====== Ubuntu - FTP - VSFTP - TLS/SSL/FTPS VsFtpd ======

**NOTE**: You definitely should use this if you connect from the Internet to your box, otherwise passwords will be sent in plaintext, etc.

----

To use vsftpd with encryption (it's safer), change or add the following options (some options aren't on the original config file, so add them): 

<code bash>
vi /etc/vsftpd.conf
</code>

and add or modify as:

<file bash /etc/vsftpd.conf>
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
# Filezilla uses port 21 if you don't set any port
# in Servertype "FTPES - FTP over explicit TLS/SSL"
# Port 990 is the default used for FTPS protocol.
# Uncomment it if you want/have to use port 990.
# listen_port=990
</file>

No need to create a certificate if openssl package is installed! 

Install Filezilla (on the client side), and use the Servertype "FTPES - FTP over explicit TLS/SSL" option to connect to your server with TLS/SSL/FTPS.

----

===== Other recommended changes =====

TODO check and add to above

<file bash /etc/vsftpd.conf>
require_ssl_reuse=NO
ssl_ciphers=HIGH
</file>

When we created the certificate, we included both the key file and the certificate in one file, so we can also point our private key line to that:  

<WRAP todo>
TODO check this
</WRAP>


<file bash /etc/vsftpd.conf>
rsa_private_key_file=/etc/ssl/private/vsftpd.pem
</file>