¶ FTP Server: Configuring Vsftpd with SSL/TLS
Enhance the security of your Vsftpd server by enabling SSL/TLS for secure FTP connections. The following steps guide you through the process of setting up SSL/TLS on a Vsftpd server.
¶ Step 1: Create Self-Signed Certificates
-
Navigate to the certificates directory:
cd /etc/pki/tls/certs -
Generate a self-signed certificate:
openssl req -x509 -nodes -newkey rsa:2048 -keyout vsftpd.pem -out vsftpd.pem -days 3650 -
Follow the on-screen prompts to enter your country code, state, city, company, department, server's FQDN, and admin email.
-
Set appropriate permissions for the certificate:
chmod 600 vsftpd.pem
¶ Step 2: Configure Vsftpd
-
Edit the Vsftpd configuration file:
vi /etc/vsftpd/vsftpd.conf -
Add the following lines to enable SSL/TLS:
rsa_cert_file=/etc/pki/tls/certs/vsftpd.pem ssl_enable=YES force_local_data_ssl=YES force_local_logins_ssl=YES -
Restart Vsftpd to apply the changes:
systemctl restart vsftpd
¶ Step 3: Configure Firewalld
-
If Firewalld is running, set fixed passive ports and allow them in Vsftpd configuration:
vi /etc/vsftpd/vsftpd.conf # Add these lines pasv_enable=YES pasv_min_port=60000 pasv_max_port=60100 -
Restart Vsftpd:
systemctl restart vsftpd -
Allow the specified port range in Firewalld:
firewall-cmd --add-port=60000-60100/tcp firewall-cmd --runtime-to-permanent
¶ FTP Client Configuration
¶ CentOS
-
Install FTP Client, then configure as follows:
vi ~/.lftprc # Add these lines set ftp:ssl-auth TLS set ftp:ssl-force true set ftp:ssl-protect-list yes set ftp:ssl-protect-data yes set ftp:ssl-protect-fxp yes set ssl:verify-certificate no -
Connect to the FTP server using FTPS:
lftp -u cent www.srv.world
¶ Windows (FileZilla)
- Open FileZilla, and navigate to File > Site Manager.
- Click the New site button and input connection information. For encryption, select Use explicit FTP over TLS.
- If using a self-signed certificate, a warning may appear; it's expected and safe to proceed.
- Once configured correctly, you'll be able to connect to the FTP server using FTPS.
This guide provides the essential steps to set up and configure a Vsftpd server with SSL/TLS for enhanced security and how to configure FTP clients on CentOS and Windows to use FTPS connections.