Updated : Aug 10, 2015 in Apache

Installing VSFTPD for FTP-SSL web sites upload on Ubuntu

In order to force an exclusive use of the SSL/TLS connectivity to users here is how to install it:
Note: This tutorial was base from this site:
https://www.digitalocean.com/community/tutorials/how-to-configure-vsftpd-to-use-ssl-tls-on-an-ubuntu-vps

Install the vsftpd package
sudo apt-get install vsftpd
Edit the /etc/vsftpd.conf configuration file and add the following at the end of the file or alternatively adapt the file to these configuration directives:
These directives will permit only internal registered users to FTP-SSL/TLS, be jailed and be allowed to write in their home directories. Perfect for WordPress fcgi installation 🙂 .
anonymous_enable=NO
local_enable=YES
write_enable=YES
chroot_local_user=YES
allow_writeable_chroot=YES

After that, we will add the following lines to force SSL. This will restrict clients that can’t deal with TLS, but that is what we want.
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES

After this we configure the server to use TLS, which is actually a successor to SSL, and preferred:
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO

Finally, we will require add some additional options to flesh out our configuration file:
require_ssl_reuse=NO
ssl_ciphers=HIGH

Make sure the following directives are not disabled:
Note: Of course if you have your own certificate and key you can configure their use here.
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key

Restart vsftpd service
sudo service vsftpd restart
Note: If you need to connect to the ftp server on the command line, consider using curlftpfs. It allows you to mount the ftp host as a fuse filesystem. See: http://manpages.ubuntu.com/manpages/precise/man1/curlftpfs.1.html

Alternative

Here is an alternative configuration of vsftpd for starting it via then inetd daemon:
vsftpd started with inetd:
ftp stream tcp nowait root /usr/local/libexec/vsftpd vsftpd
/etc/vsftpd.conf content:
anonymous_enable=NO
local_enable=YES
write_enable=YES
listen_port=21
local_umask=022
anon_upload_enable=NO
anon_mkdir_write_enable=NO
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_file=/var/log/vsftpd.log
xferlog_std_format=YES
hide_file={/mail}.
secure_chroot_dir=/usr/local/share/vsftpd/empty
max_clients=200
max_per_ip=100
chroot_local_user=YES
text_userdb_names=YES
force_dot_files=YES
listen_address=xxx.xxx.xxx.xxx (my ip adress)
allow_writable_root=YES

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: