How to Install and Configure/connect FTP Over TLS on Linux and Windows
Run these commands to update and install the FTP:
sudo apt update && sudo apt upgrade # first update and upgarde the machine
sudo apt-get install vsftpd # install the ftp
sudo systemctl start vsftpd #start the service
sudo systemctl enable vsftpd #enable it
sudo systemctl status vsftpd # check the status 
Download the FileZilla (client) from this link and install it on Windows:
https://filezilla-project.org/After installation:
Write the IP of the server like my Linux machine is the server so I put the IP of the Linux in the host column and the user name of the Linux machine:
ifconfig #check the ip of the linux machine
whoami #check the user nameIt says it does not support TLS:
After clicking OK:
Going to Linux and command ls to check the file same as shown in the FTP client:
If I create or rename the folder it can denied:
Go to the config file and config the file according to the need:
sudo nano /etc/vsftpd.confRecommended Backing up the current configuration by making a copy:
sudo cp /etc/vsftpd.conf /etc/vsftpd.conf.backupDisable anonymous login and allow local users to write. This will prevent anonymous login from unidentified users. Which can prevent many security issues The very first change we will be making in the config file is:
anonymous_enable=NOThen just find the following lines and uncomment them. The change above will allow local users to log in and allow the users to write to the directory:
local_enable=YES
write_enable=YESChroot users
Now there are multiple options available for chrooting users. Search “chroot_local_users” and select one of these as per your needs:
will chroot all the users
chroot_local_user=YES
chroot_list_enable=NOThis will allow you to chroot some particular users. You will have to create a file /etc/vsftpd.chroot_list with a list of usernames that you want to chroot.
chroot_local_user=NO
chroot_list_enable=YESAll the users will be free of chroot except some. Create a file /etc/vsftpd.chroot_list with a list of usernames that you want under chroot.
chroot_local_user=YES
chroot_list_enable=YESAllowing and denying users from logging:
To deny some particular users to log in add these lines to the file:
userlist_deny=YES
userlist_file=/etc/vsftpd.denied_usersThen create a file vsftpd.denied_users and add denied users to it just by adding one user per line. The above will help to deny some particular users from login. You can allow some particular list of users by adding the following to the code.add all the usernames, one per line, that you want to allow.
userlist_deny=NO
userlist_enable=YES
userlist_file=/etc/vsftpd.allowed_usersSetup Security with SSL/TLS
Create a Security Certificate
sudo mkdir /etc/certs # create the directory name (its own your choice to name it )certs
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/certs/vsftpd.pem -out /etc/certs/vsftpd.pem #generate the certificate x509
Private Key:
open the config file again :
sudo nano /etc/vsftpd.confAdd the following lines to the file:
rsa_cert_file=/etc/certs/vsftpd.pem
rsa_private_key_file=/etc/certs/vsftpd.pem
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=NO
ssl_sslv2=NO
ssl_sslv3=YES
require_ssl_reuse=NO
ssl_ciphers=HIGHSave the File and Restart vsftpd
sudo systemctl restart vsftpdAfter restarting the vsftpd go the the FileZilla click quick-connect and accept the certificate:
Now it works FTP over TLS and u can download add remove or change in the server and vice versa:
conclusion:
To install and configure FTP over TLS on Linux and Windows, you’ll need to install an FTP server (like vsftpd for Linux or FileZilla Server for Windows), generate SSL certificates, configure the server to use TLS and adjust firewall settings for port access.
