Nov 28, 2010

Configure vsftpd to use ssl encryption

configure vsftpd to use ssl encryption

 

Release:

RedHat Enterprise Linux 5.0

 

Problem:

Configure  ftp service to use the ssl encription in RhedHat Enterprise Linux 5.0

 

Solution:

 

1) Install the FTP server RPM using the below command

            # yum install vsftpd

 

2) Once installed, start the ftp service 

            # service vsftpd start

 

3) To use ssl encryption, ftp server requires a certificate. To Create a certificate use the below command

            # cd /etc/pki/tls/certs

     # make /etc/vsftpd/vsftpd.pem

 

4) Change the file permission of the certificate (give only access to root)

             # chmod 600 /etc/vsftpd/vsftpd.pem

 

5) Edit the FTP configuration file to use this certifiate

      # vi /etc/vsftpd/vsftpd.conf

        ssl_enable=YES

        allow_anon_ssl=yes

        force_local_data_ssl=NO

        force_local_logins_ssl=YES


        ssl_tlsv1=YES

        ssl_sslv2=NO

        ssl_sslv3=NO

        rsa_cert_file=/etc/vsftpd/vsftpd.pem

 

6) Restart the vsftpd daemon to make the changes take effect

               # service vsftpd restart


Note: Use a client that does support the ftps protocol, for Linux, gftp does this quite well, however it initially rejects self-signed server certificates. This can be fixed by disabling the "Verify SSL Peer" setting in options. When making connections, be sure to select the FTPS protocol.

                 

No comments: