Page 1 of 1

SSL on vsftpd

Posted: Sun Nov 05, 2017 3:07 pm
by max.m
Hi there, i have trouble on ssl activation for vsftpd on fresh vestacp install over centos 7.0
this is my config:

Code: Select all

anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
anon_umask=022
anon_upload_enable=NO
dirmessage_enable=YES
xferlog_enable=YES
dual_log_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
chroot_local_user=YES
allow_writeable_chroot=YES
listen=YES
#listen_ipv6=YES
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
force_dot_files=YES
ascii_upload_enable=YES
ascii_download_enable=YES
pasv_enable=YES
pasv_max_port=12100
pasv_min_port=12000
use_localtime=YES
####SSL
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_tlsv2=NO
ssl_tlsv3=NO
require_ssl_reuse=NO
ssl_ciphers=HIGHT
rsa_cert_file=/etc/ssl/private/vsftpd.pem
rsa_private_key_file=/etc/ssl/private/vsftpd.pem
Only add code after comment ssl. but whe i try to restart vsftpd not start. Error:

Code: Select all

 vsftpd.service - Vsftpd ftp daemon
   Loaded: loaded (/usr/lib/systemd/system/vsftpd.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since dom 2017-11-05 16:05:29 CET; 16s ago
  Process: 10806 ExecStart=/usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf (code=exited, status=2)
 Main PID: 5586 (code=killed, signal=TERM)

Starting Vsftpd ftp daemon...
 vsftpd.service: control process exited, code=exited status=2
 Failed to start Vsftpd ftp daemon.
 Unit vsftpd.service entered failed state.
vsftpd.service failed.
suggestions?

thanks

Re: SSL on vsftpd

Posted: Sun Nov 05, 2017 3:31 pm
by max.m
Find a typo in ssl_ciphers=HIGH
but nothing new happend.. :-(

Re: SSL on vsftpd

Posted: Wed Aug 15, 2018 3:16 pm
by BartMan__X
and this is what i like about this Forum.... no answer....

Re: SSL on vsftpd

Posted: Thu Aug 16, 2018 3:42 pm
by ScIT
BartMan__X wrote:
Wed Aug 15, 2018 3:16 pm
and this is what i like about this Forum.... no answer....
answer on what? a year old post?

SSL Configuration is quit easy, it's just vsftpd standard: https://www.liquidweb.com/kb/configure-vsftpd-ssl/

Re: SSL on vsftpd

Posted: Wed May 15, 2019 6:59 am
by mlopez
This is what I add to my vsFTP config file /etc/vsftpd/vsftpd.conf:

Code: Select all

#
# SSL Options
#
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1_1=YES
ssl_tlsv1_2=YES
ssl_tlsv1=NO
ssl_sslv2=NO
ssl_sslv3=NO
require_ssl_reuse=YES
ssl_ciphers=HIGH
rsa_cert_file=/usr/local/vesta/ssl/certificate.crt
rsa_private_key_file=/usr/local/vesta/ssl/certificate.key
Note that I used the path of the self-signed certificate, so when connecting to the server a warning message is displayed. This would be used for all domains, that's why the warning message appears because it was issued for the main domain of the server, not for all of the domains hosted on it.

Hope it would help.

Regards!