Ubuntu FTP如何启用SSL加密

Here’s a concise guide to enabling SSL encryption for Ubuntu FTP (using vsftpd):

1. Install vsftpd and OpenSSL

First, update your package list and install the required software:

sudo apt update
sudo apt install vsftpd openssl

2. Generate an SSL Certificate

Create a self-signed certificate (replace /etc/ssl/private/vsftpd.pem with your preferred path if needed):

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
  -keyout /etc/ssl/private/vsftpd.pem \
  -out /etc/ssl/private/vsftpd.pem

Follow the prompts to enter details (country, organization, etc.). The certificate will be valid for 365 days.

3. Configure vsftpd for SSL

Edit the vsftpd configuration file:

sudo nano /etc/vsftpd.conf

Add or modify these lines to enable SSL and enforce secure connections:

ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
rsa_cert_file=/etc/ssl/private/vsftpd.pem
rsa_private_key_file=/etc/ssl/private/vsftpd.pem

Key settings explained:

• ssl_enable=YES: Turns on SSL/TLS encryption.
• force_local_data_ssl=YES/force_local_logins_ssl=YES: Requires all data and login connections to use SSL.
• ssl_tlsv1=YES: Enables TLSv1 (secure protocol); disable SSLv2/3 for security.

4. Restart vsftpd

Apply changes by restarting the service:

sudo systemctl restart vsftpd

5. Configure the Firewall

Allow FTP (port 21) and FTPS (port 990) traffic. For UFW:

sudo ufw allow 21/tcp
sudo ufw allow 990/tcp
sudo ufw reload

6. Test the Connection

Use an FTP client like FileZilla:

• Enter your server’s IP, username, and password.
• Select FTPS as the protocol and Explicit FTP over TLS as the encryption method.
• Connect to verify the SSL connection (you may see a certificate warning for self-signed certs).

Optional: Use SFTP Instead (Recommended for Simplicity)

If you don’t need traditional FTP, SFTP (built into SSH) is easier to set up:

sudo apt install openssh-server
sudo nano /etc/ssh/sshd_config

Ensure these lines are present/uncommented:

Subsystem sftp /usr/lib/openssh/sftp-server
PasswordAuthentication YES  # Or use key-based auth for better security

Restart SSH and connect using an SFTP client (port 22 by default). SFTP encrypts all traffic by default.

以上就是关于“Ubuntu FTP如何启用SSL加密”的相关介绍，筋斗云是国内较早的云主机应用的服务商，拥有10余年行业经验，提供丰富的云服务器、租用服务器等相关产品服务。云服务器资源弹性伸缩，主机vCPU、内存性能强悍、超高I/O速度、故障秒级恢复；电子化备案，提交快速，专业团队7×24小时服务支持！

简单好用、高性价比云服务器租用链接：https://www.jindouyun.cn/product/cvm