Most of the production environment are not allowed to use ftp service instead we need to replace with sftp of vsftp with SSL. Let us see how to implement vsftp with SSL/TLS by following below step by step guide.

Install the package vsftpd using:

#sudo apt-get install vsftpd

Once done with  vsftpd installation by continuing install the OpenSSL package which provides the SSL/TLS options.

#sudo apt-get install openssl

Navigate to ssl directory to create certificate files

# sudo openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/ssl/vsftpd.pem -out /etc/ssl/vsftpd.pem

Then change the permission for certificate file to access only by root user

# sudo chmod 600 vsftpd.pem

Edit the vsftpd configuration using vim as follows

# sudo vim /etc/vsftpd.conf

Change the location of certificate file under below directive

# rsa_cert_file=/etc/ssl/vsftpd.pem
# rsa_private_key_file=/etc/ssl/vsftpd.pem

Then enable the ssl for vsftpd and force local user to use ssl

# ssl_enable=yes
# force_local_data_ssl=YES
# force_local_logins_ssl=YES
# pam_service_name=vsftpd

Restart the vsftpd service and login from filezilla to test the above configuration changes.

# sudo service vsftpd restart

That’s it we have done with vsftpd installation with SSL/TLS.

Babin Lonston
Overall 13+ Years of experience in IT field, 7+ years of experience in Linux administration with Virtualization & Cloud technologies. Love documentation and being Numismatics for a long time.

Filesystem backup using backup gem

Previous article

Setting up sftp with chroot

Next article

You may also like


Leave a reply

Your email address will not be published.