In our last post, we saw how we can Install and configure VSFTPD FTP Service on Linux systems. In this post we will try to configure SSL/TLS on VSFTPD in Linux systems.

Although if you like to use FTP outside LAN on internet than its better to use SFTP, its better alternative to use SFTP as it share over SSH which is more secure. But you must FTP on internet than at least use secure connection over SSL/TLS

Installation and basic Configuration of vsFTPD is covered in previous Post. Now we have to see how we can force to use SSL/TLS in VSFTPD.

We have to edit VSFTPD configuration file to refer which key use to make SSL/TLS connection. we have open /etc/vsftpd/vsftpd.conf as root.

We need to enable SSL in vsftpd.conf file. we should allow only Local users for login, so we should disable anonymous login. we should force local users to use only SSL/TLS layer.

ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES

We need to mention location certificate and keys files that used to make SSL/TLS connection. In this post we combine both files in one file.

rsa_cert_file=/etc/ssl/private/vsftpd.pem
rsa_private_key_file=/etc/ssl/private/vsftpd.pem

As TLS is more secure than SSL, we should use TLS instead of SSL. So we have to restrict SSL connection. We could easily do this allowing TLS and denying SSL connections.

ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO

Add two more derivates for proper function and security of TLS.

require_ssl_reuse=NO
ssl_ciphers=HIGH

Now restart vsftpd service with “Service vsftpd restart” command.

Now see How can we connect this FTP Server with FileZilla.
Click on File, Site Manager. Site Manager Wizard will open. Follow images show below.

Fill all necessary fields as below picture and connect.
FileZilla_1

 

 

 

 

 

 

 

 

 

 

 

 

It ask for user’s password.
FileZilla_2

Will Show certificate details.
FileZilla_3

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

On screen will show you establish connection
FileZilla_4