In my previous post, i discussed about how to install & configure FTP Server on Ubuntu. In this post, i will discuss about how to setup SFTP server in Ubuntu. First you need to install openssh-server, which can be done using command:
sudo apt-get install openssh-server ssh
You can use the following commands for ssh:
sudo service ssh start # Starts SSH Servier sudo service ssh restart # Restarts SSH Server sudo service ssh stop # Stops SSH Server sudo service ssh status # Gives a short description of the status of the SSH server
First create a backup of the /etc/ssh/sshd_config file and name it as /etc/ssh/sshd_config.bak. When done, open the /etc/ssh/sshd_config file:
sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak sudo vi /etc/ssh/sshd_config
Now edit the file /etc/ssh/sshd_config and add/edit the following lines:
#Subsystem sftp /usr/lib/openssh/sftp-server Subsystem sftp internal-sftp -f AUTH -1 VERBOSE #Uncomment this line if already commented UsePAM yes AllowGroups sftpusers sftp Match Group sftpusers ChrootDirectory %h AllowTCPForwarding no X11Forwarding no ForceCommand internal-sftp
Now lets create the relevant users & groups. First the create user group sftpusers using command:
sudo groupadd sftpusers
Now create a user suppose sftpuser. The commands listed below will create the user, add it to the sftpusers, and update its password
sudo adduser sftpuser sudo usermod -a -G sftpusers sftpuser sudo passwd sftpuser
Now proceed with modifying the permissions of the users home directory to allow for chrooting:
sudo chown root:sftpuser /home/sftpuser sudo chmod 750 /home/sftpuser
Create a directory in which
sftpuser is free to put any files in it:
sudo mkdir /home/sftpuser/public sudo chown sftp-user: /home/sftpuser/public sudo chmod 777 /home/sftpuser/public
Should you run in any problems, check Should you run in any problems, check
/var/log/auth.log for details. Run
sftp with the
-vvv option for debugging messages. For
sftp, the option must appear before the host as in
sftp -vvv user@host.
In this post, i will go through the process of installing FTP server in Ubuntu. First, run the following command to install ProFTPd in ubuntu:
sudo apt-get install proftpd
When installing a dialog box like this will be shown. Choose whatever option you feel suits your best needs:
Now open the file /etc/shells through any text editor, and add the following line to the end of the file:
Next step is to create the users and their respective home directories.
sudo mkdir -m 777 /home/ftp sudo useradd ftpuser -p [YOUR_PASSWORD] -d /home/ftp -s /bin/false sudo passwd ftpuser
Now open the proFTPd configuration file /etc/proftpd/proftpd.conf. Normally you only edit a couple of parameters to get the server running, but you can configure the rest based on your own requirements.
ServerName "Ubuntu" DefaultRoot ~
Uncomment the DefaultRoot line in the configuration, if it is already commented. This will jail the users to their home directories.
Now run the following command to restart ProFTPd.
sudo service proftpd restart
Now you have a fully functioning FTP server running on Ubuntu.
We can generate self-signed certificate in Linux using OpenSSL. One issue we may encounter is how to renew that certificate. No issues, this can accomplished using OpenSSL.
openssl x509 -x509toreq -signkey private.key -out newcert.csr -in oldcert.pem
where oldcert.pem is the old certificate. When you run the above command, its data will be imported into the certificate newcert.csr using the current private key private.key
In this tutorial, you will know how to install apache, php5 & mysql in ubuntu. You will know how to configure virtual hosts & SSL in ubuntu as well. So lets get started …
Open the terminal using command Ctrl+Alt+T.First run the command sudo apt-get update to update all the packages.
Step 1: Install Apache
To install apache, just run the following command:
sudo apt-get install apache2
The above command will install apache with some default modules, libraries etc. To check whether the installation was successful, just browse to the address http://localhost/. If you see a page like this, then your installation was successful.
Step 2: Install MySQL Server
To install mysql server, run the following command in terminal:
sudo apt-get install mysql-server
The wizard will ask you to set the password of the mysql root user. Just set the password as you desire, and the remaining packages in the installation will be installed as desired.
Step 3: Install PHP (plus phpMyAdmin)
To install php, just run the following command in the terminal:
sudo apt-get install php5 libapache2-mod-php5 php5-mysql phpmyadmin
This will get you a through a wizard to setup phpMyAdmin as well. Just select apache2 as the server. Leave the remaining settings untouched. After the installation is completed, just created a file called info.php in the /var/www folder and put the following code:
<?php phpinfo(); ?>
To configure phpmyadmin, open the file /etc/apache2/apache2.conf and add the following line to the end of the file.
Now run the command sudo service apache2 restartto restart the server for the php5 installation changes to take effect.
Step 4: Install & Configure SSL for Apache
To setup HTTPS for apache in ubuntu, we first need to install openssl:
sudo apt-get install openssl
After the installation is done, we need to enable the default apache SSL module by running the command:
sudo a2enmod ssl
Now run the command described in the end of Step 3 to restart apache.
To enable SSL on apache we need to have a security certificate signed from a certified CA authority. But in this post, we are going to generate a self-signed certificate. To do that we need to do the following steps:
- First we need to generate a key for the certificate. This can be done by using the command:
openssl genrsa -des3 -out server.key 1024
The above command will generate a Triple-DES, 1024-bit encrypted SSL key in ASCII text format, which is readable.
- Then we need to generate a CSR (Certificate Signing Request). This can be done by using the command:
openssl req -new -key server.key -out server.csr
The above command creates a request for a signed certificate. It asks for some information which is needed to create the request.
- Now we need to generate our self-signed certificate. This can be done by using the command:
openssl x509 -req -days 730 -in server.csr -signkey server.key -out server.crt
The above command will create a certificate valid for 730 days.
- Now copy the certificate & key file to the following locations:
cp server.crt /etc/ssl/certs/ cp server.key /etc/ssl/private/
- By default there is a default-ssl when apache is installed. Now open the file using command:
sudo nano /etc/apache2/sites-availabe/default-ssl
Now find the following lines(uncomment them if needed), and change the values to the following:
SSLEngine on SSLCertificateFile /etc/ssl/certs/server.crt SSLCertificateKeyFile /etc/ssl/private/server.key
- Now run the following command to enable the default SSL site:
sudo a2ensite default-ssl
- Now restart the server as described in Step 3. This time it will ask you to input the certificate’s key password. Just enter it to restart the server.
- Now browse to https://localhost/ to view it in HTTPS mode.
Now you have a running LAMP stack with SSL enabled. Remember that by default, linux allows only one site to enter in HTTPS mode. Please feel free to comment, if you guys have any questions.