vsFTPd

FTP daemon config with SSL in debian

Generate a pem file from an official SSL certificate

cat /etc/apache2/ssl/server.crt /etc/apache2/ssl/server.pem > /etc/vsftpd/server.pem 

if you have an intermediate, chained cert, include that as well:

cat /etc/apache2/ssl/server_inter.crt >> /etc/vsftpd/server.pem

Generate a selfsigned pem file

openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout /etc/vsftpd/vsftpd.pem -out /etc/vsftpd/vsftpd.pem

SSL config options

excerpt from /etc/vsftpd.conf

ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=NO
force_local_logins_ssl=NO
ssl_tlsv1=YES
ssl_sslv2=YES
ssl_sslv3=YES
rsa_cert_file=/etc/vsftpd/server.pem
require_ssl_reuse=NO
pasv_enable=YES
pasv_min_port=55000
pasv_max_port=60000
ftp_data_port=20
listen_port=21

Client testing

offical cert:

lftp -u username -e 'set ftp:ssl-force true' example.com

selfsigned cert:

lftp -u username -e 'set ftp:ssl-force true' -e 'set ssl:verify-certificate false' example.com

Check cert

openssl s_client -connect example.com:ftp -starttls ftp -showcerts
 
Back to top
linux/network/vsftpd.txt · Last modified: 2013/06/12 10:37 by tkilla