How to configure public-key authentication with vsftpd?
vsftpd is for FTP, FTP by its very nature is not encrypted (ftp over ssl is another matter)
You can't set up public key authentication with vsftpd - you are getting confused between FTPs and SFTP which are two different protocols.
To use public key authentication for SFTP it is just a matter of installing your public key on the server, as you would for ssh as detailed here - http://www.noah.org/wiki/SSH_public_keys
With this configuration, you can use OpenSSH's implementation of SFTP authentication.
If you are talking about setting up FTPs or FTP over SSL then this guide will be useful - http://wiki.vpslink.com/Configuring_vsftpd_for_secure_connections_%28TLS/SSL/SFTP%29
This example, however, is not public key auth, its just server-side authentication and useful for encrypting your FTP connection.
Related videos on Youtube
Arne
Coder, software architect, interest in computer science in general. Did research on computer graphics, ray tracing, radio wave and antenna simulation. Like to learn new programming languages. Currently doing Python and Emacs Lisp for fun. C++ for profit. Would like to learn more Clojure.
Updated on September 18, 2022Comments
-
Arne over 1 year
The documentation of vsftpd is quite good (https://security.appspot.com/vsftpd/vsftpd_conf.html), however I cannot find some details on how to use public key authentication. I know that I need require_cert and maybe validate_cert, but where do I put the public client keys, which are accepted for authentication? I cannot find information on that.
-
Arne almost 13 yearsYes, I am talking about FTPs / FTP over SSL. Hm, so I guess I don't need to install anything on the server, but rather create my own certificate authority, and then sign the client keys using my own CA cert? Thus require_cert and validate_cert will be all I need, plus maybe ca_certs_file, which contains my CA certificate.