How to Secure FTP Server with TLS/SSL Connection in Ubuntu Server 12.04

in FTP Server, How To

Previously, I have wrote about How to build a FTP server using vsftpd. Acctualy, vsftpd was fairly safe to use personal FTP server, in this post I will sharing how to secure FTP server using TLS / SSL (Transport Layer Security / Secure Sockets Layer). TLS / SSL provide end to end authentication and communications privacy over the Internet using cryptography protocol, with the aim that the process of communication on the internet can not be intercepted by another person

First step to configure TLS/SSL in vsftpd is Create SSL Certificate, in this tutorial I’will using X.509, which is a Public Key Infrastructure (PKI) standard from ITU-T.

Open your terminal and login to the server with ssh, then login with permissions Super User/root by typing the following command:

sudo su

Create directory to store SSL Certificate, in this case SSL Certificate for vsftpd will be placed in the directory /etc/vsftpd:

mkdir /etc/vsftpd/
cd /etc/vsftpd/

Now, create a SSL certificate for vsftpd, in this case SSL certificate that I created will be one year old (365 days), use the following command:

/usr/bin/openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout vsftpd.pem -out vsftpd.pem

Then you are asked for fill out the required information, After creating SSL certificate is completed, the second step is to edit the configuration file /etc/vsftpd, with the following command:

sudo gedit /etc/vsftpd.conf

or

sudo nano /etc/vsftpd.conf

Match with the following configuration:

# Uncomment this to allow local users to log in.
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES
#
# Turn on SSL
ssl_enable=YES
#
# Allow anonymous users to use secured SSL connections
allow_anon_ssl=YES
#
# All non-anonymous logins are forced to use a secure SSL connection in order to
# send and receive data on data connections.
#
force_local_data_ssl=YES
# All non-anonymous logins are forced to use a secure SSL connection in order to send the password.
#
force_local_logins_ssl=YES
# Permit TLS v1 protocol connections. TLS v1 connections are preferred
#
ssl_tlsv1=YES
# Permit SSL v2 protocol connections. TLS v1 connections are preferred
#
ssl_sslv2=NO
# permit SSL v3 protocol connections. TLS v1 connections are preferred
#
ssl_sslv3=NO
# This option specifies the location of the RSA certificate to use for SSL
# encrypted connections.
rsa_cert_file=/etc/vsftpd/vsftpd.pem

Save the configuration and restart vsftpd service:

service vsftp restart

install ftp-ssl to try access the FTP server with TLS/SSL from the client,

sudo apt-get install ftp-ssl

access (FTP server) with the command:

ftp-ssl host
ftp-ssl 192.168.56.2
vftpd with tlsssl connections How to Secure FTP Server with TLS/SSL Connection in Ubuntu Server 12.04
Advertisement:
  • Pingback: Secure FTP on Precise Server « 0ddn1x: tricks with *nix

  • http://www.facebook.com/rick.top.98 Rick Top

    Nice!

  • English Teacher

    If you get a chance sometime, maybe fix the grammar of the opening statement where “Previously, I have wrote” should be “I have written”

    Thanks!

  • Jesse

    Great tutorial. One error though: instead of “service vsftp restart” it should be “service vsftpd restart”

Previous post:

Next post: