OpenWrt-based FTP server

This document describes how to build a simple FTP server on top of OpenWrt. We assume you already have a working OpenWrt installation and that you have configured basic networking (/etc/config/network) and the host’s name (/etc/config/system).

  1. Install the following packages:
  • zlib
  • libopenssl
  • vsftpd-tls
  • openssh-keygen
  • openssh-server
  • openssl-util
  1. Remove the dropbear package
  2. Take care to set the root password.
  3. Create the directory /home/ftp.
  4. Add a new user to the system, setting his home directory to /home/ftp and his shell to /bin/false.
  5. Set the new user’s password.
  6. Configure cleartext FTP: write the following to /etc/vsftpd.conf:
background=YES
listen=YES
anonymous_enable=YES
write_enable=NO
local_umask=022
check_shell=NO
local_root=/home/ftp
session_support=NO
  1. Configure ciphertext SFTP: write the following to /etc/ssh/sshd_config:
AuthorizedKeysFile   .ssh/authorized_keys
UsePrivilegeSeparation  sandbox
Subsystem               sftp internal-sftp

Match User *
        ChrootDirectory         %h
        AllowTCPForwarding      no
        X11Forwarding           no
        ForceCommand            internal-sftp