sudo apt-get install vsftpd
sudo apt-get install openssl
openssl req -x509 -nodes -days 365 -newkey rsa:1024 --keyout /etc/vsftpd/vsftpd.pem --out /etc/vsftpd/vsftpd.pem
After generating the SSL certificate, we need to instruct vsftpd to use that SSL certificate to carry out the encryption process. Just like many services, vsftpd has its own configuration file, vsftpd.conf, which is located in /etc/vsftpd/vsftpd.conf for Red Hat-based systems and /etc/vsftpd.conf in Debian-based systems.
- Step 1: Turn on SSL.
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
- Step 2: Mention the certificate and key file location.
rsa_cert_file=/etc/vsftpd/vsftpd.pem
rsa_private_key_file=/etc/vsftpd/vsftpd.pem
- Step 3: Enable TLS
ssl_sslv2=YES
ssl_sslv3=YES
To allow all the local users added to the system to use FTP service, uncoment this line (if commented):
local_enable=YES
To accept FTP write commands, edit the following line:
write_enable=YES
if you want to preserve the individuality of the users and their contents, you can set up a chroot jail for the users, so that users are bound to work in their home directories and are not permitted to access any files outside them.
chroot_local_user=YES
To enable logging of the transfers carried out:
xferlog_enable=YES
xferlog_std_format=YES
xferlog_file=/var/log/ftp/xferlog
useradd <user_name>
To set the password for user_name, use the passwd command as follows:
passwd <user_name>