Linux中关于FTP服务器的加密配置(SSL)

有时我们使用FTP进行连接是,需要对信息进行加密,即使用ssl或者tsl进行连接。这时我们需要用到openssl。安装配置好ssl之后,我们要安装openssl。

wget http://www.openssl.org/source/openssl-1.0.2g.tar.gz
tar -xvzf openssl-1.0.1f.tar.gz
cd openssl-1.0.1f
./config
make
make install
逐步执行上边的命令,完成openssl的安装。

接下来要生成秘钥及证书:

新建目录,为了放置证书。

mkdir -p /etc/ssl/certs
chmod 700 /etc/ssl/certs
执行生成证书的命令:
openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout /etc/ssl/certs/vsftpd.pem -out /etc/ssl/certs/vsftpd.pem
在此过程中需要填写部分信息以便ftp连接时,给予证书的提示,如下图:

然后进到/etc/ssl/certs目录下看证书有没有生成。

然后我们修改vsftpd的配置文件在最后添加如下信息:

# Turn on SSL
ssl_enable=YES
 
# Allow anonymous users to use secured SSL connections
allow_anon_ssl=YES
 
# All non-anonymous logins are forced to use a secure SSL connection in order to
# send and receive data on data connections.
force_local_data_ssl=YES
force_anon_data_ssl=YES
 
# All non-anonymous logins are forced to use a secure SSL connection in order to send the password.
force_local_logins_ssl=YES
force_anon_logins_ssl=YES
 
# Permit TLS v1 protocol connections. TLS v1 connections are preferred
ssl_tlsv1=YES
 
# Permit SSL v2 protocol connections. TLS v1 connections are preferred
ssl_sslv2=NO
 
# permit SSL v3 protocol connections. TLS v1 connections are preferred
ssl_sslv3=NO
 
# Disable SSL session reuse (required by WinSCP)
require_ssl_reuse=NO
 
# Select which SSL ciphers vsftpd will allow for encrypted SSL connections (required by FileZilla)
ssl_ciphers=HIGH
 
# This option specifies the location of the RSA certificate to use for SSL
# encrypted connections.
rsa_cert_file=/etc/ssl/cert/vsftpd.pem
配置修改完成后,重新vsftpd服务。

然后我们使用ftp工具进行连接:


这样一个可加密的ftp服务器就搭建好了。

展开阅读全文

没有更多推荐了,返回首页