23.06.2021, 14:24
SSH Port ändern von 22 auf 33195 und PermitRootLogin auf no setzen!
Konfigurationsdatei unter:
sudo nano /etc/ssh/sshd_config
Nach der Änderung mit Strg + o abspeichern und mit Strg + x schließen
[attachment=14]
Freigabe:
lordsniefnase@sliplady:~$ sudo ufw allow 33159
Rule added
Rule added (v6)
lordsniefnase@sliplady:~$ sudo ufw allow 33159/tcp
Rule added
Rule added (v6)
lordsniefnase@sliplady:~$ sudo ufw reload
Firewall reloaded
Neu anmelden auf Port 33159 - Keine Anmeldung als root möglich - nur noch über su!
ssh lordsniefnase@192.168.178.21 -p33159
lordsniefnase@sliplady:~$ su
Password:
root@sliplady:/home/lordsniefnase#
exit
UFW - Regel Port 22 löschen:
lordsniefnase@sliplady:~$ sudo ufw status numbered
[sudo] password for lordsniefnase:
Status: active
To Action From
-- ------ ----
[ 1] 22/tcp ALLOW IN Anywhere
[ 2] 22 ALLOW IN Anywhere
[ 3] 33159 ALLOW IN Anywhere
[ 4] 33159/tcp ALLOW IN Anywhere
[ 5] 22/tcp (v6) ALLOW IN Anywhere (v6)
[ 6] 22 (v6) ALLOW IN Anywhere (v6)
[ 7] 33159 (v6) ALLOW IN Anywhere (v6)
[ 8] 33159/tcp (v6) ALLOW IN Anywhere (v6)
lordsniefnase@sliplady:~$ ufw delete 2
ERROR: You need to be root to run this script
lordsniefnase@sliplady:~$ sudo ufw delete 2
Deleting:
allow 22
Proceed with operation (y|n)? y
Rule deleted
lordsniefnase@sliplady:~$ sudo ufw delete 1
Deleting:
allow 22/tcp
Proceed with operation (y|n)? y
Rule deleted
lordsniefnase@sliplady:~$ sudo ufw delete 5
Deleting:
allow 33159
Proceed with operation (y|n)? n
Aborted
lordsniefnase@sliplady:~$ sudo ufw delete 6
Deleting:
allow 33159/tcp
Proceed with operation (y|n)? n
Aborted
lordsniefnase@sliplady:~$ sudo ufw status numbered
Status: active
To Action From
-- ------ ----
[ 1] 33159 ALLOW IN Anywhere
[ 2] 33159/tcp ALLOW IN Anywhere
[ 3] 22/tcp (v6) ALLOW IN Anywhere (v6)
[ 4] 22 (v6) ALLOW IN Anywhere (v6)
[ 5] 33159 (v6) ALLOW IN Anywhere (v6)
[ 6] 33159/tcp (v6) ALLOW IN Anywhere (v6)
lordsniefnase@sliplady:~$ sudo ufw delete 3
Deleting:
allow 22/tcp
Proceed with operation (y|n)? y
Rule deleted (v6)
lordsniefnase@sliplady:~$ sudo ufw delete 4
Deleting:
allow 33159
Proceed with operation (y|n)? n
Aborted
lordsniefnase@sliplady:~$ sudo ufw status numbered
Status: active
To Action From
-- ------ ----
[ 1] 33159 ALLOW IN Anywhere
[ 2] 33159/tcp ALLOW IN Anywhere
[ 3] 22 (v6) ALLOW IN Anywhere (v6)
[ 4] 33159 (v6) ALLOW IN Anywhere (v6)
[ 5] 33159/tcp (v6) ALLOW IN Anywhere (v6)
lordsniefnase@sliplady:~$ sudo ufw delete 3
Deleting:
allow 22
Proceed with operation (y|n)? y
Rule deleted (v6)
lordsniefnase@sliplady:~$ sudo ufw reload
Firewall reloaded
lordsniefnase@sliplady:~$
lordsniefnase@sliplady:~$ sudo ufw status numbered
Status: active
To Action From
-- ------ ----
[ 1] 33159 ALLOW IN Anywhere
[ 2] 33159/tcp ALLOW IN Anywhere
[ 3] 33159 (v6) ALLOW IN Anywhere (v6)
[ 4] 33159/tcp (v6) ALLOW IN Anywhere (v6)
clear
vsftp aufsetzen:
sudo apt-get install vsftpd -y
sudo apt-get install vsftpd -y
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
ssl-cert
Suggested packages:
openssl-blacklist
The following NEW packages will be installed:
ssl-cert vsftpd
0 upgraded, 2 newly installed, 0 to remove and 7 not upgraded.
Need to get 132 kB of archives.
After this operation, 402 kB of additional disk space will be used.
Fetched 132 kB in 0s (459 kB/s)
Preconfiguring packages ...
Selecting previously unselected package ssl-cert.
(Reading database ... 71302 files and directories currently installed.)
Preparing to unpack .../ssl-cert_1.0.39_all.deb ...
Unpacking ssl-cert (1.0.39) ...
Selecting previously unselected package vsftpd.
Preparing to unpack .../vsftpd_3.0.3-12_amd64.deb ...
Unpacking vsftpd (3.0.3-12) ...
Setting up ssl-cert (1.0.39) ...
Setting up vsftpd (3.0.3-12) ...
Created symlink /etc/systemd/system/multi-user.target.wants/vsftpd.service → /lib/systemd/system/vsftpd.service.
Processing triggers for man-db (2.9.1-1) ...
Processing triggers for systemd (245.4-4ubuntu3.7) ...
lordsniefnase@sliplady:~$ sudo systemctl start vsftpd
lordsniefnase@sliplady:~$ sudo systemctl enable vsftpd
Synchronizing state of vsftpd.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable vsftpd
lordsniefnase@sliplady:~$ sudo cp /etc/vsftpd.conf /etc/vsftpd.conf.bak
lordsniefnase@sliplady:~$ sudo nano /etc/vsftpd.conf
lordsniefnase@sliplady:~$ sudo nano /etc/vsftpd.userlist
lordsniefnase@sliplady:~$ sudo systemctl restart vsftpd
lordsniefnase@sliplady:~$ sudo mkdir /etc/cert
lordsniefnase@sliplady:~$ sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/cert/vsftpd.pem -out /etc/cert/vsftpd.pem
Generating a RSA private key
..................+++++
...............................................+++++
writing new private key to '/etc/cert/vsftpd.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:
Email Address []:
lordsniefnase@sliplady:~$
sudo nano /etc/vsftpd.conf
Inhalt:
listen=NO
listen_ipv6=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
chroot_local_user=YES
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
pasv_enable=Yes
pasv_min_port=10000
pasv_max_port=11000
user_sub_token=$USER
local_root=/home/$USER/ftp
userlist_enable=YES
userlist_file=/etc/vsftpd.userlist
userlist_deny=NO
rsa_cert_file=/etc/cert/vsftpd.pem
rsa_private_key_file=/etc/cert/vsftpd.pem
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
require_ssl_reuse=NO
ssl_ciphers=HIGH
lordsniefnase@sliplady:~$ sudo /etc/init.d/vsftpd restart
Restarting vsftpd (via systemctl): vsftpd.service.
[attachment=16]
lordsniefnase@sliplady:~$ sudo adduser opensim
[sudo] password for lordsniefnase:
Adding user `opensim' ...
Adding new group `opensim' (1003) ...
Adding new user `opensim' (1003) with group `opensim' ...
Creating home directory `/home/opensim' ...
Copying files from `/etc/skel' ...
New password:
Retype new password:
passwd: password updated successfully
Changing the user information for opensim
Enter the new value, or press ENTER for the default
Full Name []:
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [Y/n] Y
lordsniefnase@sliplady:~$ sudo mkdir /home/opensim/ftp
lordsniefnase@sliplady:~$ sudo chown nobody:nogroup /home/opensim/ftp
lordsniefnase@sliplady:~$ sudo chmod a-w /home/opensim/ftp
lordsniefnase@sliplady:~$ sudo mkdir /home/opensim/ftp/install
lordsniefnase@sliplady:~$ sudo chown opensim:opensim /home/opensim/ftp/install
lordsniefnase@sliplady:~$ sudo nano /etc/vsftpd.userlist
lordsniefnase@sliplady:~$
lordsniefnase@sliplady:~$
Zugang zum Server mit Filezilla für opensim mit SFTP SSH im LAN ready!
[attachment=17]
Konfigurationsdatei unter:
sudo nano /etc/ssh/sshd_config
Nach der Änderung mit Strg + o abspeichern und mit Strg + x schließen
[attachment=14]
Freigabe:
lordsniefnase@sliplady:~$ sudo ufw allow 33159
Rule added
Rule added (v6)
lordsniefnase@sliplady:~$ sudo ufw allow 33159/tcp
Rule added
Rule added (v6)
lordsniefnase@sliplady:~$ sudo ufw reload
Firewall reloaded
Neu anmelden auf Port 33159 - Keine Anmeldung als root möglich - nur noch über su!
ssh lordsniefnase@192.168.178.21 -p33159
lordsniefnase@sliplady:~$ su
Password:
root@sliplady:/home/lordsniefnase#
exit
UFW - Regel Port 22 löschen:
lordsniefnase@sliplady:~$ sudo ufw status numbered
[sudo] password for lordsniefnase:
Status: active
To Action From
-- ------ ----
[ 1] 22/tcp ALLOW IN Anywhere
[ 2] 22 ALLOW IN Anywhere
[ 3] 33159 ALLOW IN Anywhere
[ 4] 33159/tcp ALLOW IN Anywhere
[ 5] 22/tcp (v6) ALLOW IN Anywhere (v6)
[ 6] 22 (v6) ALLOW IN Anywhere (v6)
[ 7] 33159 (v6) ALLOW IN Anywhere (v6)
[ 8] 33159/tcp (v6) ALLOW IN Anywhere (v6)
lordsniefnase@sliplady:~$ ufw delete 2
ERROR: You need to be root to run this script
lordsniefnase@sliplady:~$ sudo ufw delete 2
Deleting:
allow 22
Proceed with operation (y|n)? y
Rule deleted
lordsniefnase@sliplady:~$ sudo ufw delete 1
Deleting:
allow 22/tcp
Proceed with operation (y|n)? y
Rule deleted
lordsniefnase@sliplady:~$ sudo ufw delete 5
Deleting:
allow 33159
Proceed with operation (y|n)? n
Aborted
lordsniefnase@sliplady:~$ sudo ufw delete 6
Deleting:
allow 33159/tcp
Proceed with operation (y|n)? n
Aborted
lordsniefnase@sliplady:~$ sudo ufw status numbered
Status: active
To Action From
-- ------ ----
[ 1] 33159 ALLOW IN Anywhere
[ 2] 33159/tcp ALLOW IN Anywhere
[ 3] 22/tcp (v6) ALLOW IN Anywhere (v6)
[ 4] 22 (v6) ALLOW IN Anywhere (v6)
[ 5] 33159 (v6) ALLOW IN Anywhere (v6)
[ 6] 33159/tcp (v6) ALLOW IN Anywhere (v6)
lordsniefnase@sliplady:~$ sudo ufw delete 3
Deleting:
allow 22/tcp
Proceed with operation (y|n)? y
Rule deleted (v6)
lordsniefnase@sliplady:~$ sudo ufw delete 4
Deleting:
allow 33159
Proceed with operation (y|n)? n
Aborted
lordsniefnase@sliplady:~$ sudo ufw status numbered
Status: active
To Action From
-- ------ ----
[ 1] 33159 ALLOW IN Anywhere
[ 2] 33159/tcp ALLOW IN Anywhere
[ 3] 22 (v6) ALLOW IN Anywhere (v6)
[ 4] 33159 (v6) ALLOW IN Anywhere (v6)
[ 5] 33159/tcp (v6) ALLOW IN Anywhere (v6)
lordsniefnase@sliplady:~$ sudo ufw delete 3
Deleting:
allow 22
Proceed with operation (y|n)? y
Rule deleted (v6)
lordsniefnase@sliplady:~$ sudo ufw reload
Firewall reloaded
lordsniefnase@sliplady:~$
lordsniefnase@sliplady:~$ sudo ufw status numbered
Status: active
To Action From
-- ------ ----
[ 1] 33159 ALLOW IN Anywhere
[ 2] 33159/tcp ALLOW IN Anywhere
[ 3] 33159 (v6) ALLOW IN Anywhere (v6)
[ 4] 33159/tcp (v6) ALLOW IN Anywhere (v6)
clear
vsftp aufsetzen:
sudo apt-get install vsftpd -y
sudo apt-get install vsftpd -y
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
ssl-cert
Suggested packages:
openssl-blacklist
The following NEW packages will be installed:
ssl-cert vsftpd
0 upgraded, 2 newly installed, 0 to remove and 7 not upgraded.
Need to get 132 kB of archives.
After this operation, 402 kB of additional disk space will be used.
Fetched 132 kB in 0s (459 kB/s)
Preconfiguring packages ...
Selecting previously unselected package ssl-cert.
(Reading database ... 71302 files and directories currently installed.)
Preparing to unpack .../ssl-cert_1.0.39_all.deb ...
Unpacking ssl-cert (1.0.39) ...
Selecting previously unselected package vsftpd.
Preparing to unpack .../vsftpd_3.0.3-12_amd64.deb ...
Unpacking vsftpd (3.0.3-12) ...
Setting up ssl-cert (1.0.39) ...
Setting up vsftpd (3.0.3-12) ...
Created symlink /etc/systemd/system/multi-user.target.wants/vsftpd.service → /lib/systemd/system/vsftpd.service.
Processing triggers for man-db (2.9.1-1) ...
Processing triggers for systemd (245.4-4ubuntu3.7) ...
lordsniefnase@sliplady:~$ sudo systemctl start vsftpd
lordsniefnase@sliplady:~$ sudo systemctl enable vsftpd
Synchronizing state of vsftpd.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable vsftpd
lordsniefnase@sliplady:~$ sudo cp /etc/vsftpd.conf /etc/vsftpd.conf.bak
lordsniefnase@sliplady:~$ sudo nano /etc/vsftpd.conf
lordsniefnase@sliplady:~$ sudo nano /etc/vsftpd.userlist
lordsniefnase@sliplady:~$ sudo systemctl restart vsftpd
lordsniefnase@sliplady:~$ sudo mkdir /etc/cert
lordsniefnase@sliplady:~$ sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/cert/vsftpd.pem -out /etc/cert/vsftpd.pem
Generating a RSA private key
..................+++++
...............................................+++++
writing new private key to '/etc/cert/vsftpd.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:
Email Address []:
lordsniefnase@sliplady:~$
sudo nano /etc/vsftpd.conf
Inhalt:
listen=NO
listen_ipv6=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
chroot_local_user=YES
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
pasv_enable=Yes
pasv_min_port=10000
pasv_max_port=11000
user_sub_token=$USER
local_root=/home/$USER/ftp
userlist_enable=YES
userlist_file=/etc/vsftpd.userlist
userlist_deny=NO
rsa_cert_file=/etc/cert/vsftpd.pem
rsa_private_key_file=/etc/cert/vsftpd.pem
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
require_ssl_reuse=NO
ssl_ciphers=HIGH
lordsniefnase@sliplady:~$ sudo /etc/init.d/vsftpd restart
Restarting vsftpd (via systemctl): vsftpd.service.
[attachment=16]
lordsniefnase@sliplady:~$ sudo adduser opensim
[sudo] password for lordsniefnase:
Adding user `opensim' ...
Adding new group `opensim' (1003) ...
Adding new user `opensim' (1003) with group `opensim' ...
Creating home directory `/home/opensim' ...
Copying files from `/etc/skel' ...
New password:
Retype new password:
passwd: password updated successfully
Changing the user information for opensim
Enter the new value, or press ENTER for the default
Full Name []:
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [Y/n] Y
lordsniefnase@sliplady:~$ sudo mkdir /home/opensim/ftp
lordsniefnase@sliplady:~$ sudo chown nobody:nogroup /home/opensim/ftp
lordsniefnase@sliplady:~$ sudo chmod a-w /home/opensim/ftp
lordsniefnase@sliplady:~$ sudo mkdir /home/opensim/ftp/install
lordsniefnase@sliplady:~$ sudo chown opensim:opensim /home/opensim/ftp/install
lordsniefnase@sliplady:~$ sudo nano /etc/vsftpd.userlist
lordsniefnase@sliplady:~$
lordsniefnase@sliplady:~$
Zugang zum Server mit Filezilla für opensim mit SFTP SSH im LAN ready!
[attachment=17]