Differences

This shows you the differences between two versions of the page.

--- ftp:tls_ssl_ftps_vsftpd [2016/10/18 14:07] – peter
+++ ftp:tls_ssl_ftps_vsftpd [2019/11/29 14:37] (current) – removed peter
@@ Line 1: / Line 1: @@
-====== FTP - TLS/SSL/FTPS VsFtpd ======
-**NOTE**: You definitely should use this if you connect from the Internet to your box, otherwise passwords will be sent in plaintext, etc.
-To use vsftpd with encryption (it's safer), change or add the following options (some options aren't on the original config file, so add them):
-<code bash>
-vi /etc/vsftpd.conf
-</code>
-and add or modify as:
-<file bash /etc/vsftpd.conf>
-ssl_enable=YES
-allow_anon_ssl=NO
-force_local_data_ssl=YES
-force_local_logins_ssl=YES
-ssl_tlsv1=YES
-ssl_sslv2=NO
-ssl_sslv3=NO
-# Filezilla uses port 21 if you don't set any port
-# in Servertype "FTPES - FTP over explicit TLS/SSL"
-# Port 990 is the default used for FTPS protocol.
-# Uncomment it if you want/have to use port 990.
-# listen_port=990
-</file>
-No need to create a certificate if openssl package is installed!
-Install Filezilla (on the client side), and use the Servertype "FTPES - FTP over explicit TLS/SSL" option to connect to your server with TLS/SSL/FTPS.
-===== Other recommended changes =====
-TODO check and add to above
-<file bash /etc/vsftpd.conf>
-require_ssl_reuse=NO
-ssl_ciphers=HIGH
-</file>
-When we created the certificate, we included both the key file and the certificate in one file, so we can also point our private key line to that:
-TODO check this
-<file bash /etc/vsftpd.conf>
-rsa_private_key_file=/etc/ssl/private/vsftpd.pem
-</file>