The Temple of Fu

code, systems and games

CentOS 5* VSFTPD Install and Setup + OpenSSL

leave a comment »

Install VSFTPD
# yum install vsftpd

Turn on the VSFTPD service so it starts at boot
# chkconfig vsftpd on

Start, stop or restart VSFTPD
# service vsftpd [start,stop,restart]

Generate an OpenSSL certificate

You use OpenSSL to generate a certificate for vsftpd. The certificate is stored on your server, in a location of your choice. Here I choose to put it in the /etc/vsftpd directory. As well, you specify a ‘lifetime’ for the certificate; here it is set for 5 years (“-days 1825”).Note that the backslashes only signify line breaks. You should be able to copy/paste & run it as it is, or remove the backslashes and the line breaks.
If /etc/vsftpd does not exist create it (it existed on my system after install).
#mkdir /etc/vsftpd

#openssl req -x509 -nodes -days 1825 -newkey rsa:1024 \
-keyout /etc/vsftpd/vsftpd.pem \
-out /etc/vsftpd/vsftpd.pem

You will be prompted with a series of question, which you answer as they appear. When done the certificate will be installed in the /etc/vsftpd directory.

To configure vsftpd you need to edit the file /etc/vsftpd/vsftpd.conf and add the following lines:
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=NO
force_local_logins_ssl=NO
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
rsa_cert_file=/etc/vsftpd/vsftpd.pem

Restart vsftpd for these settings to take effect:
#/etc/rc.d/init.d/vsftpd restart

Connect using a ftp client that support AUTH TLS / SSL / SFTP I use FileZilla.

Error Messages (below answers are what worked for me YMMV):
Connection attempt failed with “ECONNREFUSED – Connection refused by server”.
Provide correct info for login and port within your client.

Status: Connection established, initializing TLS…
Error: Connection timed out

I indicated the server type in my client as “FTPS – FTP over implicit TLS/SSL” but it must be “FTPES – FTP over explicit TLS/SSL” for it to work

Error: GnuTLS error -8: A record packet with illegal version was received.
Error: Disconnected from server: ECONNABORTED – Connection aborted

Verify vsftpd.conf settings are correct.

Advertisements

Written by lordfu

November 2, 2010 at 10:46 am

Posted in Linux, RedHats

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: