=======Ftps server configuration on the Centos Linux and vsftpd =======
 ==== Introduction. ====

Once upon a time we needed to configure ftps server with login/pass access.\\
We chose vsftpd like ftps server and OS - Linux Centos 5.8\\


 ==== Configuration ====

1. Install packages
  
  yum install vsftpd openssl 
  
2. Generate self-signed SSL certificates 

  openssl genrsa -out key.pem 1024
  
  openssl req -new -key key.pem -out req.pem
   
   Country Name (2 letter code) [AU]:RU
   State or Province Name (full name) [Some-State]:
   Locality Name (eg, city) []:Moscow
   Organization Name (eg, company) [Internet Widgits Pty Ltd]:Test Company
   Organizational Unit Name (eg, section) []:IT dept
   Common Name (eg, YOUR name) []:ftps.example.ru
   Email Address []:adm@example.ru
   
   Please enter the following 'extra' attributes
   to be sent with your certificate request
   A challenge password []:
   An optional company name []:
  
  openssl req -x509 -days 365 -key key.pem -in req.pem -out cert.pem
  
Move certificate to vsftpd configuration directory.
  
  mv cert.pem /etc/vsftpd/cert.pem
  

3. Configure vsftpd

File /etc/vsftpd/vsftpd.conf\\

  ssl_enable=YES
  allow_anon_ssl=NO
  force_local_data_ssl=YES
  force_local_logins_ssl=YES
  require_ssl_reuse=NO
  implicit_ssl=YES
  ssl_tlsv1=YES
  ssl_sslv2=YES
  ssl_sslv3=YES
  rsa_cert_file=/etc/vsftpd/cert.pem
  listen=YES
  listen_address=212.1.1.1
  listen_port=990
  background=YES
  log_ftp_protocol=YES
  guest_enable=YES
  guest_username=ftp
  syslog_enable=YES
  xferlog_enable=YES
  vsftpd_log_file=/var/log/vsftpd.log
  local_enable=YES
  chroot_local_user=YES
  pam_service_name=vsftpd
  secure_chroot_dir=/usr/share/vsftpd
  user_config_dir=/etc/vsftpd/vsftpd_user_conf
  virtual_use_local_privs=YES

Create test user login/password\\

File /etc/vsftpd/login
  
  test
  password

Create Berkley DB

  db_load -T -t hash -f login login.db
  chmod 600 login.db
  
Create a PAM file which uses login.db\\
**File:** /etc/pam.d/vsftpd

  #%PAM-1.0
  auth required pam_userdb.so db=/etc/vsftpd/login
  account required pam_userdb.so db=/etc/vsftpd/login
  session    required     pam_loginuid.so
  
Create FTP directory for test user and configure write rules.

  mkdir /test_ftp
  chmod 775 /test_ftp
  chgrp nobody /test_ftp

File /etc/vsftpd/vsftpd_user_conf/

  write_enable=YES
  local_root=/test_ftp
  
Star service and check out staring at boot.

  service vsftpd start
  temp=`chkconfig --list | grep vsftp | grep on`;if [ "$temp" ]; then echo ok; else chkconfig vsftp on; fi  

**PS: If you will have the access problem try to configure selinux (chcon semanage) or just disable selinux**

 ==== Client connection example ====

For example use winSCP client. (Also you can use filezilla and etc)

Configuration example: 

{{:ru:jobs:winscp.jpg?500|500}}

Push login button and enjoy.

 ==== About author  ====
[[https://www.linkedin.com/pub/alexey-vyrodov/59/976/16b|Profile]] of the author