Stay at Home!! Be Safe!! Take Care!!

For Any queries, please mail us at support@funoracleapps.com

How to use FTPS or SSL with FTP on Linux

No comments

How to use FTPS or SSL with FTP on Linux



Ftp uses port 21 for connection, if we want to use secure connection/transfers over ftp we can use below configuration.

In this post I am using 
1) VSFTPD(Very Secure FTP Daemon)
2) OpenSSL for certificate


  • To install both packages, run below
yum install vsftpd
yum install openssl


  •  Create Certificate and keys using OpenSSL


openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout /etc/vsftpd/vsftpd.pem -out /etc/vsftpd/vsftpd.pem
Generating a 1024 bit RSA private key
....++++++
.....................++++++
writing new private key to '/etc/vsftpd/vsftpd.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:IN
State or Province Name (full name) []:Uttar Pradesh
Locality Name (eg, city) [Default City]:Noida
Organization Name (eg, company) [Default Company Ltd]:Fun Oracle Apps Ltd
Organizational Unit Name (eg, section) []:IT
Common Name (eg, your name or your server's hostname) []:FOA Server
Email Address []:support@funoracleapps.com


My Key and Cert files are same /etc/vsftpd/vsftpd.pem . You can give different names as well.


  • Configure VSFTPD
 Edit /etc/vsftpd/vsftpd.conf

Add below lines in the file

###FTP SSL parameters####
# Turn ON SSL
ssl_enable=YES
allow_anon_ssl=NO
# Use encryption for data
force_local_data_ssl=YES
# Use encryption for authentication
force_local_logins_ssl=YES

## Mention the Certificate and key file location####

rsa_cert_file=/etc/vsftpd/vsftpd.pem
rsa_private_key_file=/etc/vsftpd/vsftpd.pem

###Enable TLS###

ssl_tlsv1=YES
ssl_sslv2=YES
ssl_sslv3=YES

*****************************************************************************************************
Other basic configurations if not already present/reuired

To allow all the local users added to the system to use FTP service, edit following line:

local_enable=YES
To prevent anonymous logins, edit the following line:

anonymous_enable=NO
To accept FTP write commands, edit the following line:

write_enable=YES

With this setting, only a local user can access the FTP server and can issue write commands. But, if you want to preserve the individuality between the users and their contents you can setup a ‘chroot jail’ for the users, so that users are bound to work in their home directories and are not permitted to access any files outside them.

chroot_local_user=YES

To enable logging of the transfers carried out, edit the following lines:

xferlog_enable=YES
xferlog_std_format=YES
xferlog_file=/var/log/xferlog
********************************************************************************************************

  • Restart vsftpd

     service vsftpd restart
  • Configure Automatic start of vsftpd
        chkconfig vsftpd on
   



No comments :

Post a Comment