WING LOON

Do you know what is a File Transfer Protocol (FTP)? FTP (RFC959) is a network protocol used to transfer data files from one computer to another through a network. The risk of using FTP is notable by using plaintext username and password. This is very insecure. Your can be easily sniffed.

This post describes how to install and setup a secured FTP server using vsftpd 2.0.5 with TLS in CentOS 5.1 the easy way.

Pre-requisite Check
Run the command below to query for vsftpd rpm: -

rpm -qa vsftpd

If vsftpd is not installed, you can use yum to install it using the command below: -

yum install vsftpd

Initial Configuration
The configuration directory of vsftpd is located in /etc/vsftpd path. It is advisable to backup the good known configuration files for easier quick restoration. Run the command below: -

cp /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf.original

Control User Access
Change the following parameter below in your /etc/vsftpd/vsftpd.conf file to disable anonymous users access: -

anonymous_enable=NO

Change the following parameter below in your /etc/vsftpd/vsftpd.conf file to lock users in their home directory: -

chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list
chroot_local_user=YES

Run the following command below to create /etc/vsftpd/chroot_list file: -

touch /etc/vsftpd/chroot_list
chmod 600 /etc/vsftpd/chroot_list

Enable TLS Encryption
Run the following command below to check an installation of vsftpd for SSL support: -

ldd /usr/sbin/vsftpd | grep ssl

You will get the following result below if your vsftpd is SSL supported: -

libssl.so.6 => /lib64/libssl.so.6 (0x00002aaaaacc6000)

To use TLS you will need to generate a key by using the openssl command below: -

openssl req -x509 -nodes -days 3650 -newkey rsa:1024 -keyout /etc/vsftpd/vsftpd.pem -out /etc/vsftpd/vsftpd.pem

The above command prompts you for series of questions for creating your certificate with a life of 10 years (-days 3650): -

Country Name (2 letter code) [GB]:MY
State or Province Name (full name) [Berkshire]:WP
Locality Name (eg, city) [Newbury]:KL
Organization Name (eg, company) [My Company Ltd]:Company
Organizational Unit Name (eg, section) []:IT
Common Name (eg, your name or your server's hostname) []:localhost
Email Address []:ftpmaster@localhost

Run the following command below to change the permission of the /etc/vsftpd/vsftpd.pem file: -

chmod 600 /etc/vsftpd/vsftpd.pem

Add this to your /etc/vsftpd/vsftpd.conf file: -

ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=NO
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
rsa_cert_file=/etc/vsftpd/vsftpd.pem

You need to restart vsftpd to take effect using the command below: -

service vsftpd restart

You may use FileZilla as the FTP client that supports TLS encryption connection. Be sure to select “FTPES - FTP over explicit TLS/SSL” under the “Servertype” in the FileZilla Site Manager.

If you found these helpful, please contribute to help:

Source: vsftpd