vsftpd is the Very Secure File Transfer Protocol Daemon. vsftpd can be launched in standalone mode, in which case vsftpd itself will listen on the network. This latter mode is easier to use, and recommended. It is activated by setting listen=YES in /etc/vsftpd/vsftpd.conf. Direct execution of the vsftpd binary will then launch the FTP service ready for immediate client connections.
Step 1: To Install vsftpd package run given the command.
[root@localhost ~]# yum install vsftpd -y
Step 2: After installed vsftpd package in Redhat server, need to open vsftpd config file by given command.
[root@localhost ~]# nano /etc/vsftpd/vsftpd.conf
To secure vsftpd need to disable anonymous user in vsftpd config file using the following command.
anonymous_enable=NO
To lock FTP user with his home directory, Uncomment and add the following lines in vsftpd config file.
chroot_local_user=YES
allow_writeable_chroot=YES
Step 4: Restart your vsftpd service for effect by using given the command.
[root@localhost ~]# systemctl start vsftpd && systemctl enable vsftpd && systemctl status vsftpd
Step 5: In case your SELinux is enforcing mode so run given the command to allow FTP user home directory access.
[root@localhost ~]# setsebool -P ftp_home_dir 1
Step 6: Need to add FTP service in your firewall by using given the command.
[root@localhost ~]# firewall-cmd –add-service=ftp –permanent && firewall-cmd –reload
After configuration of vsftpd on Redhat 7 Machine, Now need to create a directory to store SSL certificates.
[root@localhoroost ~]# mkdir -p /etc/crt/ssl
Step 7: create the certificate and key files using the following command.
openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout /etc/crt/ssl/vsftpd.pem -out /etc/crt/ssl/vsftpd.pem
Now need to fill the required fields like Country Name, State etc.
Generating a 1024 bit RSA private key
……++++++
………….++++++
writing new private key to ‘/etc/crt/ssl/vsftpd.pem’
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [XX]:IN
State or Province Name (full name) []:Delhi
Locality Name (eg, city) [Default City]:New Delhi
Organization Name (eg, company) [Default Company Ltd]:TechBeginner
Organizational Unit Name (eg, section) []:TechBeginner
Common Name (eg, your name or your server’s hostname) []:www.TechBeginner.in
Email Address []:admin@techbeginner.in
Step 8: Edit vsftpd configuration file /etc/vsftpd/vsftpd.conf.
[root@localhoroost ~]# nano /etc/vsftpd/vsftpd.conf
Add the following lines at the Top:
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
rsa_cert_file=/etc/crt/ssl/vsftpd.pem
rsa_private_key_file=/etc/crt/ssl/vsftpd.pem
Save and Exit the file.
Step 9: Need to restart the vsftpd service.
[root@localhoroost ~]# systemctl restart vsftpd
Now test the vsftpd service any FTP client.