SWAT Blog

Step by step Configuration of Secure FTP Server on Linux

December 28th, 2010 by Bhagwan Dass

The Installation has been performed on the following Linux OS.
Fedora 6 to 14, rhel 5.0,to 5.5 & Centos 5.0 to 5.5
STEP 1: Setup VSFTPD

[root@linux8 ~]# yum install vsftpd*

STEP 2: Configure VSFTPD

[root@linux8 ~]# vi /etc/vsftpd.conf

Make changes as below:

anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES

#You may fully customise the login banner string
ftpd_banner=Welcome to Minor Addition FTP.

listen=YES
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES (save & Exit)

STEP 3: Enable SSH2 Encription on FTP Server

To enable TLS/SSL security controls

[root@linux8 ~]#ldd /urs/sbin/vsftpd | grep ssl

Output of this command should give out like below

libssl.so.6 => /lib/libssl.so6 (0*001bf000)

STEP 4: Generate certificate key for encryption<

[root@linux8 ~]#cd /etc/pki/tls/certs
[root@linux8 ~]#make vsftpd.pem

This command creates certificate for 2 years. After 2 years make it again.

Country Name : IN
State of province name(full name) : Atul Sharma
Locality Name (eg,city) : Guildford
Organization Name : Tactical Value.
Organizational Unit Name : Centos Server
Common Name (eg,your name or your server’s hostname) : ixlinux1
Email Address : sysadmin@minoraddition.com

Note: The vsftpd.pem file should be secured so only owner has access to the file. This file does not affect the server if it is running as a non privileged account, as the keys are loaded before dropping into non privileged mode.

[root@linux8 ~]#cat /etc/pki/tls/certs/vsftpd.pem
[root@linux8 ~]#openssl x509 -in /etc/pki/tls/certs/vsftpd.pem -noout -text
[root@linux8 ~]#chmod 600 /etc/pki/tls/certs/vsftpd.pem

The configuration file needs to enter some entries. Open vsftpd.conf & enter below written lines at the end of the file.

[root@linux8 ~]#vi /etc/vsftpd/vsftpd.conf

ssh2 configureation
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=NO
force_local_logins_ssl=YES

ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO

rsa_cert_file=/etc/pki/tls/certs/vsftpd.pem

Now we have to restart service

[root@linux8 ~]# /etc/init.d/vsftpd restart

This is all about secure ftp server. For access to secure ftp server you have to create users on the same PC.
The Linux clients use gftp, filezilla.
The windows clients use filezilla.
Use SSH2 & Port 22 while making connection.

Tags: , , , , , , ,

3 Responses to “Step by step Configuration of Secure FTP Server on Linux”

  1. Abhishek Bhardwaj says:

    Really helpful

  2. Nandkumar Kshirsagar says:

    This will allow to ftpes not to ftps.
    i.e
    by using filezilla we get ftpes: FTP with TLS/SSL

    • Atul Sharma says:

      Good point Nandkumar – It depends on the following flag to choose FTPS (which is deprecated now – refer) and FTPES

      ssl_tlsv1=YES

      Choose FTPES for ensuring transport level security.

Leave a Reply for Atul Sharma

  • © 2004-2015 Special Work & Technology Limited