FTPS is FTP over SSL/TLS, different from SFTP (OpenSSH). This tutorial shows how to setup a FTPS server based on vsftpd under Debian.

Install openssl:

$ sudo apt-get install openssl

$ mkdir /data/certs
$ cd /data/certs
$ openssl req -x509 -nodes -days 730 -newkey rsa:1024 -keyout vsftpd.pem -out vsftpd.pem
Generating a 1024 bit RSA private key
....++++++
......++++++
writing new private key to 'vsftpd.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:FR
State or Province Name (full name) [Some-State]:Eure-et-Loir
Locality Name (eg, city) []:Chartres
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Aldeid
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:Sebastien Damaye
Email Address []:[email protected]

It generates vsftpd.pem. Let's copy it in /etc/ssl/certs/ and grant appropriate privileges:

$ sudo cp vsftpd.pem /etc/ssl/certs/
$ cd /etc/ssl/certs/
$ sudo chown root:root vsftpd.pem
$ sudo chmod 600 vsftpd.pem

Edit vsftpd configuration file (/etc/vsftpd.conf) and add following lines at the end of the file:

ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=NO
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=YES
ssl_sslv3=YES
rsa_cert_file=/etc/ssl/certs/vsftpd.pem

Restart the service:

$ sudo /etc/init.d/vsftpd restart

You can connect with ftp-ssl from your client:

$ ftp-ssl 192.168.100.19
Connected to 192.168.100.19.
220 (vsFTPd 2.0.7)
Name (192.168.100.19:sdamaye): aldeid
234 Proceed with negotiation.
[SSL Cipher DES-CBC3-SHA]
331 Please specify the password.
Password: passwd
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> quit
221 Goodbye.