5

The documentation of vsftpd is quite good (https://security.appspot.com/vsftpd/vsftpd_conf.html), however I cannot find some details on how to use public key authentication. I know that I need require_cert and maybe validate_cert, but where do I put the public client keys, which are accepted for authentication? I cannot find information on that.

Castaglia
  • 3,349
  • 3
  • 21
  • 42
Arne
  • 163
  • 1
  • 1
  • 6

1 Answers1

6

vsftpd is for FTP, FTP by its very nature is not encrypted (ftp over ssl is another matter)

You can't set up public key authentication with vsftpd - you are getting confused between FTPs and SFTP which are two different protocols.

To use public key authentication for SFTP it is just a matter of installing your public key on the server, as you would for ssh as detailed here - http://www.noah.org/wiki/SSH_public_keys

With this configuration, you can use OpenSSH's implementation of SFTP authentication.

If you are talking about setting up FTPs or FTP over SSL then this guide will be useful - http://wiki.vpslink.com/Configuring_vsftpd_for_secure_connections_%28TLS/SSL/SFTP%29

This example, however, is not public key auth, its just server-side authentication and useful for encrypting your FTP connection.

Community
  • 1
anthonysomerset
  • 4,233
  • 2
  • 21
  • 24
  • Yes, I am talking about FTPs / FTP over SSL. Hm, so I guess I don't need to install anything on the server, but rather create my own certificate authority, and then sign the client keys using my own CA cert? Thus require_cert and validate_cert will be all I need, plus maybe ca_certs_file, which contains my CA certificate. – Arne Aug 13 '11 at 18:15
  • Stupid! vsftpd can indeed sFTP ! – MUY Belgium Mar 24 '23 at 12:59