HomeForumsArticlesMarketplaceDownloadsHostingFreebiesJobs
Applications|Desktop|Installation|Misc|Multimedia|Network|Programming|Reviews|Security|Servers
Welcome to Linux Forums! With a comprehensive Linux Forum, information on various types of Linux software and many Linux Reviews articles, we have all the knowledge you need a click away, or accessible via our knowledgeable members.
Find the answer to your Linux question:
Site Navigation
Linux Forums
Linux Articles
Product Showcase
Linux Downloads
Linux Hosting
Free Magazines
Job Board
IRC Chat
RSS Feeds
Free Publications


Adding SSL/TLS encryption to FTP server

User Score User Score
Editor Score Editor Score
Contributed by: Neelesh Gurjar
Category: Security
Distribution: CentOS
Views: 8922
License: Linux Forums Article License
Posted: 24 May, 2011
ToolsTools »
 BookmarkShare
 
We all know that FTP server is secured because it sends data in clear text format. In this article I am going to explain you, how we can add Encryption to FTP server and make it Secured.

Prerequisite:


FTP server VSFTPD


Encryption OpenSSL / TLS


 


Step1. Install VSFTPD and OpenSSL


 


Step 2. Configure Plain VSFTPD server as per your requirement. Please note: Dont keep anonymous enable & Keep login shell for all local users as /bin/nologin


 


Step3. Generate OpenSSL certificate file using below command:


 


$ openssl req -x509 -nodes -days 365 -newkey rsa:1024


 -keyout /etc/vsftpd/vsftpd.pem


 -out /etc/vsftpd/vsftpd.pem


 


It will generate vsftpd.pem file under /etc/vsftpd


 


Encryption is rsa. Validity is 365 days. We can modify it as per our requirement.


 


Step 3. Check weather vsftpd server supports SSL or not.


 

$ ldd /usr/sbin/vsftpd | grep libssllibssl.so.4 => /lib/libssl.so.4 (0x4001e000)   If this comes then it supports.                                                  

 Step4. Add below lines to /etc/vsftpd/vsftpd.conf


 

 ssl_enable=YES allow_anon_ssl=NO force_local_data_ssl=YES force_local_logins_ssl=YES   It will force users to connect with FTPS. FTP wont be allowed ssl_tlsv1=YES                   ssl_sslv2=NO              ssl_sslv3=NO rsa_cert_file=/etc/vsftpd/vsftpd.pem  chroot_local_user=YES        It is for restricting FTP access.

 


 


You can enable ssl_sslv2 and v3 encryption but then your client must support that.


 


Step6. Restart vsftpd server.

$ /etc/rc.d/init.d/vsftpd restart

 


Step7. Put /bin/false in /etc/shells


 


Step8. While Creating users please use shell as /bin/false


$ useradd ls /bin/false <username>


 


Step9. You need to install Filezilla on client machine. Filezilla is more secured and supports higher level encryptions. Here while configuring server in Filezilla,


Enter your Server Hostname or IP then,


Select Server Type -> FTPES and enter your credentials.


It will connect FTP server.



Rate This Article: poorexcellent
 
Comments about this article
good
writen by: socks5 on 2012-01-09 03:14:38
good post
RE: good written by socks5:

Comment title: * please do not put your response text here