Setting Up a Secure FTP Server using SSL/TLS on Ubuntu

Vsftpd and OpenSSL must be installed on Ubuntu before configuring an SSL/TLS-enabled FTP server. The following thing to do is to set up vsftpd to use the OpenSSL-generated SSL certificate. Update the vsftpd.conf file to enable SSL/TLS features and enter the locations of the SSL certificate and key files. Modify the firewall's configuration to allow FTP traffic on the necessary port, which is typically port 21, which is often 21. To apply the modifications, restart the vsftpd service. Once the server is set up, users can use an FTP client that supports SSL/TLS to connect safely to the FTP server. Sensitive data is thereby protected from potential dangers, and server security is boosted. Every piece of data being transported is encrypted as a result.

Methods Used

• Using vsftpd

• Using Pure-FTPd

Using Vsftpd

To set up an SSL/TLS-enabled FTP server on Ubuntu, use vsftpd. Installing vsftpd and OpenSSL is followed by configuring it to use the freshly generated SSL certificate. To allow SSL/TLS functionality, provide the paths to the certificate and key files in the vsftpd.conf file. As required, adjust the other security settings. Configure the firewall to use a certain port for FTP traffic. Restart vsftpd to make the changes effective. Since there are now FTP clients that support SSL/TLS, users may link to the FTP server safely, ensuring encrypted data transmission and enhancing server security.

Algorithm

• Setup the vsftpd and OpenSSL packages.

sudo apt-get update
sudo apt-get install vsftpd openssl

• Set up the RHEL/CentOS 7 server with a computerised provisioning device such as Cobbler or Foreman. These apparatuses streamline the method of overseeing and sending Linux conveyances in an organised environment.

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/vsftpd.key -out /etc/ssl/certs/vsftpd.crt

• Configure the interface of the server by indicating IP addresses, subnet veils, and door points of interest. This guarantees appropriate organisation of communication and networks between the server and client machines.

sudo nano /etc/vsftpd.conf

Import ISO records for different Linux distributions into the store of the provisioning instrument. These ISO records contain the establishment pictures required for sending diverse Linux distributions −

rsa_cert_file=/etc/ssl/certs/vsftpd.crt
rsa_private_key_file=/etc/ssl/private/vsftpd.key
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
require_ssl_reuse=NO
ssl_ciphers=HIGH

• Define the Linux conveyances and their comparing establishment pictures within the provisioning instrument to make boot menu choices. This permits clients to select their desired Linux distribution among the establishment handle, giving adaptability and customization alternatives.

• Turn on SSL/TLS capabilities by setting the necessary values.

• Specify the locations for the SSL certificate and key files in the settings.

• Adjust any extra security settings that require it (such those that enable encryption and bar nameless access).

• Change the firewall's settings to allow FTP traffic on the chosen port (which is often port 21).

sudo ufw allow 21/tcp

• Restart vsftpd to make the configuration changes effective.

sudo service vsftpd restart

• By connecting with an FTP client that supports SSL/TLS, you can ensure that the FTP server is operating securely.

• Test file transfer operations to ensure the transmission of encrypted data.

• Regularly update the server and SSL/TLS libraries to maintain security.

Using Pure-FTPd

Ubuntu's package manager can be used to install Pure-FTPd and set up a secure FTP server. Utilise OpenSSL to generate an SSL certificate, then configure Pure-FTPd to utilise it. Edit the configuration file to enable SSL/TLS support, provide the locations of the certificate and key files, and establish the required security settings. By changing the firewall settings, FTP traffic should be allowed on the proper port (the default is 21). Restart the Pure-FTPd service for the changes to take effect. Users can now connect safely to the FTP server, ensuring encrypted data transmission and enhanced server security, by using an FTP client that supports SSL/TLS.

Algorithm

• Run Pure-FTPd using Ubuntu's package manager.

sudo apt update
sudo apt install pure-ftpd

• Create an SSL Certificate − Utilise OpenSSL to produce an SSL certificate by making a private key and comparing the certificate marking request (CSR). Customise the command with the required key measure, encryption calculation, and other parameters.

sudo openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem -days 365
sudo chmod 600 /etc/ssl/private/pure-ftpd.pem

• Install Pure-FTPd so that it may implement the SSL certificate.

sudo echo "2" > /etc/pure-ftpd/conf/TLS

• Modify the settings of Pure-FTPd to enable SSL/TLS Operation.

sudo nano /etc/pure-ftpd/conf/TLS

Uncomment or Insert the following line −

TLS                          1

• Specify Certificate and Key Record Areas − Select appropriate record areas to store the SSL certificate and key records. These paths should be precisely indicated within the setup record utilized by the application or service that will utilize the SSL certificate.

sudo echo "/etc/ssl/private/pure-ftpd.pem" > /etc/pure-ftpd/conf/TLS_CERTIFICATE
sudo echo "/etc/ssl/private/pure-ftpd.pem" > /etc/pure-ftpd/conf/TLS_KEY

• Configure Security Settings − Within the configuration file, alter the security settings according to your necessities. This incorporates indicating the required cypher suites, verification prerequisites, and other pertinent security choices backed by the application or benefit utilising the SSL certificate.

sudo nano /etc/pure-ftpd/conf/ForcePassiveIP

To enable any IP address, use "Any" or uncomment the specified passive IP address.

• Change the firewall's configuration to allow FTP traffic on the proper port, which is commonly port 21, as needed.

sudo ufw allow 21/tcp
sudo ufw enable

• To implement the configuration updates, restart Pure-FTPd.

sudo service pure-ftpd restart

• Implement an SSL/TLS-compatible FTP client to set up a test link to the FTP server.

• Make that the server and SSL/TLS libraries receive regular updates for ongoing safety management.

Conclusion

Last but not least, utilising SSL/TLS to set up a secure FTP server on Ubuntu enhances data security and secrecy. Users can install and set up either vsftpd or Pure-FTPd to create secure connections utilising encryption methods.Establishing the locations of certificate and key files, creating and using SSL certificates, and turning on SSL/TLS capabilities are crucial steps. Furthermore, proper network access is guaranteed by configuring the firewall to permit FTP traffic on the necessary port. Regular server and SSL/TLS library modifications should be performed to maintain high security. By taking these safety measures, users can send data securely over FTP and protect sensitive information from unwanted access.