||11-03-2009 10:58 PM
man is actually very good.
You need to enable this options on vsftpd.conf
#this is very important
ssl_sslv2=NO #you can enable this if you to allow version 2 of ssl
ssl_sslv3=NO #you can enable this if you to allow version 3 of ssl
You will have to generate the certificate:
cd /etc/vsftpd # or wherever your vsftpd config directory is
openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout vsftpd.pem -out vsftpd.pem
Also if you want clients to be required to connect with tls/ssl add this line
If you want to also encrypt data(as opposed to just the login) add this line.
You have to make sure that vsftpd was compiled with ssl support(most distributions enable this by default).
The rest of the options for vsftpd are the same as if there were no ssl.