Jump to content

vsftpd SSL Issues

- - - - -
Started by bbqroast, Apr 15 2011 05:36 PM

  • Please log in to reply
2 replies to this topic

#1
bbqroast
Posted 15 April 2011 - 05:36 PM

bbqroast

    Codecall Addict

  • Members
  • PipPipPipPipPipPipPip
  • 554 posts
  • Location:/etc/passwd
OMG
If anyone even mutters "google is your friend" I WILL RIP OUT THEIR THROAT!!!
I have been googling for whats approaching 8 hours and have found little.

I'm trying to set up a vsftpd server on my ubuntu desktop box.
I decided to use SSL because I will be port forwarding it! Anyway I have been trying to get an SSL certificate to work buts its hopeless:
You know what I really want a download page with a certificate I honestly don't care if its:
Name: Nulls
Full_Name: Nullw0rm
Email: nulls@nullw0rm.com
Company: Nulls Programming Corp

Honestly if I can get a secure connection to my user(s) I would be happy. :cursing:
EDIT: Tried to get on the vsftpd IRC channel on freenode the second I logged in I was banned!
Please, write clearly with proper structure. Double spacing makes the text feel un-jointed, Capitalizing Every Word Means People Stop Before Every Word Sub-Consciously Which Is A Pain In The Backside, and use code tags! (The right most styling box).

#2
Alexander
Posted 15 April 2011 - 10:27 PM

Alexander

    It's Science!

  • Moderators
  • 4,118 posts
  • Location:Vancouver, Eh! Cleverness: 200
From what you have written, I gather you wish to use the secured socket layer protocol with your FTP connection using vsftpd. This will be called the FTPS (different from SFTP) protocol and you will require the installation of OpenSSL on your distribution.

As a prerequisite, you will be required to set up virtual users on the FTP account, anonymous users cannot authenticate with this protocol. This should remain a fairly easy step, here is a document on how to set this up with RHEL/CentOS, the steps remain the same for other distributions:
Vsftpd FTP Server With Virtual Users ( Berkeley DB + PAM )

You will be required to generate an encoded certificate, this will be a file that should only be allowed readable by root. I would recommend you therefor store this in the /root/ folder as backup.
mkdir /root/backup/
cd /root/backup/
openssl req -new -x509 -nodes -out ftps.pem -keyout ftps.pem
chmod 500 ./ftps.pem
The pem extension is a shortened acronym of Privacy Enhanced Mail Security Certificate, of which it was originally named for and will be required for a successful authentication request (handshake).

You can place the certificate key in a location that vsftp recognizes.
cp ftps.pem /etc/vsftpd/vsftpd.pem
And modify your vsftpd.conf to the appropriate configuration settings (for the later versions)
ssl_enable = YES
rsa_cert_file = /etc/vsftpd/vsftpd.pem
force_local_data_ssl = NO
The SFTP protocol (SSH) may be a less difficult solution to enable secured FTP access, and will not rely on an FTP server, that is another consideration.

You should note the users will require an FTPS compatible client to access your server.
Be sure to read the updated FAQ! || Health is achieved through the same 10,000 steps.
If a suggested code/method fails, informing us is less important than telling us why or what errors occurred.

#3
bbqroast
Posted 22 April 2011 - 07:09 PM

bbqroast

    Codecall Addict

  • Members
  • PipPipPipPipPipPipPip
  • 554 posts
  • Location:/etc/passwd
Wow thanks, you out did yourself!
Please, write clearly with proper structure. Double spacing makes the text feel un-jointed, Capitalizing Every Word Means People Stop Before Every Word Sub-Consciously Which Is A Pain In The Backside, and use code tags! (The right most styling box).
Back to Linux Applications


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users



  1. CODECALL Programming Forum
  2. General Computing
  3. Linux and Unix
  4. Linux Applications
IPB skins by Skinbox