The
vsftpd.conf man is actually very good.
You need to enable this options on vsftpd.conf
Code:
#this is very important
ssl_enable=YES
ssl_tlsv1=YES
ssl_sslv2=NO #you can enable this if you to allow version 2 of ssl
ssl_sslv3=NO #you can enable this if you to allow version 3 of ssl
rsa_cert_file=/etc/vsftpd/vsftpd.pem
You will have to generate the certificate:
Code:
cd /etc/vsftpd # or wherever your vsftpd config directory is
openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout vsftpd.pem -out vsftpd.pem
Also if you want clients to be required to connect with tls/ssl add this line
Code:
force_local_logins_ssl=YES
If you want to also encrypt data(as opposed to just the login) add this line.
Code:
force_local_data_ssl=YES
You have to make sure that vsftpd was compiled with ssl support(most distributions enable this by default).
The rest of the options for vsftpd are the same as if there were no ssl.