How to Configure VSFTPD with SSL/TLS encrypted connection?

Before you proceed with these steps, ensure that you have installed the VSFTP on your Linux machine.

How to setup VSFTPD on Centos 7.x?

How to install VSFTPD on Ubuntu 18.04?

  1. We will generate a self-signed certificate using OpenSSL. At first, create a directory to store the public key and private key. 

    mkdir -p /etc/vsftpd/ssl
  2. Run the below command to generate the certificate. Once you execute the below command, it will ask for the country name, state name, city name, organization, unit name, and the common name that must match your server's IP Address, or You can use the domain name pointing to your server IP Address. The certificate will use the RSA key agreement protocol with a key length of 2048 bit. The certificate will be valid for 365 days.

    openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/vsftpd/ssl/vsftpd.pem -out /etc/vsftpd/ssl/vsftpd.pem
  3. Let us open the configuration file of VSFTPD for the installation of the certificate. 

    vim /etc/vsftpd.conf
  4. Add the below line to the VSFTPD config file to set the certificate and key file path.

    rsa_cert_file=/etc/vsftpd/ssl/vsftpd.pem
    rsa_private_key_file=/etc/vsftpd/ssl/vsftpd.pem
  5. Add the below line to enable SSL.

    ssl_enable=YES
    
  6. Block the anonymous user from accessing the FTP using SSL/TLS.

    allow_anon_ssl=NO
    
  7. Specify that when to use SSL/TLS. It includes data transfer and log in using the credentials.

    ssl_enable=YES
    
  8. Block the anonymous user from accessing the FTP using SSL/TLS.

    force_local_data_ssl=YES
    force_local_logins_ssl=YES
  9. Let us specify the version to use for the encryption. TLS is more secure than SSL. We will block the older versions.

    ssl_tlsv1=YES
    ssl_sslv2=NO
    ssl_sslv3=NO
  10. Add the require SSL reuse and SSL ciphers to improve the security. It allows additional security against Man In The Middle (MITM) attacks. However, It may not be compatible with the older FTP clients.

    require_ssl_reuse=YES
    ssl_ciphers=HIGH
  11. Finally, restart the VSFTPD.

    systemctl restart vsftpd
  12. After establishing the SSL/TLS connection, you will get the below message in your FTP client.

    Status: Connection established, waiting for welcome message...
    Status: Initializing TLS...
    Status: Verifying certificate...
    Status: TLS connection established.

Related Articles

How to fix su USER Fails With "su: cannot create child process: Resource temporarily unavailable" Error in CloudLinux?

You may face the below error while switching the accounts using su command. su accutest su:...

What are the benefits of CloudLinux?

There are numerous advantages and benefits of CloudLinux OS and we will discuss it in this...

How to kill a process on Linux using command?

There might be an issue with applications that can be hung and not working properly. In this...

How to Upgrade PHP Version in cPanel/WHM Server?

Following article will assist you to upgrade PHP version in cPanel/WHM server. This article is...

How to enable sFTP in a Linux VPS?

The SSH File Transfer Protocol (SFTP), also known as the Secure File Transfer Protocol, enables...

  • 0 Users Found This Useful

Was this answer helpful?