Configuring VSFTPD to allow secure FTP connections with OpenSSL

A comment on my previous post on setting up VSFTPD on Ubuntu has prompted me to write this brief supplement on how to configure VSFTPD for SSL connections.

Assuming you’ve followed the previous tutorial mentioned above, you’ll need to generate an SSL certificate using OpenSSL, then configure VSFTPD to use the key.Create a new X.509 certificate with OpenSSL

First, create a directory for the new certificate:

The following command will generate a new X.509 key which we’ll associate VSFTPD afterwards:

or, you can create the certificate and give it an expiry with the -days switch:

You should now have a certificate in the /etc/vsftpd directory we created earlier; next step will be to configure VSFTPD to use this certificate.

Configuring VSFTPD for SSL connections
Open up your VSFTPD config file with your chosen editor, which in my case is nano:

Then find the line which reads:

and make sure the referenced path matches the path to the certificate we created in the previous step.

After this line we need to add settings to allow secure connections – for now we’ll make it so that you can connect with or without SFTP – so underneath this line add the following:

As I said, this will still allow insecure connections – if you want to stop people connecting with insecure FTP, then change the line:

to read:

Now restart VSFTPD for the changes to take effect
One last thing to be done and you should be merrily using SFTP with your favourite FTP client:

Further reading
The TCP/IP Guide is a reference book worth taking a glance at if you’re that way inclined. It goes into a lot more detail on FTP and other internet protocols, covering both IPv4 and IPv6.