Comments on How to install and configure vsftpd with TLS on Debian 8 (Jessie)

This article explains how to set up a TLS enabled vsftpd server on a Debian 8 server. FTP is a very insecure protocol by default because all passwords and all data are transferred in clear text. By using TLS, the whole communication can be encrypted, thus making FTP much more secure.

8 Comment(s)

Add comment

Please register in our forum first to comment.

Comments

By: Gallok
Reply  

It doesn't work. ECONNREFUSED all time.

By: gallok
Reply  

root@debian8:~# systemctl status vsftpd.service? vsftpd.service - vsftpd FTP server   Loaded: loaded (/lib/systemd/system/vsftpd.service; enabled)   Active: failed (Result: exit-code) since vie 2016-02-26 16:30:03 CET; 3min 55s ago  Process: 25431 ExecStart=/usr/sbin/vsftpd /etc/vsftpd.conf (code=exited, status=2)  Process: 25428 ExecStartPre=/bin/mkdir -p /var/run/vsftpd/empty (code=exited, status=0/SUCCESS) Main PID: 25431 (code=exited, status=2)feb 26 16:30:03 debian8 systemd[1]: vsftpd.service: main process exited, co...NTfeb 26 16:30:03 debian8 systemd[1]: Unit vsftpd.service entered failed state.Hint: Some lines were ellipsized, use -l to show in full.

 

[Unit]Description=vsftpd FTP serverAfter=network.target[Service]Type=simpleExecStart=/usr/sbin/vsftpd /etc/vsftpd.confExecReload=/bin/kill -HUP $MAINPIDExecStartPre=-/bin/mkdir -p /var/run/vsftpd/empty[Install]WantedBy=multi-user.target

By: Kempain
Reply  

Great tutorial but it is slightly incorrect which is what is causing Gallok's error.

The cert generation should read:

openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout /etc/ssl/private/vsftpd.key -out /etc/ssl/private/vsftpd.pem

You'll also need to update the line in vsftpd.conf as below to match this change:

rsa_private_key_file=/etc/ssl/private/vsftpd.key

And may also need to set:

Listen=YES

Probably best to set the RSA bits to 2048 or above too but that's not actually required, just better security :)

Cheers,

Kempain

By: usr
Reply  

i tried the solution of Kempain too but i get the same error message

Dohnt know how to go forward could be good when i got some more help or info for it thx

Cheers

usr

By: Simon
Reply  

One hint for newbies like me if this doesn't seem to work - don't forget to check the end of the config file /etc/vsftpd.conf

There are some SSL configuration parameters, and if like me you have already added your SSL config higher up the file, remember to comment these out!

 

By: Safwene
Reply  

Nice tutorial, I loved it thanks for your help !

By: Ton Hoeksma
Reply  

Very helpful, works fine

By: A248
Reply  

At first this wasn't working for me, because I copied and pasted the openssl command without thinking. The vsftpd service exited with INVALID_ARGUMENT/2.

However, I noticed the vsftpd.conf file required a .pem AND a .key file, and the openssl command only contained a .key file. So, being inexperienced in this matter, I was naturally confused.

Scroll down until you get to @Kemplain's comment. You need to follow the instructions there, and then, your vsftpd configuration will work fine.