Here’s a concise guide to enabling SSL encryption for Ubuntu FTP (using vsftpd):
First, update your package list and install the required software:
sudo apt update sudo apt install vsftpd openssl Create a self-signed certificate (replace /etc/ssl/private/vsftpd.pem with your preferred path if needed):
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 \ -keyout /etc/ssl/private/vsftpd.pem \ -out /etc/ssl/private/vsftpd.pem Follow the prompts to enter details (country, organization, etc.). The certificate will be valid for 365 days.
Edit the vsftpd configuration file:
sudo nano /etc/vsftpd.conf Add or modify these lines to enable SSL and enforce secure connections:
ssl_enable=YES allow_anon_ssl=NO force_local_data_ssl=YES force_local_logins_ssl=YES ssl_tlsv1=YES ssl_sslv2=NO ssl_sslv3=NO rsa_cert_file=/etc/ssl/private/vsftpd.pem rsa_private_key_file=/etc/ssl/private/vsftpd.pem Key settings explained:
ssl_enable=YES: Turns on SSL/TLS encryption.force_local_data_ssl=YES/force_local_logins_ssl=YES: Requires all data and login connections to use SSL.ssl_tlsv1=YES: Enables TLSv1 (secure protocol); disable SSLv2/3 for security.Apply changes by restarting the service:
sudo systemctl restart vsftpd Allow FTP (port 21) and FTPS (port 990) traffic. For UFW:
sudo ufw allow 21/tcp sudo ufw allow 990/tcp sudo ufw reload Use an FTP client like FileZilla:
If you don’t need traditional FTP, SFTP (built into SSH) is easier to set up:
sudo apt install openssh-server sudo nano /etc/ssh/sshd_config Ensure these lines are present/uncommented:
Subsystem sftp /usr/lib/openssh/sftp-server PasswordAuthentication YES # Or use key-based auth for better security Restart SSH and connect using an SFTP client (port 22 by default). SFTP encrypts all traffic by default.
