Configure Vsftpd to use FTPS
Tue, Aug 2, 2011
2-minute read
This is a little HOWTO on configuring Vsftpd to use FTP over SSL and FTPS only, which is highly recommended. You can use it to upgrade WordPress and install plugins, for example.
First open your vsftpd.conf, it should be located in /etc/.
Now add the following lines to enable SSL:
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=YES
ssl_sslv3=YES
The last thing you need is to specify the SSL files. There are already default files you can use.
# This option specifies the location of the RSA certificate to use for SSL
# encrypted connections.
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
# This option specifies the location of the RSA key to use for SSL
# encrypted connections.
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
You can also use your own SSL files if you want. You just have to set the appropriate path.
After a restart of Vsftpd, everything should work.
Note: If you’ve just installed vsftpd, you should make some additional configurations depending on your needs.
These are some adjustments I recommend:
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
anonymous_enable=NO
# Uncomment this to allow local users to log in.
local_enable=YES
# Uncomment this to enable any form of FTP write command.
write_enable=YES
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
local_umask=022