Here’s a concise guide to enabling SSL encryption for Ubuntu FTP (using vsftpd):
First, update your package list and install the required software:
sudo apt update
sudo apt install vsftpd openssl
Create a self-signed certificate (replace /etc/ssl/private/vsftpd.pem with your preferred path if needed):
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
-keyout /etc/ssl/private/vsftpd.pem \
-out /etc/ssl/private/vsftpd.pem
Follow the prompts to enter details (country, organization, etc.). The certificate will be valid for 365 days.
Edit the vsftpd configuration file:
sudo nano /etc/vsftpd.conf
Add or modify these lines to enable SSL and enforce secure connections:
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
rsa_cert_file=/etc/ssl/private/vsftpd.pem
rsa_private_key_file=/etc/ssl/private/vsftpd.pem
Key settings explained:
ssl_enable=YES: Turns on SSL/TLS encryption.force_local_data_ssl=YES/force_local_logins_ssl=YES: Requires all data and login connections to use SSL.ssl_tlsv1=YES: Enables TLSv1 (secure protocol); disable SSLv2/3 for security.Apply changes by restarting the service:
sudo systemctl restart vsftpd
Allow FTP (port 21) and FTPS (port 990) traffic. For UFW:
sudo ufw allow 21/tcp
sudo ufw allow 990/tcp
sudo ufw reload
Use an FTP client like FileZilla:
If you don’t need traditional FTP, SFTP (built into SSH) is easier to set up:
sudo apt install openssh-server
sudo nano /etc/ssh/sshd_config
Ensure these lines are present/uncommented:
Subsystem sftp /usr/lib/openssh/sftp-server
PasswordAuthentication YES # Or use key-based auth for better security
Restart SSH and connect using an SFTP client (port 22 by default). SFTP encrypts all traffic by default.
