How To Configure Vsftpd To Use SSL/TLS On A CentOS
In our last post, we saw how we can Install and configure VSFTPD FTP Service on Linux systems. In this post we will try to configure SSL/TLS on VSFTPD in Linux systems.
Although if you like to use FTP outside LAN on internet than its better to use SFTP, its better alternative to use SFTP as it share over SSH which is more secure. But you must FTP on internet than at least use secure connection over SSL/TLS
Installation and basic Configuration of vsFTPD is covered in previous Post. Now we have to see how we can force to use SSL/TLS in VSFTPD.
We have to edit VSFTPD configuration file to refer which key use to make SSL/TLS connection. we have open /etc/vsftpd/vsftpd.conf as root.
We need to enable SSL in vsftpd.conf file. we should allow only Local users for login, so we should disable anonymous login. we should force local users to use only SSL/TLS layer.
ssl_enable=YES allow_anon_ssl=NO force_local_data_ssl=YES force_local_logins_ssl=YES
We need to mention location certificate and keys files that used to make SSL/TLS connection. In this post we combine both files in one file.
As TLS is more secure than SSL, we should use TLS instead of SSL. So we have to restrict SSL connection. We could easily do this allowing TLS and denying SSL connections.
ssl_tlsv1=YES ssl_sslv2=NO ssl_sslv3=NO
Add two more derivates for proper function and security of TLS.
Now restart vsftpd service with “Service vsftpd restart” command.
Now see How can we connect this FTP Server with FileZilla.
Click on File, Site Manager. Site Manager Wizard will open. Follow images show below.
Fill all necessary fields as below picture and connect.
It ask for user’s password.
Will Show certificate details.
On screen will show you establish connection