FTP Server : Vsftpd Over SSL/TLS
Enable SSL/TLS for Vsftpd to use secure FTP connections.
[1]. Create self-signed certificates.
But if you use valid certificates like from Let's Encrypt or others, you don't need to create this one.
[root@www ~]# cd /etc/pki/tls/certs
[root@www certs]# openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/pki/tls/certs/vsftpd.pem -out /etc/pki/tls/certs/vsftpd.pem
/certs/vsftpd.pem -out /etc/pki/tls/certs/vsftpd.pem a:2048 -keyout /etc/pki/tls/
Generating a RSA private key
........................+++++
..................+++++
writing new private key to '/etc/pki/tls/certs/vsftpd.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:JP # country code
State or Province Name (full name) []:Hiroshima # State
Locality Name (eg, city) [Default City]:Hiroshima # city
Organization Name (eg, company) [Default Company Ltd]:GTS # company
Organizational Unit Name (eg, section) []:Server World # department
Common Name (eg, your name or your server's hostname) []:www.srv.world # server's FQDN
Email Address []:root@srv.world # admin's email
[root@www certs]# chmod 600 vsftpd.pem
[2]. Configure Vsftpd. Configure basic settings before it, refer to here.
[root@www ~]# vi /etc/vsftpd/vsftpd.conf
# add to the end : enable SSL/TLS
rsa_cert_file=/etc/pki/tls/certs/vsftpd.pem
ssl_enable=YES
force_local_data_ssl=YES
force_local_logins_ssl=YES
[root@www ~]# systemctl restart vsftpd
FTP Client : CentOS
Configure FTP Client to use FTPS connection on CentOS.
[3]. Install FTP Client first, and configure like follows.
[redhat@dlp ~]$ vi ~/.lftprc
# create new
set ftp:ssl-auth TLS
set ftp:ssl-force true
set ftp:ssl-protect-list yes
set ftp:ssl-protect-data yes
set ftp:ssl-protect-fxp yes
set ssl:verify-certificate no
[redhat@dlp ~]$ lftp -u cent www.srv.world
Password:
lftp cent@www.srv.world:~>
Comments
Post a Comment