FTP Server : Vsftpd Over SSL/TLS

 Enable SSL/TLS for Vsftpd to use secure FTP connections.

[1]. Create self-signed certificates.

But if you use valid certificates like from Let's Encrypt or others, you don't need to create this one.

[root@www ~]# cd /etc/pki/tls/certs

[root@www certs]# openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/pki/tls/certs/vsftpd.pem -out /etc/pki/tls/certs/vsftpd.pem

/certs/vsftpd.pem -out /etc/pki/tls/certs/vsftpd.pem a:2048 -keyout /etc/pki/tls/

Generating a RSA private key

........................+++++

..................+++++

writing new private key to '/etc/pki/tls/certs/vsftpd.pem'

-----

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [XX]:JP   # country code

State or Province Name (full name) []:Hiroshima    # State

Locality Name (eg, city) [Default City]:Hiroshima  # city

Organization Name (eg, company) [Default Company Ltd]:GTS  # company

Organizational Unit Name (eg, section) []:Server World     # department

Common Name (eg, your name or your server's hostname) []:www.srv.world  # server's FQDN

Email Address []:root@srv.world   # admin's email


[root@www certs]# chmod 600 vsftpd.pem

[2]. Configure Vsftpd. Configure basic settings before it, refer to here.

[root@www ~]# vi /etc/vsftpd/vsftpd.conf

# add to the end : enable SSL/TLS

rsa_cert_file=/etc/pki/tls/certs/vsftpd.pem

ssl_enable=YES

force_local_data_ssl=YES

force_local_logins_ssl=YES

[root@www ~]# systemctl restart vsftpd

FTP Client : CentOS

 

Configure FTP Client to use FTPS connection on CentOS.

[3]. Install FTP Client first, and configure like follows.

[redhat@dlp ~]$ vi ~/.lftprc

# create new

set ftp:ssl-auth TLS

set ftp:ssl-force true

set ftp:ssl-protect-list yes

set ftp:ssl-protect-data yes

set ftp:ssl-protect-fxp yes

set ssl:verify-certificate no

[redhat@dlp ~]$ lftp -u cent www.srv.world

Password:

lftp cent@www.srv.world:~>

Comments

Popular posts from this blog

Java : Variables Declaring

SQL Self JOIN