Linux : Configuring vsftpd for secure connections

Generally when we login to VSFTPD using our username and password, it’s transmitted in simple/clear text, which is considered as insecure.
we can configure VSFTPD server to use OpenSSl, so that all the details are encrypted during the transfers.
###install OpenSSL

yum install openssl

###Generate a Certificate

openssl req -x509 -nodes -days 365 -newkey rsa:1024
-keyout /etc/vsftpd/vsftpd.pem
-out /etc/vsftpd/vsftpd.pem

At this point of time you will have to answer few question Like Contry, State, Email ID, etc .
###Configuring vsftpd
Config file path : /etc/vsftpd/vsftpd.conf
add the below line to the config file

ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=NO
force_local_logins_ssl=NO
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
rsa_cert_file=/etc/vsftpd/vsftpd.pem

Notes:
ssl_enable=YES will tell vsftp to use ssl connection.
allow_anon_ssl=NOthis controls tell weather to enable for anonymous or not.
force_local_logins_ssl=NO This option fill force the ftp server to use ssl connections for all transfers.
you have to restart VSFTPD to enable the new settings

#/etc/init.d/vsftpd/restart

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.