Setup vsftpd 2.0.5 with TLS in CentOS 5.5

Do you know what is a File Transfer Protocol (FTP)? FTP (RFC959) is a network protocol used to transfer data files from one computer to another through a network. The risk of using FTP is notable by using plaintext username and password. This is very insecure. Your login and password can be easily sniffed.

This post describes how to install and setup a secured FTP server using vsftpd 2.0.5 with TLS in CentOS 5.5 the easy way.

Pre-requisite Check
Run the command below to query for vsftpd rpm: -

rpm -qa vsftpd

If vsftpd is not installed, you can use yum to install it using the command below:

yum install vsftpd

Initial Configuration
The configuration directory of vsftpd is located in /etc/vsftpd path. It is advisable to backup the good known configuration files for easier quick restoration. Run the command below: -

cp /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf.original

Control User Access
Change the following parameter below in your /etc/vsftpd/vsftpd.conf file to disable anonymous users access: -


Change the following parameter below in your /etc/vsftpd/vsftpd.conf file to lock users in their home directory: -


Run the following command below to create /etc/vsftpd/chroot_list file: -

touch /etc/vsftpd/chroot_list
chmod 600 /etc/vsftpd/chroot_list

Enable TLS Encryption
Run the following command below to check an installation of vsftpd for SSL support: -

ldd /usr/sbin/vsftpd | grep ssl

You will get the following result below if your vsftpd is SSL supported: - => /lib/ (0x001e3000)

To use TLS you will need to generate a key by using the openssl command below: -

openssl req -x509 -nodes -days 3650 -newkey rsa:1024 -keyout /etc/vsftpd/vsftpd.pem -out /etc/vsftpd/vsftpd.pem

The above command prompts you for series of questions for creating your certificate with a life of 10 years (-days 3650): -

Country Name (2 letter code) [GB]:MY
State or Province Name (full name) [Berkshire]:WP
Locality Name (eg, city) [Newbury]:KL
Organization Name (eg, company) [My Company Ltd]:Company
Organizational Unit Name (eg, section) []:IT
Common Name (eg, your name or your server’s hostname) []:localhost
Email Address []:ftpmaster@localhost

Run the following command below to change the permission of the /etc/vsftpd/vsftpd.pem file: -

chmod 600 /etc/vsftpd/vsftpd.pem

Add this to your /etc/vsftpd/vsftpd.conf file: -


You need to restart vsftpd to take effect using the command below: -

service vsftpd restart

You may use FileZilla as the FTP client that supports TLS encryption connection. Be sure to select FTPES – FTP over explicit TLS/SSL under the Servertype in the FileZilla Site Manager.


Post a Comment