Categories

  Categories

  Support

  My Support Tickets   Announcements   Knowledgebase   Downloads   Network Status   Open Ticket

How to Configure VSFTPD with SSL/ TLS Encrypted Connection? Print

  • 0

Before you proceed with the steps to configure VSFTPD with SSL/ TLS encrypted connection, ensure that you have installed the VSFTP on your Linux machine.

For your reference, you can follow these articles – 

1. We will generate a self-signed certificate using OpenSSL.
First, create a directory to store the public key and private key.

mkdir -p /etc/vsftpd/ssl

2. Run the command given below to generate the certificate. 

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/vsftpd/ssl/vsftpd.pem -out /etc/vsftpd/ssl/vsftpd.pem

Once you execute this command, it will ask for the country name, state name, city name, organization, unit name, and the common name that must match your server's IP Address.
You can also use the domain name pointing to your server IP Address. The certificate will use the RSA key agreement protocol with a key length of 2048 bits; the certificate will be valid for 365 days.

3. Let us open the configuration file of VSFTPD for the certificate installation. 

vim /etc/vsftpd.conf

4. Add the line given below to the VSFTPD config file to set the certificate and key file path.

rsa_cert_file=/etc/vsftpd/ssl/vsftpd.pem
rsa_private_key_file=/etc/vsftpd/ssl/vsftpd.pem

5. Add this line to enable the SSL 

ssl_enable=YES

6. Block the anonymous user from accessing the FTP using SSL/TLS

allow_anon_ssl=NO

7. Specify when to use SSL/ TLS. It includes data transfer and logging in using the credentials

ssl_enable=YES

8. Block the anonymous user from accessing the FTP using SSL/ TLS

force_local_data_ssl=YES
force_local_logins_ssl=YES

9. Let us specify the version to use for the encryption.
TLS is more secure than SSL, and we will block the older versions

ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO

10. Add the required SSL reuse and SSL ciphers to improve security, allowing additional protection against Man-in-the-Middle (MITM) attacks.
However, it may not be compatible with older FTP clients

require_ssl_reuse=YES
ssl_ciphers=HIGH

11. Finally, restart the VSFTPD.

systemctl restart vsftpd

12. After establishing the SSL/ TLS connection, you will get this message in your FTP client. 

Status: Connection established, waiting for welcome message...

Status: Initializing TLS...

Status: Verifying certificate...

Status: TLS connection established.

Get VPS Hosting »

Was this answer helpful?

Related Articles

Locations of Common Log Files and Configuration Files for cPanel Services This article covers the configuration files and the log file locations of the most common cPanel... Fix: Exim error-exim dead but subsys locked Problem StatementThe php mail scripts were not working in Linux VPS. Error Messageexim dead but... How to Sync Time using NTP in the Ubuntu Server? Linux server users might have noticed that after adjusting the system clock to the correct... How to Generate a Certificate Signing Request (CSR) with OpenSSL? OpenSSL is used to generate a pair of private keys and public Certificate Signing Request (CSR)... How to Install NodeBB on a CentOS VPS? NodeBB is an open-source and powerful forum software based on Node.js. It is a very easy-to-use,...
« Back

Copyright © 2003-2023 AccuWebHosting.com USA | Designed By: AccuWebTech.Com

chat