FTP Server : Pure-FTPd Over SSL/TLS

Enable SSL/TLS for Pure-FTPd to use secure FTP connections.

[1]. Create self-signed certificates.

But if you use valid certificates like from Let's Encrypt or others, you don't need to create this one.

[root@www ~]# cd /etc/pki/tls/certs

[root@www certs]# openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/pki/tls/certs/pure-ftpd.pem -out /etc/pki/tls/certs/pure-ftpd.pem

/certs/pure-ftpd.pem -out /etc/pki/tls/certs/pure-ftpd.pem  -keyout /etc/pki/tls/

Generating a RSA private key

..+++++

........................................

writing new private key to '/etc/pki/tls/certs/pure-ftpd.pem'

-----

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [XX]:JP   # country code

State or Province Name (full name) []:Hiroshima    # State

Locality Name (eg, city) [Default City]:Hiroshima  # city

Organization Name (eg, company) [Default Company Ltd]:GTS  # company

Organizational Unit Name (eg, section) []:Server World     # department

Common Name (eg, your name or your server's hostname) []:www.srv.world  # server's FQDN

Email Address []:root@srv.world   # admin's email


[root@www certs]# chmod 600 pure-ftpd.pem

[2]. Configure Pure-FTPd. Configure basic settings before it, refer to here.

[root@www ~]# vi /etc/pure-ftpd/pure-ftpd.conf

# line 418: uncomment

TLS                          1


# line 438: uncomment and specify your certificate

CertFile                     /etc/pki/tls/certs/pure-ftpd.pem


[root@www ~]# systemctl restart pure-ftpd

FTP Client : CentOS

 

Configure FTP Client to use FTPS connection on CentOS.

[3]. Install FTP Client first, and configure like follows.

[redhat@dlp ~]$ vi ~/.lftprc

# create new

set ftp:ssl-auth TLS

set ftp:ssl-force true

set ftp:ssl-protect-list yes

set ftp:ssl-protect-data yes

set ftp:ssl-protect-fxp yes

set ssl:verify-certificate no

[redhat@dlp ~]$ lftp -u cent www.srv.world

Password:

lftp cent@www.srv.world:~> 

Comments

Popular posts from this blog

LINUX Move and copy files using SSH

Java : Variables Declaring

SQL Self JOIN