By default, FTP transmits data — including passwords — in plain text, making it vulnerable to interception. In this guide, we'll walk you through configuring VSFTPD (Very Secure FTP Daemon) with SSL/TLS encryption to protect data in transit and harden your FTP server.

Before you proceed with the steps to configure VSFTPD with an SSL/ TLS encrypted connection, ensure that you have installed VSFTPD on your Linux machine.

For your reference, you can follow these articles – 

Step 1: We will generate a self-signed certificate using OpenSSL. First, create a directory to store the public key and private key.
# sudo mkdir -p /etc/vsftpd/ssl
Step 2: Run the command given below to generate the certificate. 
# sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 
-keyout /etc/vsftpd/ssl/vsftpd.pem -out /etc/vsftpd/ssl/vsftpd.pem

Once you execute this command, it will ask for the country name, state name, city name, organization, unit name, and the common name that must match your server's IP Address.

You can also use the domain name pointing to your server's IP Address. The certificate will utilize the RSA key agreement protocol with a 2048-bit key length; it will be valid for 365 days.

Step 3: Let us open the configuration file of VSFTPD for the certificate installation. 
# sudo vim /etc/vsftpd.conf
Step 4: Add or update the following lines:
# SSL certificate and key
rsa_cert_file=/etc/vsftpd/ssl/vsftpd.pem
rsa_private_key_file=/etc/vsftpd/ssl/vsftpd.pem

# Enable SSL
ssl_enable=YES

# Disallow anonymous SSL connections
allow_anon_ssl=NO

# Force SSL for local users (both login and data)
force_local_logins_ssl=YES
force_local_data_ssl=YES

# Use TLS only, disable older SSL versions
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO

# Improve security with strict cipher usage
require_ssl_reuse=YES
ssl_ciphers=HIGH
Step 5: Finally, restart the VSFTPD.
# sudo systemctl restart vsftpd
Step 6: Connect using an FTP client like FileZilla or WinSCP. When SSL is properly configured, the status log should show:
Status: Connection established, waiting for welcome message...
Status: Initializing TLS...
Status: Verifying certificate...
Status: TLS connection established.

Conclusion:

By enabling SSL/TLS in VSFTPD:

  • All FTP data (including login credentials) is encrypted.
  • MITM (Man-In-The-Middle) and sniffing attacks are mitigated.
  • You improve overall FTP security with minimal configuration.
Get Linux VPS Hosting »
Was this answer helpful? 0 Users Found This Useful (1 Votes)

Most Popular Articles

How To Configure the Apache Web Server on an Ubuntu or Debian VPS

Apache is one of the internet's most favoured web servers, serving over half of all active...
Locations of Common Log Files and Configuration Files for cPanel Services

This article covers the configuration files and the log file locations of the most common cPanel...
Fix: Exim error-exim dead but subsys locked

The error “Exim dead but subsys locked” is a common message on Linux servers that use Exim as the...
How to Sync Time using NTP in the Ubuntu Server?

Linux server users might notice that even after manually setting the correct system time, it...
How to Generate a Certificate Signing Request (CSR) with OpenSSL?

Generating a Certificate Signing Request (CSR) is a critical step when setting up SSL for a web...