Hi all, [Edited config, there was a missing line]
This could be useful to those who want to use FTP but worried about the lack of security. the default setup sends everything in the clear and anyone with packet sniffer can see your username and password and able to reconstruct the upload/download.
This 5 minutes changes will secure the FTP server with encryption key and no additional software. After the changes you will be able to use FTP with everything encrypted.
you should be aware of using ssh and warranty thingy. Also, you should be able to use vi editor or whatever you are comfortable with. The procedure is straight forward:
- login to your wdmycloud with ssh
2 . do the following:
[root@wdmycloud] openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout /etc/ssl/certs/vsftpd.pem -out /etc/ssl/certs/vsftpd.pem
this will create an encryption certificate for vsfptd (wdmycloud standard ftp server).
it will last for 365 days, and uses 1024 bit encrypted key. You can change these.
it will ask for information to populate the certificate, enter them as you wish. Make it meaningful so you can differentiate it from others. such as your name, city etc …
To configure vsftpd you edit the file /etc/vsftpd.conf and add the following lines:
Save the file.
- the FTP server will use ports 5000-5099 for data (look in vsftpd.conf) therefore you need to open (port forward) these on your firewall/router as well as port 21-22 and enable ftp in your dashboard
5. then do
[root@wdmycloud] service vsftpd restart
I also prefer to reboot, just in case to make sure the changes take hold. Now you need a FTP client that support TLS, Filezilla will do (but I prefer WinSCP). I also use similar on my ipad and laptop from work. The client will negotiate with the server and presented with certificate, accept it since you created it. all connection including username and password is now encrypted with the above key you created.
NOTE: THIS WILL ENCRYPT THE DATA, USER NAME AND PASSWORD. STILL YOU MUST CHOOSE A STRONG PASSWORD (MIXED LETTERS, PUNCTUATIONS and NUMBERS).
TIP: USE WinSCP for ftp with TLS authentication (safer than filezilla).
NOTE: you can also have a look on how to secure SSHwith private key and passphrase.