How to use FTPS or SSL with FTP on Linux
Ftp uses port 21 for connection, if we want to use secure connection/transfers over ftp we can use below configuration.
In this post I am using
1) VSFTPD(Very Secure FTP Daemon)
2) OpenSSL for certificate
- To install both packages, run below
yum install vsftpd
yum install openssl
- Create Certificate and keys using OpenSSL
openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout /etc/vsftpd/vsftpd.pem -out /etc/vsftpd/vsftpd.pem
Generating a 1024 bit RSA private key
....++++++
.....................++++++
writing new private key to '/etc/vsftpd/vsftpd.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:IN
State or Province Name (full name) []:Uttar Pradesh
Locality Name (eg, city) [Default City]:Noida
Organization Name (eg, company) [Default Company Ltd]:Fun Oracle Apps Ltd
Organizational Unit Name (eg, section) []:IT
Common Name (eg, your name or your server's hostname) []:FOA Server
Email Address []:support@funoracleapps.com
My Key and Cert files are same /etc/vsftpd/vsftpd.pem . You can give different names as well.
- Configure VSFTPD
Edit /etc/vsftpd/vsftpd.conf
Add below lines in the file
###FTP SSL parameters####
# Turn ON SSL
ssl_enable=YES
allow_anon_ssl=NO
# Use encryption for data
force_local_data_ssl=YES
# Use encryption for authentication
force_local_logins_ssl=YES
## Mention the Certificate and key file location####
rsa_cert_file=/etc/vsftpd/vsftpd.pem
rsa_private_key_file=/etc/vsftpd/vsftpd.pem
###Enable TLS###
ssl_tlsv1=YES
ssl_sslv2=YES
ssl_sslv3=YES
*****************************************************************************************************
Other basic configurations if not already present/reuired
To allow all the local users added to the system to use FTP service, edit following line:
local_enable=YES
To prevent anonymous logins, edit the following line:
anonymous_enable=NO
To accept FTP write commands, edit the following line:
write_enable=YES
With this setting, only a local user can access the FTP server and can issue write commands. But, if you want to preserve the individuality between the users and their contents you can setup a ‘chroot jail’ for the users, so that users are bound to work in their home directories and are not permitted to access any files outside them.
chroot_local_user=YES
To enable logging of the transfers carried out, edit the following lines:
xferlog_enable=YES
xferlog_std_format=YES
xferlog_file=/var/log/xferlog
********************************************************************************************************
- Restart vsftpd
service vsftpd restart
- Configure Automatic start of vsftpd
chkconfig vsftpd on
1 Comments
ReplyDeleteHey what a brilliant post I have come across and believe me I have been searching out for this similar kind of post for past a week and hardly came across this. Thank you very much and will look for more postings from you
ftp ports
Post a Comment