=YES ssl_tlsv1=YES ssl_sslv2=NO ssl_sslv3=NO # Filezilla uses port 21 if you don't set any port # in Servertype "FTPES - FTP over explicit TLS/SSL" # Port 990 is the default used for FTPS protocol. # Uncomment it if you want/have to use port 990. listen_port=990 rsa_cert_file=/etc/vsftpd/vsftpd.pem