0

I'm trying to set up an ftps server (vsftpd) where the login method from the clients will not be through password but through client certificate verification.

As I have not been successful from what I see in various links on the internet, does anyone have the necessary instructions on how to do the process correctly? E.g. on the server side what is the necessary config to do this and how can the client successfully log in.

vsftpd.conf sample:

ssl_enable=YES
allow_anon_ssl=no
force_local_data_ssl=YES
force_local_logins_ssl=YES
rsa_cert_file=/etc/ssl/certs/vsftpd-ca-cert.pem
rsa_private_key_file=/etc/ssl/key/vsftpd-ca-key.pem
chroot_local_user=YES
allow_writeable_chroot=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
require_cert=YES
ssl_request_cert=YES
#validate_cert=YES ##it needs a valid cert not self signed
ca_certs_file=/etc/ssl/certs/cacerts.pem

At first I am trying via curl by using self-signed certificate.

 curl -k -v --cert cert.pem --key client-key.pem --ftp-ssl-reqd ftp://[server]

and if I specify user by adding -u it asks a password.

Any help would be appreciated.

dvc
  • 11
  • 1
  • thanks for your comment. I need ftps and not sftp for specific purpose. I found a similar [link](https://serverfault.com/questions/142981/curl-ftps-with-client-certificate-to-a-vsftpd) but at this time I use self signed for testing so I don't set "validate_cert" to YES .Also,I don't know how to specify the user without asking for a password. – dvc Sep 18 '22 at 23:42

0 Answers0