NethServer Version: 7.4.1708
Module: vsftpd
I run Netserver on VPS. Every time I connect with the server through Filezilla, I get a message that the server is insecure and doesn’t support FTP over TLS.
I have installed Let’s Encrypt certificate. SSL/TLS works for e-mail.
Wikipedia shows : “vsftpd supports explicit (since 2.0.0) and implicit (since 2.1.0) FTPS.”
Am I missing something? Does vsftpd need to be configured so that secure transmission is enabled?
The config from Nethserver doesnt support ftpes out of the box. It can be added with a little bit of extra config:
mkdir -p /etc/e-smith/templates-custom/etc/vsftpd/vsftpd.conf
touch /etc/e-smith/templates-custom/etc/vsftpd/vsftpd.conf/90ssl
edit the just created /etc/e-smith/templates-custom/etc/vsftpd/vsftpd.conf/90ssl and add:
rsa_cert_file=/etc/pki/tls/certs/localhost.crt
rsa_private_key_file=/etc/pki/tls/private/localhost.key
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
require_ssl_reuse=NO
ssl_ciphers=HIGH
signal-event nethserver-vsftpd-update
Edit: given how simple this is, it should be a checkbox, really
templates shouldn’t be copied as system updates may provide updated templates, which will never have effect because of getting overwritten by copied custom templates.
Better way would be something like /etc/e-smith/templates-custom/etc/vsftpd/vsftpd.conf/90ftps.
Funny, I also saw the Filezilla message today, thought about a custom template and you just did it. Thanks!
thanks for pointing that out! Will change immediately 
What is about using SCP? This works out of the box.
For FileZilla to work, you need to enable SFTP on the server because FileZilla lacks SCP support AFAIK.
At a windows mashine I do it with Win-SCP. That works fine.
When forcing FTP over SSL/TLS, seems I can only connect via an active FTP connection. Guessing I need to configure the firewall for passive FTP now…
Is that correct?
OK I think I found it.
I added “ftp:FTP(HELPER) loc -” to /etc/shorewall/rules