Check the required packages is installed " openssl and vsftpd" in your system
Generate a rsa key in the /etc/vsftpd folder:
# /usr/bin/openssl req -x509 -nodes -days 365 -newkey rsa:1024 \ -keyout vsftpd.pem -out vsftpd.pem
Make sure the ssl certificate is kept in /etc/vsftpd directory.now make configuration changes to vsftpd.conf a sample is configuration is as shown below
---------------------------------------------------------------------------
#For SSL on specify yes to below option.
ssl_enable=YES
# To allow anonysonomous users to use SSL
allow_anon_ssl=YES
# if you want local users to use both ssl as well unsecure way of transmission of data plz specify no to below option.
force_local_data_ssl=NO
# If you want to allow all the login credentials which are transmitted should be sent with encryption
# pleas use below option to force them to use only ssl connection at the time of login.
force_local_logins_ssl=YES
# Permit TLS v1 protocol connections. TLS v1 connections are preferred
ssl_tlsv1=YES
# Permit SSL v2 protocol connections. TLS v1 connections are preferred
ssl_sslv2=NO
# permit SSL v3 protocol connections. TLS v1 connections are preferred
ssl_sslv3=NO
# Please specifies the location of the RSA certificate to use for SSL encrypted connections, which we
# created some time back.
rsa_cert_file=/etc/vsftpd/vsftpd.pem</code>
# Uncomment ssl_request_cert option if SSL/TLS connection is used by IBM's zOS ftp client
# read man vsftpd.conf for further information
#ssl_request_cert=NO
ssl_enable=YES
# To allow anonysonomous users to use SSL
allow_anon_ssl=YES
# if you want local users to use both ssl as well unsecure way of transmission of data plz specify no to below option.
force_local_data_ssl=NO
# If you want to allow all the login credentials which are transmitted should be sent with encryption
# pleas use below option to force them to use only ssl connection at the time of login.
force_local_logins_ssl=YES
# Permit TLS v1 protocol connections. TLS v1 connections are preferred
ssl_tlsv1=YES
# Permit SSL v2 protocol connections. TLS v1 connections are preferred
ssl_sslv2=NO
# permit SSL v3 protocol connections. TLS v1 connections are preferred
ssl_sslv3=NO
# Please specifies the location of the RSA certificate to use for SSL encrypted connections, which we
# created some time back.
rsa_cert_file=/etc/vsftpd/vsftpd.pem</code>
# Uncomment ssl_request_cert option if SSL/TLS connection is used by IBM's zOS ftp client
# read man vsftpd.conf for further information
#ssl_request_cert=NO
-----------------------------------------------------------------------------
Restart the vsftpd service
# service vsftpd restart
No comments:
Post a Comment