How to Configure VSFTPD with SSL/TLS encrypted connection?

Before you proceed with these steps, ensure that you have installed the VSFTP on your Linux machine.

How to setup VSFTPD on Centos 7.x?

How to install VSFTPD on Ubuntu 18.04?

  1. We will generate a self-signed certificate using OpenSSL. At first, create a directory to store the public key and private key. 

    mkdir -p /etc/vsftpd/ssl
  2. Run the below command to generate the certificate. Once you execute the below command, it will ask for the country name, state name, city name, organization, unit name, and the common name that must match your server's IP Address, or You can use the domain name pointing to your server IP Address. The certificate will use the RSA key agreement protocol with a key length of 2048 bit. The certificate will be valid for 365 days.

    openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/vsftpd/ssl/vsftpd.pem -out /etc/vsftpd/ssl/vsftpd.pem
  3. Let us open the configuration file of VSFTPD for the installation of the certificate. 

    vim /etc/vsftpd.conf
  4. Add the below line to the VSFTPD config file to set the certificate and key file path.

    rsa_cert_file=/etc/vsftpd/ssl/vsftpd.pem
    rsa_private_key_file=/etc/vsftpd/ssl/vsftpd.pem
  5. Add the below line to enable SSL.

    ssl_enable=YES
    
  6. Block the anonymous user from accessing the FTP using SSL/TLS.

    allow_anon_ssl=NO
    
  7. Specify that when to use SSL/TLS. It includes data transfer and log in using the credentials.

    ssl_enable=YES
    
  8. Block the anonymous user from accessing the FTP using SSL/TLS.

    force_local_data_ssl=YES
    force_local_logins_ssl=YES
  9. Let us specify the version to use for the encryption. TLS is more secure than SSL. We will block the older versions.

    ssl_tlsv1=YES
    ssl_sslv2=NO
    ssl_sslv3=NO
  10. Add the require SSL reuse and SSL ciphers to improve the security. It allows additional security against Man In The Middle (MITM) attacks. However, It may not be compatible with the older FTP clients.

    require_ssl_reuse=YES
    ssl_ciphers=HIGH
  11. Finally, restart the VSFTPD.

    systemctl restart vsftpd
  12. After establishing the SSL/TLS connection, you will get the below message in your FTP client.

    Status: Connection established, waiting for welcome message...
    Status: Initializing TLS...
    Status: Verifying certificate...
    Status: TLS connection established.

Related Articles

How do I enable apache file and directory indexing in Linux or UNIX?

There are 2 ways to enable apache file and directory indexing. Using Apache config file : You...

How to Install A-AST Linux Malware Detect Interface in cPanel/WHM?

You can scan your cPanel VPS and dedicated server against malware and keep your environment clean...

Fix :: SSH Error: Starting sshd: Missing privilege separation directory: /var/empty/sshd

Problem Statement Could not connect to Linux machine through SSH. Error Message While starting...

How to Find All Files Owned by a Specific User in Unix/Linux?

You might receive an issue where you require to find all the files that are owned by a specific...

How to Install NodeBB on a CentOS VPS?

NodeBB is an open source and powerful forum software based on the Node.js. It is very easy to...

  • 0 Users Found This Useful

Was this answer helpful?