# vsftp with ssl

## Pngmalion

How do i enable ssl in vsftpd?

----------

## andybrandy

First of all - install vsftpd-2.0.1 release (with SSL support) and dont't forget about openssl   :Wink: 

Then execute the command:

```
openssl req -x509 -nodes -newkey rsa:4096 -days 3654 -keyout /etc/ssl/private/vsftpd.pem -out /etc/ssl/private/vsftpd.pem
```

Then edit /etc/vsftpd.conf

Here is my vsftpd.conf file :

background=YES

listen=YES

#anonymous_enable=YES

local_enable=YES

write_enable=YES

local_umask=022

#anon_upload_enable=YES

#anon_mkdir_write_enable=YES

dirmessage_enable=YES

connect_from_port_20=YES

#chown_uploads=YES

#chown_username=whoever

xferlog_enable=YES

#xferlog_std_format=YES

xferlog_file=/var/log/vsftpd/vsftpd.log

#idle_session_timeout=600

#data_connection_timeout=120

nopriv_user=nobody

#async_abor_enable=YES

#ascii_upload_enable=YES

#ascii_download_enable=YES

#ftpd_banner=Welcome to blah FTP service.

#banned_email_file=/etc/vsftpd/vsftpd.banned_emails

#chroot_list_file=/etc/vsftpd/vsftpd.chroot_list

#ls_recurse_enable=YES

ssl_enable=YES

rsa_cert_file=/etc/ssl/private/vsftpd.pem

ssl_sslv3=YES

ssl_sslv2=YES

ssl_tlsv1=YES

force_local_logins_ssl=YES

force_local_data_ssl=YES

log_ftp_protocol=YES

It sholud be work for the first try   :Twisted Evil: 

----------

## ilyung

Thanks for the post. It helps me a lot.

By the way, I got some error message when ssl is enabled.

It says, 

===================

Error:	Transfer channel can't be opened. Reason: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.

Error:	Could not retrieve directory listing

===================

If I disable ssl, this problem did not happen. So, I think this error is related to ssl.

Currently, I am using Filezilla as a ftp client. 

Any advice welcomes!!!

Thanks in advance.

----------

## johnnymac

I've had similar problems with FileZilla and  connecting SFTP....I like filezilla but it seems when you add a bit of security to it it freaks out....

or I'm a dork....either way I went a different route.  I ended up created a java applet to handle ftp and placed it on my server...now I just go to my web address and upload my shite.

----------

## johndo

I believe your transfer problems have to do witha  firewall

. Usually routers are smart enough to automatically forward parts after they here the port command.  encryption prevents them from ever hearing it, so you probably need to specify which ports to use, and forward them manually

----------

