Skip to content

Instantly share code, notes, and snippets.

@jbgo

jbgo/vsftpd-ftps.md

Created February 28, 2012 16:02
Show Gist options
  • Save jbgo/1933358 to your computer and use it in GitHub Desktop.
Save jbgo/1933358 to your computer and use it in GitHub Desktop.
Download ZIP
Configure vsftpd for FTPS
Raw
vsftpd-ftps.md

Generate a self-signed SSL certificate.

mkdir -p /etc/vsftpd/
openssl req -new -x509 -nodes -out /etc/vsftpd/vsftpd.pem -keyout /etc/vsftpd/vsftpd.pem

When generating the SSL key, you will be prompted to fill in a variety of fields such as "Country Name" and "Orginization Name". It is important to fill these in, even if you use fake values. In particular, I would get an error when using curl's -k option because I left "Common Name" field blank.

Enable SSL in /etc/vsftpd.conf.

Add these lines to the bottom of the file.

ssl_enable=YES
rsa_cert_file=/etc/vsftpd/vsftpd.pem

# Send files in the clear but encrypt the control connection
force_local_data_ssl=NO

Test with curl (or another FTPS capable client).

curl -k --ssl ftp://host-name/ --user ftpuser:ftppassword

The trailing slash in the URL tells curl to list the directory contents on the remote FTPS server. The -k options skips SSL certification verification for now because I am using a self-signed certificate for testing purposes. The --ssl option tells curl to use FTPS (notice that I still use ftp: in the URL).

Download a file with curl

curl -k --ssl ftp://host-name/dir/remote-file.tgz --user ftpuser:ftppassword > local-file.tgz

Upload a file with curl

curl -k --ssl -T local-file.tgz --ftp-create-dirs ftp://host-name/some/remote/path/remote-file.tgz --user ftpuser:ftppassword

The -T options specifies the local file to upload, and --ftp-create-dirs tells curl to create the required directories if they don't exist.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment