D\u00e9ployer un serveur FTPS (vsftpd) \u2014 Debian (acc\u00e8s IP restreint & utilisateur tom)<\/title>\r\n<style>\r\n:root{\r\n --bg:#0b1220; --panel:#0f1520; --panel-2:#121826; --border:#222b3a; --text:#e8edf6; --muted:#9fb0c7; --accent:#60a5fa;\r\n}\r\n*{box-sizing:border-box}\r\nbody{margin:0;background:#0b1220;color:var(--text);font:16px\/1.6 ui-sans-serif,system-ui,-apple-system,Segoe UI,Roboto,Ubuntu,\"Helvetica Neue\",\"Noto Sans\",Arial}\r\nmain{max-width:980px;margin:0 auto;padding:24px}\r\nheader{margin:0 0 18px}\r\nh1{font-size:clamp(1.6rem,2.5vw,2rem);margin:0 0 4px}\r\n.subtitle{color:var(--muted);margin:0 0 18px}\r\n.toc{background:var(--panel);border:1px solid var(--border);border-radius:14px;padding:12px 16px;margin:18px 0}\r\n.toc a{color:var(--accent);text-decoration:none}\r\nsection{background:var(--panel);border:1px solid var(--border);border-radius:16px;padding:18px;margin:18px 0;scroll-margin-top:90px}\r\nsection h2{margin:0 0 6px;font-size:1.25rem}\r\n.badge{display:inline-block;padding:2px 8px;border:1px solid var(--border);border-radius:999px;background:var(--panel-2);color:var(--muted);font:600 12px\/1 ui-sans-serif;margin-left:6px}\r\n.note,.warn,.tip{border-left:4px solid;border-radius:10px;background:rgba(255,255,255,0.02);padding:10px 12px;margin:12px 0}\r\n.note{border-color:#7dd3fc}\r\n.warn{border-color:#fca5a5}\r\n.tip{border-color:#86efac}\r\nkbd{background:#111827;border:1px solid #374151;border-bottom-width:2px;border-radius:6px;padding:2px 6px;font:600 12px ui-monospace}\r\nul.check{list-style:none;padding-left:0}\r\nul.check li{margin:8px 0;padding-left:28px;position:relative}\r\nul.check li:before{content:\"\u2714\";position:absolute;left:0;top:0;color:#22c55e}\r\n.small{color:var(--muted);font-size:.95em}\r\n\r\n\/* Code blocks with \u201cCopy\u201d button *\/\r\n.code-wrap{position:relative;margin:14px 0;border:1px solid #333;border-radius:12px;background:#0f1520;box-shadow:0 2px 10px rgba(0,0,0,.25);overflow:hidden}\r\n.code-head{display:flex;justify-content:space-between;align-items:center;background:#121826;color:#cbd5e1;padding:8px 12px;font:600 13px\/1.4 ui-sans-serif,system-ui}\r\n.copy-btn{all:unset;cursor:pointer;border:1px solid #3b4556;border-radius:8px;padding:4px 10px;font:600 12px ui-sans-serif;background:#0b1220;color:#dbe6ff}\r\n.copy-btn:hover{background:#0e172a}\r\n.code-pre{margin:0;padding:12px 14px;overflow:auto;font:500 13px\/1.55 ui-monospace, SFMono-Regular, Menlo, Consolas, \"Liberation Mono\", monospace;white-space:pre}\r\na.btn{display:inline-block;padding:8px 12px;border:1px solid var(--border);border-radius:10px;background:var(--panel-2);color:var(--text);text-decoration:none}\r\na.btn:hover{background:#0e172a}\r\nfooter{margin:28px 0 10px;color:var(--muted);text-align:center}\r\n<\/style>\r\n<\/head>\r\n<body>\r\n<main>\r\n <header>\r\n <h1>Serveur <strong>FTPS<\/strong> (vsftpd) sur Debian \u2014 Acc\u00e8s limit\u00e9 \u00e0 une IP & utilisateur <code>tom<\/code><\/h1>\r\n <p class=\"subtitle\">Proc\u00e9dure pas-\u00e0-pas : installation, TLS, confinement (chroot), liste blanche utilisateur, pare-feu (UFW), et tests WinSCP & FileZilla.<\/p>\r\n <div class=\"toc\">\r\n <strong>Sommaire<\/strong>\r\n <ol>\r\n <li><a href=\"#prerequis\">Pr\u00e9requis<\/a><\/li>\r\n <li><a href=\"#install\">Installation des paquets<\/a><\/li>\r\n <li><a href=\"#user\">Cr\u00e9ation de l\u2019utilisateur <code>tom<\/code> & arborescence<\/a><\/li>\r\n <li><a href=\"#tls\">Certificat TLS (auto-sign\u00e9)<\/a><\/li>\r\n <li><a href=\"#config\">Configuration de <code>\/etc\/vsftpd.conf<\/code><\/a><\/li>\r\n <li><a href=\"#whitelist\">Limiter l\u2019acc\u00e8s \u00e0 l\u2019unique compte <code>tom<\/code><\/a><\/li>\r\n <li><a href=\"#firewall\">Pare-feu : autoriser seulement <IP_AUTORISEE><\/a><\/li>\r\n <li><a href=\"#nat\">NAT & mode passif<\/a><\/li>\r\n <li><a href=\"#tests\">Tests : WinSCP & FileZilla<\/a><\/li>\r\n <li><a href=\"#verif\">V\u00e9rifications & d\u00e9pannage<\/a><\/li>\r\n <li><a href=\"#securite\">R\u00e9sum\u00e9 s\u00e9curit\u00e9<\/a><\/li>\r\n <\/ol>\r\n <\/div>\r\n <p class=\"note\"><strong>Variables \u00e0 remplacer<\/strong> : <code><IP_AUTORISEE><\/code> (poste autoris\u00e9), <code><IP_SERVEUR><\/code> (IP du serveur Debian), <code><IP_PUBLIQUE_SERVEUR><\/code> (si derri\u00e8re NAT).<\/p>\r\n <\/header>\r\n\r\n <section id=\"prerequis\">\r\n <h2>1) Pr\u00e9requis <span class=\"badge\">Debian 12\/13<\/span><\/h2>\r\n <ul>\r\n <li>Un serveur Debian avec droits <kbd>sudo<\/kbd> ou acc\u00e8s <kbd>root<\/kbd>.<\/li>\r\n <li>Nom d\u2019utilisateur souhait\u00e9 : <strong>tom<\/strong>.<\/li>\r\n <li>Adresse IP cliente autoris\u00e9e : <code><IP_AUTORISEE><\/code>.<\/li>\r\n <li>Ports sortants ouverts c\u00f4t\u00e9 client, et forwards corrects si NAT c\u00f4t\u00e9 serveur.<\/li>\r\n <\/ul>\r\n <\/section>\r\n\r\n <section id=\"install\">\r\n <h2>2) Installation des paquets<\/h2>\r\n <div class=\"code-wrap\">\r\n <div class=\"code-head\">Shell \u2014 root ou sudo <button class=\"copy-btn\" data-copy-target=\"#c1\">Copier<\/button><\/div>\r\n <pre id=\"c1\" class=\"code-pre\">sudo apt update && sudo apt -y upgrade\r\nsudo apt -y install vsftpd openssl ufw<\/pre>\r\n <\/div>\r\n <\/section>\r\n\r\n <section id=\"user\">\r\n <h2>3) Cr\u00e9er l\u2019utilisateur <code>tom<\/code> & pr\u00e9parer son arborescence FTPS<\/h2>\r\n <p>Le dossier racine visible en FTPS sera <code>\/home\/tom\/ftp<\/code>, non-modifiable, avec un sous-dossier <code>upload\/<\/code> pour \u00e9crire.<\/p>\r\n <div class=\"code-wrap\">\r\n <div class=\"code-head\">Shell <button class=\"copy-btn\" data-copy-target=\"#c2\">Copier<\/button><\/div>\r\n <pre id=\"c2\" class=\"code-pre\">sudo adduser tom\r\nsudo mkdir -p \/home\/tom\/ftp\/upload\r\nsudo chown -R tom:tom \/home\/tom\/ftp\r\nsudo chmod 550 \/home\/tom\/ftp\r\nsudo chmod 750 \/home\/tom\/ftp\/upload<\/pre>\r\n <\/div>\r\n <p class=\"tip\"><strong>Pourquoi ces droits ?<\/strong> vsftpd refuse un <em>chroot<\/em> si le r\u00e9pertoire racine est modifiable par l\u2019utilisateur. <code>chmod 550<\/code> sur <code>\/home\/tom\/ftp<\/code> corrige cela.<\/p>\r\n <\/section>\r\n\r\n <section id=\"tls\">\r\n <h2>4) G\u00e9n\u00e9rer un certificat TLS (auto-sign\u00e9)<\/h2>\r\n <p>Pour la production, privil\u00e9gie Let\u2019s Encrypt. Ici on cr\u00e9e un certificat unique cl\u00e9+cert :<\/p>\r\n <div class=\"code-wrap\">\r\n <div class=\"code-head\">Shell <button class=\"copy-btn\" data-copy-target=\"#c3\">Copier<\/button><\/div>\r\n <pre id=\"c3\" class=\"code-pre\">sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 \\\r\n -keyout \/etc\/ssl\/private\/vsftpd.pem \\\r\n -out \/etc\/ssl\/private\/vsftpd.pem \\\r\n -subj \"\/C=CA\/ST=QC\/L=Montreal\/O=FTPS\/OU=IT\/CN=$(hostname -f)\"\r\nsudo chmod 600 \/etc\/ssl\/private\/vsftpd.pem<\/pre>\r\n <\/div>\r\n <\/section>\r\n\r\n <section id=\"config\">\r\n <h2>5) Configurer <code>vsftpd<\/code> pour FTPS (TLS explicite) + confinement<\/h2>\r\n <div class=\"code-wrap\">\r\n <div class=\"code-head\">Sauvegarde du fichier d\u2019origine <button class=\"copy-btn\" data-copy-target=\"#c4\">Copier<\/button><\/div>\r\n <pre id=\"c4\" class=\"code-pre\">sudo cp \/etc\/vsftpd.conf \/etc\/vsftpd.conf.backup<\/pre>\r\n <\/div>\r\n <p>Remplace le contenu de <code>\/etc\/vsftpd.conf<\/code> par :<\/p>\r\n <div class=\"code-wrap\">\r\n <div class=\"code-head\">\/etc\/vsftpd.conf <button class=\"copy-btn\" data-copy-target=\"#c5\">Copier<\/button><\/div>\r\n <pre id=\"c5\" class=\"code-pre\">listen=YES\r\nlisten_ipv6=NO\r\n\r\n# Acc\u00e8s & droits\r\nanonymous_enable=NO\r\nlocal_enable=YES\r\nwrite_enable=YES\r\n\r\n# Enfermement des utilisateurs locaux dans leur HOME\r\nchroot_local_user=YES\r\n\r\n# Racine FTP des utilisateurs (ici tom) : \/home\/<user>\/ftp\r\nuser_sub_token=$USER\r\nlocal_root=\/home\/$USER\/ftp\r\n\r\n# Restreindre aux utilisateurs list\u00e9s (whitelist)\r\nuserlist_enable=YES\r\nuserlist_file=\/etc\/vsftpd.userlist\r\nuserlist_deny=NO\r\n\r\n# FTPS (FTP explicite via AUTH TLS) \u2014 on force TLS pour login & donn\u00e9es\r\nssl_enable=YES\r\nrequire_ssl_reuse=NO\r\nforce_local_logins_ssl=YES\r\nforce_local_data_ssl=YES\r\nrsa_cert_file=\/etc\/ssl\/private\/vsftpd.pem\r\n\r\n# Protocoles TLS recommand\u00e9s\r\nssl_sslv2=NO\r\nssl_sslv3=NO\r\nssl_tlsv1=NO\r\nssl_tlsv1_1=NO\r\nssl_tlsv1_2=YES\r\nssl_tlsv1_3=YES\r\n\r\n# Mode passif (n\u00e9cessaire derri\u00e8re NAT\/pare-feu)\r\npasv_enable=YES\r\npasv_min_port=40000\r\npasv_max_port=40100\r\n# Si le serveur est derri\u00e8re un NAT, d\u00e9commente et renseigne l'IP publique :\r\n# pasv_address=<IP_PUBLIQUE_SERVEUR>\r\n\r\n# Banni\u00e8re (optionnel)\r\nftpd_banner=Bienvenue sur le serveur FTPS.<\/pre>\r\n <\/div>\r\n <div class=\"code-wrap\">\r\n <div class=\"code-head\">Appliquer la configuration <button class=\"copy-btn\" data-copy-target=\"#c6\">Copier<\/button><\/div>\r\n <pre id=\"c6\" class=\"code-pre\">sudo systemctl restart vsftpd\r\nsudo systemctl enable vsftpd<\/pre>\r\n <\/div>\r\n <\/section>\r\n\r\n <section id=\"whitelist\">\r\n <h2>6) Limiter l\u2019acc\u00e8s \u00e0 l\u2019unique compte <code>tom<\/code> (liste blanche)<\/h2>\r\n <p>Avec <code>userlist_deny=NO<\/code>, seuls les utilisateurs list\u00e9s dans <code>\/etc\/vsftpd.userlist<\/code> peuvent se connecter.<\/p>\r\n <div class=\"code-wrap\">\r\n <div class=\"code-head\">Shell <button class=\"copy-btn\" data-copy-target=\"#c7\">Copier<\/button><\/div>\r\n <pre id=\"c7\" class=\"code-pre\">echo \"tom\" | sudo tee \/etc\/vsftpd.userlist<\/pre>\r\n <\/div>\r\n <\/section>\r\n\r\n <section id=\"firewall\">\r\n <h2>7) Pare-feu : autoriser uniquement <code><IP_AUTORISEE><\/code><\/h2>\r\n <p>On autorise le port de contr\u00f4le <code>21\/tcp<\/code> et la plage passive <code>40000\u201340100\/tcp<\/code> pour la seule IP cliente autoris\u00e9e.<\/p>\r\n <div class=\"code-wrap\">\r\n <div class=\"code-head\">UFW (recommand\u00e9) <button class=\"copy-btn\" data-copy-target=\"#c8\">Copier<\/button><\/div>\r\n <pre id=\"c8\" class=\"code-pre\">sudo ufw allow from <IP_AUTORISEE> to any port 21 proto tcp\r\nsudo ufw allow from <IP_AUTORISEE> to any port 40000:40100 proto tcp\r\nsudo ufw default deny incoming\r\nsudo ufw enable\r\nsudo ufw status verbose<\/pre>\r\n <\/div>\r\n <p class=\"small\">Alternative si tu utilises iptables (\u00e0 adapter\/persister selon ta stack) :<\/p>\r\n <div class=\"code-wrap\">\r\n <div class=\"code-head\">iptables (exemple) <button class=\"copy-btn\" data-copy-target=\"#c9\">Copier<\/button><\/div>\r\n <pre id=\"c9\" class=\"code-pre\">sudo iptables -A INPUT -p tcp -s <IP_AUTORISEE> --dport 21 -j ACCEPT\r\nsudo iptables -A INPUT -p tcp -s <IP_AUTORISEE> --dport 40000:40100 -j ACCEPT\r\nsudo iptables -A INPUT -p tcp --dport 21 -j DROP\r\nsudo iptables -A INPUT -p tcp --dport 40000:40100 -j DROP<\/pre>\r\n <\/div>\r\n <\/section>\r\n\r\n <section id=\"nat\">\r\n <h2>8) Si le serveur est derri\u00e8re un NAT<\/h2>\r\n <ul>\r\n <li>Ouvre\/forwarde vers le serveur <strong>21\/tcp<\/strong> et <strong>40000\u201340100\/tcp<\/strong>.<\/li>\r\n <li>Renseigne <code>pasv_address=<IP_PUBLIQUE_SERVEUR><\/code> dans <code>\/etc\/vsftpd.conf<\/code>.<\/li>\r\n <li>Red\u00e9marre : <kbd>systemctl restart vsftpd<\/kbd>.<\/li>\r\n <\/ul>\r\n <\/section>\r\n\r\n <section id=\"tests\">\r\n <h2>9) Tests \u2014 <strong>WinSCP<\/strong> & <strong>FileZilla<\/strong><\/h2>\r\n\r\n <h3>Test avec WinSCP (Windows)<\/h3>\r\n <ol>\r\n <li>T\u00e9l\u00e9charge et installe depuis <a class=\"btn\" href=\"https:\/\/winscp.net\/\" target=\"_blank\" rel=\"noopener\">winscp.net<\/a>.<\/li>\r\n <li>Nouvelle session :\r\n <ul>\r\n <li><strong>Protocole<\/strong> : FTP<\/li>\r\n <li><strong>Chiffrement<\/strong> : FTP explicite sur TLS\/SSL<\/li>\r\n <li><strong>H\u00f4te<\/strong> : <code><IP_SERVEUR><\/code>, <strong>Port<\/strong> : 21<\/li>\r\n <li><strong>Utilisateur<\/strong> : <code>tom<\/code>, <strong>Mot de passe<\/strong> : (celui cr\u00e9\u00e9)<\/li>\r\n <\/ul>\r\n <\/li>\r\n <li>Accepte le certificat TLS (auto-sign\u00e9) au premier essai.<\/li>\r\n <li>V\u00e9rifie :\r\n <ul class=\"check\">\r\n <li>Acc\u00e8s au r\u00e9pertoire <code>\/home\/tom\/ftp<\/code>.<\/li>\r\n <li>Upload possible dans <code>\/home\/tom\/ftp\/upload<\/code>.<\/li>\r\n <li>Impossible de remonter au-dessus du <code>chroot<\/code>.<\/li>\r\n <\/ul>\r\n <\/li>\r\n <\/ol>\r\n\r\n <h3>Test avec FileZilla (Windows\/Linux\/macOS)<\/h3>\r\n <ol>\r\n <li>Installe depuis <a class=\"btn\" href=\"https:\/\/filezilla-project.org\/\" target=\"_blank\" rel=\"noopener\">filezilla-project.org<\/a>.<\/li>\r\n <li>Gestionnaire de sites \u2192 Nouveau site :\r\n <ul>\r\n <li><strong>Protocole<\/strong> : FTP<\/li>\r\n <li><strong>Chiffrement<\/strong> : Utiliser FTP explicite sur TLS si disponible<\/li>\r\n <li><strong>H\u00f4te<\/strong> : <code><IP_SERVEUR><\/code>, <strong>Port<\/strong> : 21<\/li>\r\n <li><strong>Type d\u2019authentification<\/strong> : Normale<\/li>\r\n <li><strong>Utilisateur<\/strong> : <code>tom<\/code>, <strong>Mot de passe<\/strong> : (celui cr\u00e9\u00e9)<\/li>\r\n <\/ul>\r\n <\/li>\r\n <li>Accepte l\u2019avertissement du certificat TLS.<\/li>\r\n <li>V\u00e9rifie les m\u00eames points que pour WinSCP.<\/li>\r\n <\/ol>\r\n\r\n <div class=\"code-wrap\">\r\n <div class=\"code-head\">Test rapide en ligne de commande (curl) \u2014 FTPS explicite <button class=\"copy-btn\" data-copy-target=\"#c10\">Copier<\/button><\/div>\r\n <pre id=\"c10\" class=\"code-pre\">curl -v --ssl --ftp-ssl --user tom ftp:\/\/<IP_SERVEUR>\/<\/pre>\r\n <\/div>\r\n <\/section>\r\n\r\n <section id=\"verif\">\r\n <h2>10) V\u00e9rifications & D\u00e9pannage<\/h2>\r\n <div class=\"code-wrap\">\r\n <div class=\"code-head\">Statut du service <button class=\"copy-btn\" data-copy-target=\"#c11\">Copier<\/button><\/div>\r\n <pre id=\"c11\" class=\"code-pre\">systemctl status vsftpd<\/pre>\r\n <\/div>\r\n <div class=\"code-wrap\">\r\n <div class=\"code-head\">Logs utiles <button class=\"copy-btn\" data-copy-target=\"#c12\">Copier<\/button><\/div>\r\n <pre id=\"c12\" class=\"code-pre\">sudo journalctl -u vsftpd -e\r\nsudo tail -f \/var\/log\/auth.log<\/pre>\r\n <\/div>\r\n <ul>\r\n <li><strong>\u00c9checs TLS \u00ab reuse \u00bb<\/strong> : <code>require_ssl_reuse=NO<\/code> est d\u00e9j\u00e0 configur\u00e9.<\/li>\r\n <li><strong>Connexion bloqu\u00e9e<\/strong> : v\u00e9rifie UFW\/iptables (seule <code><IP_AUTORISEE><\/code> doit passer).<\/li>\r\n <li><strong>Transferts qui stagnent<\/strong> : ports passifs ouverts (pare-feu) + <code>pasv_address<\/code> si NAT.<\/li>\r\n <li><strong>Erreur chroot<\/strong> : assure-toi que <code>\/home\/tom\/ftp<\/code> <em>n\u2019est pas<\/em> modifiable par tom (chmod 550).<\/li>\r\n <\/ul>\r\n <\/section>\r\n\r\n <section id=\"securite\">\r\n <h2>11) R\u00e9sum\u00e9 s\u00e9curit\u00e9<\/h2>\r\n <ul class=\"check\">\r\n <li>FTP en clair d\u00e9sactiv\u00e9 \u2014 <strong>TLS obligatoire<\/strong> pour login & donn\u00e9es.<\/li>\r\n <li><strong>Liste blanche<\/strong> : seul l\u2019utilisateur <code>tom<\/code> est autoris\u00e9.<\/li>\r\n <li><strong>Confinement<\/strong> : <code>chroot_local_user=YES<\/code>.<\/li>\r\n <li><strong>Pare-feu restrictif<\/strong> : acc\u00e8s depuis <code><IP_AUTORISEE><\/code> uniquement.<\/li>\r\n <li><strong>Ports passifs born\u00e9s<\/strong> et document\u00e9s (40000\u201340100\/TCP).<\/li>\r\n <li><strong>Certificat TLS<\/strong> d\u00e9di\u00e9 (Let\u2019s Encrypt recommand\u00e9 en prod).<\/li>\r\n <\/ul>\r\n <\/section>\r\n\r\n <footer>\r\n <p>\u00a9 2025 \u2014 Proc\u00e9dure FTPS (vsftpd) Debian \u2014 Acc\u00e8s IP restreint & utilisateur <code>tom<\/code>.<\/p>\r\n <\/footer>\r\n<\/main>\r\n\r\n<script>\r\nfunction copyFrom(selector, btn){\r\n const el = document.querySelector(selector);\r\n if(!el) return;\r\n const text = el.innerText;\r\n navigator.clipboard.writeText(text).then(()=>{\r\n const old = btn.textContent;\r\n btn.textContent = \"Copi\u00e9 \u2713\";\r\n btn.disabled = true;\r\n setTimeout(()=>{btn.textContent = \"Copier\"; btn.disabled = false;}, 1500);\r\n });\r\n}\r\ndocument.querySelectorAll(\".copy-btn\").forEach(btn=>{\r\n const target = btn.getAttribute(\"data-copy-target\");\r\n btn.addEventListener(\"click\", ()=>copyFrom(target, btn));\r\n});\r\n<\/script>\r\n<\/body>\r\n<\/html>\r\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>D\u00e9ployer un serveur FTPS (vsftpd) \u2014 Debian (acc\u00e8s IP restreint & utilisateur tom) Serveur FTPS (vsftpd) sur Debian \u2014 Acc\u00e8s limit\u00e9 \u00e0 une IP & utilisateur tom Proc\u00e9dure pas-\u00e0-pas :…<\/p>\n","protected":false},"author":1,"featured_media":310,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8],"tags":[],"class_list":["post-302","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-linux"],"_links":{"self":[{"href":"https:\/\/info.kpuc.dev\/index.php\/wp-json\/wp\/v2\/posts\/302","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/info.kpuc.dev\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/info.kpuc.dev\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/info.kpuc.dev\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/info.kpuc.dev\/index.php\/wp-json\/wp\/v2\/comments?post=302"}],"version-history":[{"count":7,"href":"https:\/\/info.kpuc.dev\/index.php\/wp-json\/wp\/v2\/posts\/302\/revisions"}],"predecessor-version":[{"id":313,"href":"https:\/\/info.kpuc.dev\/index.php\/wp-json\/wp\/v2\/posts\/302\/revisions\/313"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/info.kpuc.dev\/index.php\/wp-json\/wp\/v2\/media\/310"}],"wp:attachment":[{"href":"https:\/\/info.kpuc.dev\/index.php\/wp-json\/wp\/v2\/media?parent=302"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/info.kpuc.dev\/index.php\/wp-json\/wp\/v2\/categories?post=302"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/info.kpuc.dev\/index.php\/wp-json\/wp\/v2\/tags?post=302"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

\n\t\t\t\t

\n\t\t\t\t\t

\n\t\t\t\t

\n\t\t\t\t\t\r\n\r\n\r\n\r\n\r\nD\u00e9ployer un serveur FTPS (vsftpd) \u2014 Debian (acc\u00e8s IP restreint & utilisateur tom)<\/title>\r\n<style>\r\n:root{\r\n --bg:#0b1220; --panel:#0f1520; --panel-2:#121826; --border:#222b3a; --text:#e8edf6; --muted:#9fb0c7; --accent:#60a5fa;\r\n}\r\n*{box-sizing:border-box}\r\nbody{margin:0;background:#0b1220;color:var(--text);font:16px\/1.6 ui-sans-serif,system-ui,-apple-system,Segoe UI,Roboto,Ubuntu,\"Helvetica Neue\",\"Noto Sans\",Arial}\r\nmain{max-width:980px;margin:0 auto;padding:24px}\r\nheader{margin:0 0 18px}\r\nh1{font-size:clamp(1.6rem,2.5vw,2rem);margin:0 0 4px}\r\n.subtitle{color:var(--muted);margin:0 0 18px}\r\n.toc{background:var(--panel);border:1px solid var(--border);border-radius:14px;padding:12px 16px;margin:18px 0}\r\n.toc a{color:var(--accent);text-decoration:none}\r\nsection{background:var(--panel);border:1px solid var(--border);border-radius:16px;padding:18px;margin:18px 0;scroll-margin-top:90px}\r\nsection h2{margin:0 0 6px;font-size:1.25rem}\r\n.badge{display:inline-block;padding:2px 8px;border:1px solid var(--border);border-radius:999px;background:var(--panel-2);color:var(--muted);font:600 12px\/1 ui-sans-serif;margin-left:6px}\r\n.note,.warn,.tip{border-left:4px solid;border-radius:10px;background:rgba(255,255,255,0.02);padding:10px 12px;margin:12px 0}\r\n.note{border-color:#7dd3fc}\r\n.warn{border-color:#fca5a5}\r\n.tip{border-color:#86efac}\r\nkbd{background:#111827;border:1px solid #374151;border-bottom-width:2px;border-radius:6px;padding:2px 6px;font:600 12px ui-monospace}\r\nul.check{list-style:none;padding-left:0}\r\nul.check li{margin:8px 0;padding-left:28px;position:relative}\r\nul.check li:before{content:\"\u2714\";position:absolute;left:0;top:0;color:#22c55e}\r\n.small{color:var(--muted);font-size:.95em}\r\n\r\n\/* Code blocks with \u201cCopy\u201d button *\/\r\n.code-wrap{position:relative;margin:14px 0;border:1px solid #333;border-radius:12px;background:#0f1520;box-shadow:0 2px 10px rgba(0,0,0,.25);overflow:hidden}\r\n.code-head{display:flex;justify-content:space-between;align-items:center;background:#121826;color:#cbd5e1;padding:8px 12px;font:600 13px\/1.4 ui-sans-serif,system-ui}\r\n.copy-btn{all:unset;cursor:pointer;border:1px solid #3b4556;border-radius:8px;padding:4px 10px;font:600 12px ui-sans-serif;background:#0b1220;color:#dbe6ff}\r\n.copy-btn:hover{background:#0e172a}\r\n.code-pre{margin:0;padding:12px 14px;overflow:auto;font:500 13px\/1.55 ui-monospace, SFMono-Regular, Menlo, Consolas, \"Liberation Mono\", monospace;white-space:pre}\r\na.btn{display:inline-block;padding:8px 12px;border:1px solid var(--border);border-radius:10px;background:var(--panel-2);color:var(--text);text-decoration:none}\r\na.btn:hover{background:#0e172a}\r\nfooter{margin:28px 0 10px;color:var(--muted);text-align:center}\r\n<\/style>\r\n<\/head>\r\n<body>\r\n<main>\r\n <header>\r\n <h1>Serveur <strong>FTPS<\/strong> (vsftpd) sur Debian \u2014 Acc\u00e8s limit\u00e9 \u00e0 une IP & utilisateur <code>tom<\/code><\/h1>\r\n <p class=\"subtitle\">Proc\u00e9dure pas-\u00e0-pas : installation, TLS, confinement (chroot), liste blanche utilisateur, pare-feu (UFW), et tests WinSCP & FileZilla.<\/p>\r\n <div class=\"toc\">\r\n <strong>Sommaire<\/strong>\r\n <ol>\r\n <li><a href=\"#prerequis\">Pr\u00e9requis<\/a><\/li>\r\n <li><a href=\"#install\">Installation des paquets<\/a><\/li>\r\n <li><a href=\"#user\">Cr\u00e9ation de l\u2019utilisateur <code>tom<\/code> & arborescence<\/a><\/li>\r\n <li><a href=\"#tls\">Certificat TLS (auto-sign\u00e9)<\/a><\/li>\r\n <li><a href=\"#config\">Configuration de <code>\/etc\/vsftpd.conf<\/code><\/a><\/li>\r\n <li><a href=\"#whitelist\">Limiter l\u2019acc\u00e8s \u00e0 l\u2019unique compte <code>tom<\/code><\/a><\/li>\r\n <li><a href=\"#firewall\">Pare-feu : autoriser seulement <IP_AUTORISEE><\/a><\/li>\r\n <li><a href=\"#nat\">NAT & mode passif<\/a><\/li>\r\n <li><a href=\"#tests\">Tests : WinSCP & FileZilla<\/a><\/li>\r\n <li><a href=\"#verif\">V\u00e9rifications & d\u00e9pannage<\/a><\/li>\r\n <li><a href=\"#securite\">R\u00e9sum\u00e9 s\u00e9curit\u00e9<\/a><\/li>\r\n <\/ol>\r\n <\/div>\r\n <p class=\"note\"><strong>Variables \u00e0 remplacer<\/strong> : <code><IP_AUTORISEE><\/code> (poste autoris\u00e9), <code><IP_SERVEUR><\/code> (IP du serveur Debian), <code><IP_PUBLIQUE_SERVEUR><\/code> (si derri\u00e8re NAT).<\/p>\r\n <\/header>\r\n\r\n <section id=\"prerequis\">\r\n <h2>1) Pr\u00e9requis <span class=\"badge\">Debian 12\/13<\/span><\/h2>\r\n <ul>\r\n <li>Un serveur Debian avec droits <kbd>sudo<\/kbd> ou acc\u00e8s <kbd>root<\/kbd>.<\/li>\r\n <li>Nom d\u2019utilisateur souhait\u00e9 : <strong>tom<\/strong>.<\/li>\r\n <li>Adresse IP cliente autoris\u00e9e : <code><IP_AUTORISEE><\/code>.<\/li>\r\n <li>Ports sortants ouverts c\u00f4t\u00e9 client, et forwards corrects si NAT c\u00f4t\u00e9 serveur.<\/li>\r\n <\/ul>\r\n <\/section>\r\n\r\n <section id=\"install\">\r\n <h2>2) Installation des paquets<\/h2>\r\n <div class=\"code-wrap\">\r\n <div class=\"code-head\">Shell \u2014 root ou sudo <button class=\"copy-btn\" data-copy-target=\"#c1\">Copier<\/button><\/div>\r\n <pre id=\"c1\" class=\"code-pre\">sudo apt update && sudo apt -y upgrade\r\nsudo apt -y install vsftpd openssl ufw<\/pre>\r\n <\/div>\r\n <\/section>\r\n\r\n <section id=\"user\">\r\n <h2>3) Cr\u00e9er l\u2019utilisateur <code>tom<\/code> & pr\u00e9parer son arborescence FTPS<\/h2>\r\n <p>Le dossier racine visible en FTPS sera <code>\/home\/tom\/ftp<\/code>, non-modifiable, avec un sous-dossier <code>upload\/<\/code> pour \u00e9crire.<\/p>\r\n <div class=\"code-wrap\">\r\n <div class=\"code-head\">Shell <button class=\"copy-btn\" data-copy-target=\"#c2\">Copier<\/button><\/div>\r\n <pre id=\"c2\" class=\"code-pre\">sudo adduser tom\r\nsudo mkdir -p \/home\/tom\/ftp\/upload\r\nsudo chown -R tom:tom \/home\/tom\/ftp\r\nsudo chmod 550 \/home\/tom\/ftp\r\nsudo chmod 750 \/home\/tom\/ftp\/upload<\/pre>\r\n <\/div>\r\n <p class=\"tip\"><strong>Pourquoi ces droits ?<\/strong> vsftpd refuse un <em>chroot<\/em> si le r\u00e9pertoire racine est modifiable par l\u2019utilisateur. <code>chmod 550<\/code> sur <code>\/home\/tom\/ftp<\/code> corrige cela.<\/p>\r\n <\/section>\r\n\r\n <section id=\"tls\">\r\n <h2>4) G\u00e9n\u00e9rer un certificat TLS (auto-sign\u00e9)<\/h2>\r\n <p>Pour la production, privil\u00e9gie Let\u2019s Encrypt. Ici on cr\u00e9e un certificat unique cl\u00e9+cert :<\/p>\r\n <div class=\"code-wrap\">\r\n <div class=\"code-head\">Shell <button class=\"copy-btn\" data-copy-target=\"#c3\">Copier<\/button><\/div>\r\n <pre id=\"c3\" class=\"code-pre\">sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 \\\r\n -keyout \/etc\/ssl\/private\/vsftpd.pem \\\r\n -out \/etc\/ssl\/private\/vsftpd.pem \\\r\n -subj \"\/C=CA\/ST=QC\/L=Montreal\/O=FTPS\/OU=IT\/CN=$(hostname -f)\"\r\nsudo chmod 600 \/etc\/ssl\/private\/vsftpd.pem<\/pre>\r\n <\/div>\r\n <\/section>\r\n\r\n <section id=\"config\">\r\n <h2>5) Configurer <code>vsftpd<\/code> pour FTPS (TLS explicite) + confinement<\/h2>\r\n <div class=\"code-wrap\">\r\n <div class=\"code-head\">Sauvegarde du fichier d\u2019origine <button class=\"copy-btn\" data-copy-target=\"#c4\">Copier<\/button><\/div>\r\n <pre id=\"c4\" class=\"code-pre\">sudo cp \/etc\/vsftpd.conf \/etc\/vsftpd.conf.backup<\/pre>\r\n <\/div>\r\n <p>Remplace le contenu de <code>\/etc\/vsftpd.conf<\/code> par :<\/p>\r\n <div class=\"code-wrap\">\r\n <div class=\"code-head\">\/etc\/vsftpd.conf <button class=\"copy-btn\" data-copy-target=\"#c5\">Copier<\/button><\/div>\r\n <pre id=\"c5\" class=\"code-pre\">listen=YES\r\nlisten_ipv6=NO\r\n\r\n# Acc\u00e8s & droits\r\nanonymous_enable=NO\r\nlocal_enable=YES\r\nwrite_enable=YES\r\n\r\n# Enfermement des utilisateurs locaux dans leur HOME\r\nchroot_local_user=YES\r\n\r\n# Racine FTP des utilisateurs (ici tom) : \/home\/<user>\/ftp\r\nuser_sub_token=$USER\r\nlocal_root=\/home\/$USER\/ftp\r\n\r\n# Restreindre aux utilisateurs list\u00e9s (whitelist)\r\nuserlist_enable=YES\r\nuserlist_file=\/etc\/vsftpd.userlist\r\nuserlist_deny=NO\r\n\r\n# FTPS (FTP explicite via AUTH TLS) \u2014 on force TLS pour login & donn\u00e9es\r\nssl_enable=YES\r\nrequire_ssl_reuse=NO\r\nforce_local_logins_ssl=YES\r\nforce_local_data_ssl=YES\r\nrsa_cert_file=\/etc\/ssl\/private\/vsftpd.pem\r\n\r\n# Protocoles TLS recommand\u00e9s\r\nssl_sslv2=NO\r\nssl_sslv3=NO\r\nssl_tlsv1=NO\r\nssl_tlsv1_1=NO\r\nssl_tlsv1_2=YES\r\nssl_tlsv1_3=YES\r\n\r\n# Mode passif (n\u00e9cessaire derri\u00e8re NAT\/pare-feu)\r\npasv_enable=YES\r\npasv_min_port=40000\r\npasv_max_port=40100\r\n# Si le serveur est derri\u00e8re un NAT, d\u00e9commente et renseigne l'IP publique :\r\n# pasv_address=<IP_PUBLIQUE_SERVEUR>\r\n\r\n# Banni\u00e8re (optionnel)\r\nftpd_banner=Bienvenue sur le serveur FTPS.<\/pre>\r\n <\/div>\r\n <div class=\"code-wrap\">\r\n <div class=\"code-head\">Appliquer la configuration <button class=\"copy-btn\" data-copy-target=\"#c6\">Copier<\/button><\/div>\r\n <pre id=\"c6\" class=\"code-pre\">sudo systemctl restart vsftpd\r\nsudo systemctl enable vsftpd<\/pre>\r\n <\/div>\r\n <\/section>\r\n\r\n <section id=\"whitelist\">\r\n <h2>6) Limiter l\u2019acc\u00e8s \u00e0 l\u2019unique compte <code>tom<\/code> (liste blanche)<\/h2>\r\n <p>Avec <code>userlist_deny=NO<\/code>, seuls les utilisateurs list\u00e9s dans <code>\/etc\/vsftpd.userlist<\/code> peuvent se connecter.<\/p>\r\n <div class=\"code-wrap\">\r\n <div class=\"code-head\">Shell <button class=\"copy-btn\" data-copy-target=\"#c7\">Copier<\/button><\/div>\r\n <pre id=\"c7\" class=\"code-pre\">echo \"tom\" | sudo tee \/etc\/vsftpd.userlist<\/pre>\r\n <\/div>\r\n <\/section>\r\n\r\n <section id=\"firewall\">\r\n <h2>7) Pare-feu : autoriser uniquement <code><IP_AUTORISEE><\/code><\/h2>\r\n <p>On autorise le port de contr\u00f4le <code>21\/tcp<\/code> et la plage passive <code>40000\u201340100\/tcp<\/code> pour la seule IP cliente autoris\u00e9e.<\/p>\r\n <div class=\"code-wrap\">\r\n <div class=\"code-head\">UFW (recommand\u00e9) <button class=\"copy-btn\" data-copy-target=\"#c8\">Copier<\/button><\/div>\r\n <pre id=\"c8\" class=\"code-pre\">sudo ufw allow from <IP_AUTORISEE> to any port 21 proto tcp\r\nsudo ufw allow from <IP_AUTORISEE> to any port 40000:40100 proto tcp\r\nsudo ufw default deny incoming\r\nsudo ufw enable\r\nsudo ufw status verbose<\/pre>\r\n <\/div>\r\n <p class=\"small\">Alternative si tu utilises iptables (\u00e0 adapter\/persister selon ta stack) :<\/p>\r\n <div class=\"code-wrap\">\r\n <div class=\"code-head\">iptables (exemple) <button class=\"copy-btn\" data-copy-target=\"#c9\">Copier<\/button><\/div>\r\n <pre id=\"c9\" class=\"code-pre\">sudo iptables -A INPUT -p tcp -s <IP_AUTORISEE> --dport 21 -j ACCEPT\r\nsudo iptables -A INPUT -p tcp -s <IP_AUTORISEE> --dport 40000:40100 -j ACCEPT\r\nsudo iptables -A INPUT -p tcp --dport 21 -j DROP\r\nsudo iptables -A INPUT -p tcp --dport 40000:40100 -j DROP<\/pre>\r\n <\/div>\r\n <\/section>\r\n\r\n <section id=\"nat\">\r\n <h2>8) Si le serveur est derri\u00e8re un NAT<\/h2>\r\n <ul>\r\n <li>Ouvre\/forwarde vers le serveur <strong>21\/tcp<\/strong> et <strong>40000\u201340100\/tcp<\/strong>.<\/li>\r\n <li>Renseigne <code>pasv_address=<IP_PUBLIQUE_SERVEUR><\/code> dans <code>\/etc\/vsftpd.conf<\/code>.<\/li>\r\n <li>Red\u00e9marre : <kbd>systemctl restart vsftpd<\/kbd>.<\/li>\r\n <\/ul>\r\n <\/section>\r\n\r\n <section id=\"tests\">\r\n <h2>9) Tests \u2014 <strong>WinSCP<\/strong> & <strong>FileZilla<\/strong><\/h2>\r\n\r\n <h3>Test avec WinSCP (Windows)<\/h3>\r\n <ol>\r\n <li>T\u00e9l\u00e9charge et installe depuis <a class=\"btn\" href=\"https:\/\/winscp.net\/\" target=\"_blank\" rel=\"noopener\">winscp.net<\/a>.<\/li>\r\n <li>Nouvelle session :\r\n <ul>\r\n <li><strong>Protocole<\/strong> : FTP<\/li>\r\n <li><strong>Chiffrement<\/strong> : FTP explicite sur TLS\/SSL<\/li>\r\n <li><strong>H\u00f4te<\/strong> : <code><IP_SERVEUR><\/code>, <strong>Port<\/strong> : 21<\/li>\r\n <li><strong>Utilisateur<\/strong> : <code>tom<\/code>, <strong>Mot de passe<\/strong> : (celui cr\u00e9\u00e9)<\/li>\r\n <\/ul>\r\n <\/li>\r\n <li>Accepte le certificat TLS (auto-sign\u00e9) au premier essai.<\/li>\r\n <li>V\u00e9rifie :\r\n <ul class=\"check\">\r\n <li>Acc\u00e8s au r\u00e9pertoire <code>\/home\/tom\/ftp<\/code>.<\/li>\r\n <li>Upload possible dans <code>\/home\/tom\/ftp\/upload<\/code>.<\/li>\r\n <li>Impossible de remonter au-dessus du <code>chroot<\/code>.<\/li>\r\n <\/ul>\r\n <\/li>\r\n <\/ol>\r\n\r\n <h3>Test avec FileZilla (Windows\/Linux\/macOS)<\/h3>\r\n <ol>\r\n <li>Installe depuis <a class=\"btn\" href=\"https:\/\/filezilla-project.org\/\" target=\"_blank\" rel=\"noopener\">filezilla-project.org<\/a>.<\/li>\r\n <li>Gestionnaire de sites \u2192 Nouveau site :\r\n <ul>\r\n <li><strong>Protocole<\/strong> : FTP<\/li>\r\n <li><strong>Chiffrement<\/strong> : Utiliser FTP explicite sur TLS si disponible<\/li>\r\n <li><strong>H\u00f4te<\/strong> : <code><IP_SERVEUR><\/code>, <strong>Port<\/strong> : 21<\/li>\r\n <li><strong>Type d\u2019authentification<\/strong> : Normale<\/li>\r\n <li><strong>Utilisateur<\/strong> : <code>tom<\/code>, <strong>Mot de passe<\/strong> : (celui cr\u00e9\u00e9)<\/li>\r\n <\/ul>\r\n <\/li>\r\n <li>Accepte l\u2019avertissement du certificat TLS.<\/li>\r\n <li>V\u00e9rifie les m\u00eames points que pour WinSCP.<\/li>\r\n <\/ol>\r\n\r\n <div class=\"code-wrap\">\r\n <div class=\"code-head\">Test rapide en ligne de commande (curl) \u2014 FTPS explicite <button class=\"copy-btn\" data-copy-target=\"#c10\">Copier<\/button><\/div>\r\n <pre id=\"c10\" class=\"code-pre\">curl -v --ssl --ftp-ssl --user tom ftp:\/\/<IP_SERVEUR>\/<\/pre>\r\n <\/div>\r\n <\/section>\r\n\r\n <section id=\"verif\">\r\n <h2>10) V\u00e9rifications & D\u00e9pannage<\/h2>\r\n <div class=\"code-wrap\">\r\n <div class=\"code-head\">Statut du service <button class=\"copy-btn\" data-copy-target=\"#c11\">Copier<\/button><\/div>\r\n <pre id=\"c11\" class=\"code-pre\">systemctl status vsftpd<\/pre>\r\n <\/div>\r\n <div class=\"code-wrap\">\r\n <div class=\"code-head\">Logs utiles <button class=\"copy-btn\" data-copy-target=\"#c12\">Copier<\/button><\/div>\r\n <pre id=\"c12\" class=\"code-pre\">sudo journalctl -u vsftpd -e\r\nsudo tail -f \/var\/log\/auth.log<\/pre>\r\n <\/div>\r\n <ul>\r\n <li><strong>\u00c9checs TLS \u00ab reuse \u00bb<\/strong> : <code>require_ssl_reuse=NO<\/code> est d\u00e9j\u00e0 configur\u00e9.<\/li>\r\n <li><strong>Connexion bloqu\u00e9e<\/strong> : v\u00e9rifie UFW\/iptables (seule <code><IP_AUTORISEE><\/code> doit passer).<\/li>\r\n <li><strong>Transferts qui stagnent<\/strong> : ports passifs ouverts (pare-feu) + <code>pasv_address<\/code> si NAT.<\/li>\r\n <li><strong>Erreur chroot<\/strong> : assure-toi que <code>\/home\/tom\/ftp<\/code> <em>n\u2019est pas<\/em> modifiable par tom (chmod 550).<\/li>\r\n <\/ul>\r\n <\/section>\r\n\r\n <section id=\"securite\">\r\n <h2>11) R\u00e9sum\u00e9 s\u00e9curit\u00e9<\/h2>\r\n <ul class=\"check\">\r\n <li>FTP en clair d\u00e9sactiv\u00e9 \u2014 <strong>TLS obligatoire<\/strong> pour login & donn\u00e9es.<\/li>\r\n <li><strong>Liste blanche<\/strong> : seul l\u2019utilisateur <code>tom<\/code> est autoris\u00e9.<\/li>\r\n <li><strong>Confinement<\/strong> : <code>chroot_local_user=YES<\/code>.<\/li>\r\n <li><strong>Pare-feu restrictif<\/strong> : acc\u00e8s depuis <code><IP_AUTORISEE><\/code> uniquement.<\/li>\r\n <li><strong>Ports passifs born\u00e9s<\/strong> et document\u00e9s (40000\u201340100\/TCP).<\/li>\r\n <li><strong>Certificat TLS<\/strong> d\u00e9di\u00e9 (Let\u2019s Encrypt recommand\u00e9 en prod).<\/li>\r\n <\/ul>\r\n <\/section>\r\n\r\n <footer>\r\n <p>\u00a9 2025 \u2014 Proc\u00e9dure FTPS (vsftpd) Debian \u2014 Acc\u00e8s IP restreint & utilisateur <code>tom<\/code>.<\/p>\r\n <\/footer>\r\n<\/main>\r\n\r\n<script>\r\nfunction copyFrom(selector, btn){\r\n const el = document.querySelector(selector);\r\n if(!el) return;\r\n const text = el.innerText;\r\n navigator.clipboard.writeText(text).then(()=>{\r\n const old = btn.textContent;\r\n btn.textContent = \"Copi\u00e9 \u2713\";\r\n btn.disabled = true;\r\n setTimeout(()=>{btn.textContent = \"Copier\"; btn.disabled = false;}, 1500);\r\n });\r\n}\r\ndocument.querySelectorAll(\".copy-btn\").forEach(btn=>{\r\n const target = btn.getAttribute(\"data-copy-target\");\r\n btn.addEventListener(\"click\", ()=>copyFrom(target, btn));\r\n});\r\n<\/script>\r\n<\/body>\r\n<\/html>\r\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>D\u00e9ployer un serveur FTPS (vsftpd) \u2014 Debian (acc\u00e8s IP restreint & utilisateur tom) Serveur FTPS (vsftpd) sur Debian \u2014 Acc\u00e8s limit\u00e9 \u00e0 une IP & utilisateur tom Proc\u00e9dure pas-\u00e0-pas :…<\/p>\n","protected":false},"author":1,"featured_media":310,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8],"tags":[],"class_list":["post-302","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-linux"],"_links":{"self":[{"href":"https:\/\/info.kpuc.dev\/index.php\/wp-json\/wp\/v2\/posts\/302","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/info.kpuc.dev\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/info.kpuc.dev\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/info.kpuc.dev\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/info.kpuc.dev\/index.php\/wp-json\/wp\/v2\/comments?post=302"}],"version-history":[{"count":7,"href":"https:\/\/info.kpuc.dev\/index.php\/wp-json\/wp\/v2\/posts\/302\/revisions"}],"predecessor-version":[{"id":313,"href":"https:\/\/info.kpuc.dev\/index.php\/wp-json\/wp\/v2\/posts\/302\/revisions\/313"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/info.kpuc.dev\/index.php\/wp-json\/wp\/v2\/media\/310"}],"wp:attachment":[{"href":"https:\/\/info.kpuc.dev\/index.php\/wp-json\/wp\/v2\/media?parent=302"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/info.kpuc.dev\/index.php\/wp-json\/wp\/v2\/categories?post=302"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/info.kpuc.dev\/index.php\/wp-json\/wp\/v2\/tags?post=302"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}