# vsftpd, disable ssl login for specific user

## blue_calling

Hi,

I've set up a working config for ssl on my machine. And now have an account that will login from windows and from my phone, I therefore needs to disable ssl login for this specific users. Unfortunately below config doesn't work. The problem is that force_local_logins_ssl isn't possible to set in the user_config_dir. Does anyone know if there is a workaround for this? I'm using vsftpd 2.2.2.

vsftpd.conf

```
anonymous_enable=NO

local_enable=YES

write_enable=NO

anon_upload_enable=NO

anon_mkdir_write_enable=NO

anon_other_write_enable=NO

dirmessage_enable=YES

xferlog_enable=YES

connect_from_port_20=YES

xferlog_file=/var/log/vsftpd.log

nopriv_user=virtualftpuser

chroot_local_user=YES

listen=YES

#Secure default settings

ssl_enable=YES

allow_anon_ssl=NO

force_local_data_ssl=YES

force_local_logins_ssl=YES

ssl_tlsv1=YES

ssl_sslv2=NO

ssl_sslv3=NO

rsa_cert_file=/etc/vsftpd/vsftpd.pem

user_config_dir=/etc/vsftpd/user_conf

#virtual user setting

virtual_use_local_privs=YES

secure_chroot_dir=/var/run/vsftpd

pam_service_name=vsftpd

user_sub_token=$USER

local_root=/media/virtualftp/$USER

hide_ids=YES

guest_enable=YES

guest_username=virtualftpuser
```

user_conf/[myuser]

```
force_local_login_ssl=NO
```

----------

## Hu

Disabling SSL is generally a bad idea.  I see no options for the requested behavior in the vsftpd.conf manpage.

I suppose the obvious suggestion of acquiring a phone that understands FTPS is not welcome.  What phone is this?  Perhaps it could use an alternative protocol, such as sftp (ftp over ssh)?  I believe the PuTTY family can do sftp, so if you can run a PuTTY or OpenSSH client on the phone, that would avoid the need to disable SSL.

----------

