NOTE: You definitely should use this if you connect from the Internet to your box, otherwise passwords will be sent in plaintext, etc.
To use vsftpd with encryption (it's safer), change or add the following options (some options aren't on the original config file, so add them):
vi /etc/vsftpd.conf
and add or modify as:
ssl_enable=YES allow_anon_ssl=NO force_local_data_ssl=YES force_local_logins_ssl=YES ssl_tlsv1=YES ssl_sslv2=NO ssl_sslv3=NO # Filezilla uses port 21 if you don't set any port # in Servertype "FTPES - FTP over explicit TLS/SSL" # Port 990 is the default used for FTPS protocol. # Uncomment it if you want/have to use port 990. # listen_port=990
No need to create a certificate if openssl package is installed!
Install Filezilla (on the client side), and use the Servertype “FTPES - FTP over explicit TLS/SSL” option to connect to your server with TLS/SSL/FTPS.
TODO check and add to above
require_ssl_reuse=NO ssl_ciphers=HIGH
When we created the certificate, we included both the key file and the certificate in one file, so we can also point our private key line to that:
TODO check this
rsa_private_key_file=/etc/ssl/private/vsftpd.pem