Page 1 of 1

SSL on vsftpd

Posted: Sun Nov 05, 2017 3:07 pm
by max.m
Hi there, i have trouble on ssl activation for vsftpd on fresh vestacp install over centos 7.0
this is my config:

Code: Select all

anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
anon_umask=022
anon_upload_enable=NO
dirmessage_enable=YES
xferlog_enable=YES
dual_log_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
chroot_local_user=YES
allow_writeable_chroot=YES
listen=YES
#listen_ipv6=YES
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
force_dot_files=YES
ascii_upload_enable=YES
ascii_download_enable=YES
pasv_enable=YES
pasv_max_port=12100
pasv_min_port=12000
use_localtime=YES
####SSL
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_tlsv2=NO
ssl_tlsv3=NO
require_ssl_reuse=NO
ssl_ciphers=HIGHT
rsa_cert_file=/etc/ssl/private/vsftpd.pem
rsa_private_key_file=/etc/ssl/private/vsftpd.pem
Only add code after comment ssl. but whe i try to restart vsftpd not start. Error:

Code: Select all

 vsftpd.service - Vsftpd ftp daemon
   Loaded: loaded (/usr/lib/systemd/system/vsftpd.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since dom 2017-11-05 16:05:29 CET; 16s ago
  Process: 10806 ExecStart=/usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf (code=exited, status=2)
 Main PID: 5586 (code=killed, signal=TERM)

Starting Vsftpd ftp daemon...
 vsftpd.service: control process exited, code=exited status=2
 Failed to start Vsftpd ftp daemon.
 Unit vsftpd.service entered failed state.
vsftpd.service failed.
suggestions?

thanks

Re: SSL on vsftpd

Posted: Sun Nov 05, 2017 3:31 pm
by max.m
Find a typo in ssl_ciphers=HIGH
but nothing new happend.. :-(

Re: SSL on vsftpd

Posted: Wed Aug 15, 2018 3:16 pm
by BartMan__X
and this is what i like about this Forum.... no answer....

Re: SSL on vsftpd

Posted: Thu Aug 16, 2018 3:42 pm
by ScIT
BartMan__X wrote:
Wed Aug 15, 2018 3:16 pm
and this is what i like about this Forum.... no answer....
answer on what? a year old post?

SSL Configuration is quit easy, it's just vsftpd standard: https://www.liquidweb.com/kb/configure-vsftpd-ssl/

Re: SSL on vsftpd

Posted: Wed May 15, 2019 6:59 am
by mlopez
This is what I add to my vsFTP config file /etc/vsftpd/vsftpd.conf:

Code: Select all

#
# SSL Options
#
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1_1=YES
ssl_tlsv1_2=YES
ssl_tlsv1=NO
ssl_sslv2=NO
ssl_sslv3=NO
require_ssl_reuse=YES
ssl_ciphers=HIGH
rsa_cert_file=/usr/local/vesta/ssl/certificate.crt
rsa_private_key_file=/usr/local/vesta/ssl/certificate.key
Note that I used the path of the self-signed certificate, so when connecting to the server a warning message is displayed. This would be used for all domains, that's why the warning message appears because it was issued for the main domain of the server, not for all of the domains hosted on it.

Hope it would help.

Regards!

Re: SSL on vsftpd

Posted: Fri May 24, 2019 9:09 am
by deeprus
Hello.

Just installed new VPS on Debian 9.9 (stretch).
vsftpd version is 3.0.3

Now I'm trying to set up a secure connection for the vsftpd. After adding these two parameters to the configuration file

Code: Select all

ssl_tlsv1_1=YES
ssl_tlsv1_2=YES
my vsftpd server cannot start.
I get the following errors when checking the configuration:

Code: Select all

#vsftpd
500 OOPS: unrecognised variable in config file: ssl_tlsv1_1
500 OOPS: unrecognised variable in config file: ssl_tlsv1_2
Therefore, my vsftpd only starts working when I delete these parameters or comment them out.
Now my configuration is as follows:

Code: Select all

#ssl_tlsv1_1=YES
#ssl_tlsv1_2=YES
ssl_tlsv1=YES
I could not find the description of the ssl_tlsv1_1 and ssl_tlsv1_2 parameters in the man pages or official documentation (https://security.appspot.com/vsftpd/vsftpd_conf.html).
Could you please tell me where these parameters come from and what version of vsftpd are they for?

Re: SSL on vsftpd

Posted: Thu Jun 20, 2019 11:53 am
by skamasle
Some body post guide where: viewtopic.php?f=44&t=18559

Re: SSL on vsftpd

Posted: Fri Jun 28, 2019 2:39 am
by salvatorenz
I use this on Centos 7 and have no issues.

#SSL
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1_1=NO
ssl_tlsv1_2=YES
ssl_tlsv1=NO
ssl_sslv2=NO
ssl_sslv3=NO
require_ssl_reuse=YES
ssl_ciphers=EECDH+AESGCM:EDH+AESGCM
rsa_cert_file=/usr/local/vesta/ssl/certificate.crt
rsa_private_key_file=/usr/local/vesta/ssl/certificate.key

Also use the above ssl ciphers for email, nginx etc. maybe a couple of rules need changing but passes pci compliance test