Overview

ftp is a file transfer protocol we use it if clients are wanting to get files or upload files to a server. Instead of giving them access to the entire server we give them access to a specific portion, that way our information is kept secure and private.



————————————————————————————————————

DIRECTIONS: AWS SETUP FTP


Find instance 


Right click on instance


Scroll down to Networking


Click on Change Security Groups settings


Scroll to FTP2 and assign the security group. (Scott and I created this is you want more information there is a video I think it is in part 1. Also all this is doing is allowing access through specific ftp ports)


Double check that FTP2 is located in the Security Groups section (below instance: next to view inbound rules etc… )



AWS SETUP SFTP

because sftp uses port (22) and not the ftp port we DON'T add the ftp2 security group to the instance,

instead we will need to whitelist the IP address(es) of the people who are needing access to the sftp inside our ssh security group settings. Then we will need to remove them after giving them a certain period of time of access to the site. 


———————————————————————————————-

DIRECTIONS: SERVER SETUP FTP INSTRUCTIONS


SSH into server

command: sudo su 

command cd /

command: apt install vsftpd

command: cd /etc

command: ls


command: vim vsftpd.conf

make sure that line

NOTE if client needs to write or upload files  (usually not the case):  make sure write_enable is not commented out on line 31 -- write_enable is what allows write access.

VIM command: /anonymous_enable


Make  sure this is set to NO


VIM command: esc and then enter shift g (it will bring you to the bottom of page)


VIM command: o (insert line below, O will insert line above)


VIM command: # added by seth w on <Todays DATE> (this comment helps other developers and yourself if you need to change something you can just search for your name)


ENTER this code at bottom of file: (make sure it is not commented out with # before it):

pasv_enable=YES

pasv_min_port=1024 

pasv_max_port=1048 

pasv_address=<Public IP of your instance> (TIP look at the top of your putty shell)

*do not include the <>

VIM command:   :wq 



command: service vsftpd status   (q to quit)

command: service vsftpd restart

command: service vsftpd status

NOTE: to see if this worked you should see a different time listed in the Active: active (running)



TO SET UP SFTP FOLLOW THESE INSTRUCTIONS:

To enable password for sftp:

vi /etc/ssh/sshd_config file and change to:

 PasswordAuthentication yes

then run this command to restart ssh so that it updates and the change is implemented.

command: service ssh restart




We don't need to give them access to all of the files in /var/www

instead just zip the files and put them in a directory

create an sftp user and give that user a password



This will change ownership for /var/www

command: cd /var/www


command: ls -al (to find out who is the owner - the first column is the owner the second is the group)


command: cd wordpress (or moodle if you are doing moodle)


command: passwd www-data


Generate a secure  password typing into google: password generator last pass

REMEMBER TO SAVE IT SOMEWHERE SAFE


Enter the password into the (note that it will not show up only enter it in once) 

Enter New UNIX password:

And then confirm password:


command: chsh www-data (or whatever name we are giving to the client as username for them to access sftp)


Then in login shell enter command: /bin/bash


In order to change privileges so that the user can read and write use the the command:

chmod -R 775 /var/www

or,

chmod -R 775 www-data:www-data /var/www


Trouble Shooting:

If for some reason its not working check to see if the IP address is still current, sometimes they are changed and this will stop the connection. Also, try changing the password and see if this fixes it.


--------------------------------------------------------------------------------------

Directions: Client Information / Testing 


SFTP is now ready for client 


note:

the ftp client will say that this server does not support ftp over TLS its ok just click ok.


you will need to give the client 4 things

1) Host: IP ADDRESS, for sftp we do sftp://IP_ADDRESS

2)Username: www-data

3) Password - remember to give them just the password link to privnote and not the password here.

4) Port 21 for ftp, port 22 for sftp


try this out in an ftp client (FileZilla) to make sure everything is working right.



-------------------------------------------------

ZIP


to zip up everything for the client and restrict access more securely


create a directory (that will hold all of the ftp zipped files for the client which are: database, core files and moodledata)

mkdir /home/<clientname>


 then we can zip  directory /var/moodledata 

zip -r moodledata.zip moodledata

Then we need to  do a database dump and zip this 


Then zip the core files found in /var/www/(site i.e. moodle, wordpress)



then move zipped files into this location:  /home/<clientname>

create a user and password 

give to client