OpenWrt-based FTP server

This document describes how to build a simple FTP server on top of OpenWrt. We assume you already have a working OpenWrt installation and that you have configured basic networking (/etc/config/network) and the host’s name (/etc/config/system).

  1. Install the following packages:
  • zlib
  • libopenssl
  • vsftpd-tls
  • openssh-keygen
  • openssh-server
  • openssl-util
  1. Remove the dropbear package
  2. Take care to set the root password.
  3. Create the directory /home/ftp.
  4. Add a new user to the system, setting his home directory to /home/ftp and his shell to /bin/false.
  5. Set the new user’s password.
  6. Configure cleartext FTP: write the following to /etc/vsftpd.conf:
background=YES
listen=YES
anonymous_enable=YES
write_enable=NO
local_umask=022
check_shell=NO
local_root=/home/ftp
session_support=NO
  1. Configure ciphertext SFTP: write the following to /etc/ssh/sshd_config:
AuthorizedKeysFile	.ssh/authorized_keys
UsePrivilegeSeparation	sandbox
Subsystem		sftp internal-sftp

Match User *
	ChrootDirectory 	%h
	AllowTCPForwarding 	no
	X11Forwarding		no
	ForceCommand		internal-sftp
Assistant Professor

My research interests include free and open source software, system security, and network security.