vsftpd, which stands for “Very Secure FTP Daemon”[citation needed], is an FTP server for Unix-like systems, including Linux. It is licensed under the GNU General Public License. It supports IPv6 and SSL.
vsftpd supports explicit (since 2.0.0) and implicit (since 2.1.0) FTPS.
vsftpd is the default FTP server in the Ubuntu, CentOS, Fedora, NimbleX and RHEL Linux distributions.
In July 2011 it was discovered that vsftpd version 2.3.4 downloadable from the master site had been compromised. Users logging into an instance of the compromised vsftpd-2.3.4 may issue a “:)” smileyface as the username and gain a command shell on a high tcp port. This was not an issue of a security hole in vsftpd, instead, someone had uploaded a different version of vsftpd which contained a backdoor.
Let show you how to install VSFTPD in centos with SSl certification:
Install vsftpd with
tyn install vsftpd
Check the ssl
ldd /usr/sbin/vsftpd | grep ssl
This suitable command is for creating your certificates
cd /etc/pki/tls/certs
[bash]# openssl req -x509 -nodes -days 730 -newkey rsa:1024
-keyout /etc/pki/tls/certs/vsftpd.pem
-out /etc/pki/tls/certs/vsftpd.pem
Check your Certificate :
cat /etc/pki/tls/certs/vsftpd.pem
openssl x509 -in /etc/pki/tls/certs/vsftpd.pem -noout -text
Change owner chip of the file
chmod 600 /etc/pki/tls/certs/vsftpd.pem
vi /etc/vsftp/vsftpd.conf
and add
###config
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=NO
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
rsa_cert_file=/etc/pki/tls/certs/vsftpd.pem
vsftpd restart
/etc/init.d/vsftpd restart
[root@localhost certs]# /etc/init.d/vsftpd restart
Shutting down vsftpd: [ OK ]
Starting vsftpd for vsftpd: [ OK ]
[root@localhost certs]#
Connect to the FTP Server via Command line or Via FTP Client (windwos or Linux)
