6

I did install and configure vsftpd with ssl using openssl. But I want to accept only ssl connections, or, in other words, deny non-ssl connections.

jww
  • 97,681
  • 90
  • 411
  • 885
nashuald
  • 805
  • 3
  • 14
  • 31
  • 2
    Stack Overflow is a site for programming and development questions. This question appears to be off-topic because it is not about programming or development. See [What topics can I ask about here](http://stackoverflow.com/help/on-topic) in the Help Center. Perhaps [Super User](http://superuser.com/) or [Unix & Linux Stack Exchange](http://unix.stackexchange.com/) would be a better place to ask. – jww Jan 24 '18 at 15:46

2 Answers2

8

If you set "force_local_logins_ssl=YES" then your clients will be required to use an FTP client that supports AUTH TLS/SSL in order to connect. If you leave it at "NO" then people can connect securely or insecurely.

Source

All you need to do is change that setting in /etc/vsftpd.conf or in /etc/vsftp/vsftpd.conf; depending on your distro, the .conf file should be on of those 2 places. Then all you should need to do is restart vsftpd daemon as so:

vsftpd restart

EDIT

You may also need to set ssl_enable=YES for this to take effect (as pointed out by Tegran in the comments)

Icarus
  • 63,293
  • 14
  • 100
  • 115
-2

You need to set the following option in /etc/vsftpd.conf and restart the server:

ssl_enable=YES

Setting force_local_logins_ssl=YES is also required but it's actually the default as long as you have SSL enabled.

Beware, if you just set force_local_logins_ssl=YES without ssl_enable=YES then you will not be preventing people from logging on without an encrypted connection.

Daniel Böhmer
  • 14,463
  • 5
  • 36
  • 46
Tegran
  • 522
  • 4
  • 3