ubuntu filezilla如何使用FTPES

Here’s a step-by-step guide to using FTPES (FTP over Explicit TLS) with FileZilla on Ubuntu:

1. Install and Configure vsftpd (Ubuntu Server)

FTPES requires an FTP server that supports SSL/TLS (like vsftpd). If you haven’t installed it yet:

sudo apt update
sudo apt install vsftpd

Edit the vsftpd configuration file to enable FTPES:

sudo nano /etc/vsftpd.conf

Add/modify these lines (key settings for FTPES):

ssl_enable=YES                # Enable SSL/TLS
force_local_data_ssl=YES      # Force data connections to use SSL
force_local_logins_ssl=YES    # Force login connections to use SSL
ssl_tlsv1=YES                 # Use TLSv1 (recommended)
ssl_sslv2=NO                  # Disable SSLv2 (insecure)
ssl_sslv3=NO                  # Disable SSLv3 (insecure)
rsa_cert_file=/etc/ssl/private/vsftpd.pem  # Path to SSL certificate
rsa_private_key_file=/etc/ssl/private/vsftpd.pem  # Path to private key

Generate a self-signed SSL certificate (for testing; use a CA-signed cert in production):

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
  -keyout /etc/ssl/private/vsftpd.pem -out /etc/ssl/private/vsftpd.pem

Set strict permissions for the certificate:

sudo chmod 600 /etc/ssl/private/vsftpd.pem

Restart vsftpd to apply changes:

sudo systemctl restart vsftpd

Allow FTP ports in the firewall (UFW):

sudo ufw allow 21/tcp          # Control channel (FTPES uses port 21)
sudo ufw allow 990/tcp         # Optional: Data channel (if using passive mode)
sudo ufw reload

2. Use FileZilla to Connect via FTPES (Ubuntu Client)

1. Open FileZilla and go to File > Site Manager.
2. Create a new site:
   • Host: Enter your server’s IP address or domain name.
   • Protocol: Select FTP - File Transfer Protocol (do not choose “SFTP”).
   • Encryption: Choose Require explicit FTP over TLS (this is FTPES).
   • Logon Type: Select Normal (or “Ask for password” if needed).
   • User/Password: Enter your FTP username and password.
3. Save and connect: Click Connect. FileZilla will verify the server’s SSL certificate. If it’s self-signed, you’ll see a warning—accept it to proceed.

Key Notes for Success

• Port 21 is standard for FTPES: Unlike implicit FTPS (which uses port 990), FTPES starts on port 21 and upgrades to TLS via the AUTH TLS command.
• Firewall rules: Ensure your firewall allows outbound connections to the server’s port 21 (and 990 if using passive mode).
• Certificate warnings: Self-signed certificates are fine for testing, but production environments should use certificates from a trusted CA (e.g., Let’s Encrypt).
• Passive mode: If you encounter connection issues, enable passive mode in FileZilla (Edit > Settings > Connection > FTP > Passive mode) and configure vsftpd to allow passive ports (add pasv_enable=YES, pasv_min_port=1024, pasv_max_port=1048 to /etc/vsftpd.conf).

By following these steps, you’ll establish a secure FTPES connection between FileZilla (Ubuntu client) and your vsftpd server (Ubuntu or other Linux distro).