vsftpd from behind firewall

[JoeyJoeJoe]

I have configured vsftpd to work on my local network at home but would like to poke a hole in my router’s firewall so that I can upload files to it from anywhere.

I have already disabled anonymous connections, but would like to, if possible, encrypt username/password when I log in.

Is this possible? Where do I start?

Thanks,
JJJ

[redhead]

ssl_enable=YES
force_local_logins_ssl=YES

[JoeyJoeJoe]

I would’ve found that had I read the sample .conf files. Thanks.

But how do I generate keys?

This link looked promising, but /etc/pki/tls/certs does not exist on my server.

The results of ldd /usr/sbin/vsftpd | grep ssl show that I can support TLS/SSL, correct?

libssl.so.0.9.8 => /usr/lib/i686/cmov/libssl.so.0.9.8 (0xb7f06000)

[JoeyJoeJoe]

It works, as is.

I can just go ahead and use the snakeoil.pem certificate that was generated automatically. When was this key generated? I assume it is unique to my installation of Ubuntu server, yes?

[JoeyJoeJoe]

Kind of off-topic question:

I installed FileZilla on my XP box at work and while I can hit my FTP server and even authenticate to it using FTP over SSL (explicit encryption) and passive mode for transfer, I am unable to to retrieve directory listing:

Error: Transfer channel can’t be opened. Reason: A socket operation was attempted to an unreachable host.
Error: Could not retrieve directory listing

I work at a university and we have an entire class A subnet so I’m not NAT’ing at least to my (limited) understanding so that’s not it.

Clearly it is communicating out and authenticating me but it still cannot list the remote directory on my server.