Copyright © 2008-2017, dave - Code samples on Dave's Brain is licensed under the Creative Commons Attribution 2.5 License. However other material, including English text has all rights reserved.
Date: 2007dec14 OS: Linux Q. How do I make TLS/SSL work with vsftpd? A. Here's what to do on a RedHat/Fedora/CentOS box. Create a self-signed certificate:cd /etc/pki/tls/certs make vsftpd.pemAdd this to your /etc/vsftpd/vsftpd.conf file:# Enable SSL/TLS ssl_enable=YES allow_anon_ssl=NO force_local_data_ssl=YES force_local_logins_ssl=YESssl_tlsv1=YES ssl_sslv2=NO ssl_sslv3=NOrsa_cert_file=/etc/pki/tls/certs/vsftpd.pem# Doesn't have to be these port number but needs to be some range. # Usually in the high end. pasv_min_port=40000 pasv_max_port=40100Restart vsftpd:systemctl restart vsftpdThen you need to tweak your firewall. For non-encrypted ftp connections the ip_conntrack_ftp module keeps track of passive connections and options the needed port but now the session is encrypted it can't spy. So we'll need to open the port range we specified above:iptables -A block -m state --state NEW -p TCP --dport 40000:40100 -j ACCEPTFinally, test it with FileZilla or other modern ftp client. This setup works for me.
Add a commentSign in to add a comment