How To Configure VSFTPD With SSL?

How To Configure VSFTPD With SSL? Linux

This document discusses how to configure vsftpd to work with SSL encryption.

Requirement:

SSL certificate
VSFTPD Server

If you do not know how to install a VSFTPD server, please click on the link How to Install VSFTPD

Please follow the below steps

Prepare a place for the SSL key to live:

mkdir /etc/ssl/private

For this example, we are using a configure vsftpd self-signed SSL

openssl req –x509 –nodes –days 365 –newkey rsa:2048 –keyout /etc/ssl/private/vsftpd.key –out /etc/ssl/certs/vsftpd.crt
Note: if you have purchased a SSL, you can put the key in the /etc/ssl/private/vsftpd.key and the certificate in /etc/ssl/certs/vsftpd.crt

Configure vsftpd server to use this certificate

vim /etc/vsftpd/vsftpd.conf
You can use any editor you prefer instead of vim

Add the below configurations at the bottom of the config file available at /etc/vsftpd/vsftpd.conf

ssl_enable=YES
(This option enables SSL support for vsftpd)

allow_anon_ssl=NO
(Prevent anonymous SSL/TLS encrypted login)

force_local_data_ssl=YES force_local_logins_ssl=YES
(To force SSL/TLS encryption of both your username/password and your data to keep it safe.)

ssl_tlsv1_1=YES ssl_tlsv1_2=YES
(Use the stronger, better, encryption offered by TLS 1.1 and 1.2.)

ssl_tlsv1=NO
(TLS 1.0 is getting a little more insecure than we would like, so we are going to disable it. Some of the older ftp clients may not be compatible with newer version of TLS and may require this option to be set as “YES”)

ssl_sslv2=NO ssl_sslv3=NO
(SSLv2 and SSLv3 is set as disable to protect for BEAST and POODLE vulnerabilities)

(Continuing our security improvements we are going to add some additional protection against Man In The Middle (MITM) attacks by enabling the following. Older FTP client may be incompatible. If you see a connection loss set this option to “NO”)

require_ssl_reuse=YES
(This will require the server to use stronger cipher suites.)

ssl_ciphers=HIGH
(Lastly, our crt and key file.)

rsa_cert_file=/etc/ssl/certs/vsftpd.crt rsa_private_key_file=/etc/ssl/private/vsftpd.key

Save and exit from the editor
Now that we have added to the configuration file, we should restart the vsftpd server

Systemctl restart vsftpd
or
service restart vsftpd
SSL encryption is one of the leading forms of protecting data in transit to your server.

At Velan, our server support engineers can help you setup your SSL based ftp server using vsftpd. For details, please visit Outsourced Managed IT Services

Applications (5)
- Magento (1)
Cloud (19)
- AWS (17)
  - ACM (1)
  - AWS CLI (1)
  - AWS ECS (4)
  - CloudFront (2)
  - EC2 (8)
  - S3 (1)
- Google Drive (1)
- Office365 (1)
Database (4)
- MongoDB (1)
- MySQL (3)
DNS (2)
- Cloudflare (2)
  - Zone Lockdown (1)
Linux (42)
- DirectAdmin (1)
- Server (40)
  - Core (10)
  - cPanel / WHM (6)
  - Dockers (3)
  - Security (7)
- zimbra (1)
  - SSL (1)
PHP (1)
Windows (14)
- Server (12)
  - Core (4)
  - DHCP (1)
  - Security (5)
  - Webserver (1)
- XAMPP (1)
Windows Server (1)
- IIS (1)
  - Application Pool (1)

Tech Tips

Linux | Windows | Email | Security | Database | Network

How To Configure VSFTPD With SSL? Linux

Categories

Recent Tech Tips

Credentials

Reach Us

Follow Us

Quick Connect With Us

Quick Connect With Us

IT Outsourcing Services

AI & Robotic Process Automation

Business Process Outsourcing Services

How To Configure VSFTPD With SSL? Linux

Categories

Recent Tech Tips

Credentials

Reach Us

Follow Us

Quick Connect With Us

Quick Connect With Us