如何在 CentOS 5.5配置PureFTPd的TSL协议进行远程连接？

最新推荐文章于 2023-11-25 17:30:09 发布

weixin_33701251

最新推荐文章于 2023-11-25 17:30:09 发布

阅读量211

点赞数

文章标签：运维

原文链接：http://blog.51cto.com/kuaileyongshi/567764

版权

FTP是一个很不安全的协议，因为密码和所有数据都是通过一般文本传输的，利用ＴＳＬ协议，会使整个通信即可加密，从容使ＦＴＰ更安全。本文介绍了如何在 CentOS 5.5配置PureFTPd的TSL协议进行远程连接。

　我不敢保证这个方法对你也适用。

１初步注释；

你应该有一个工作PureFTPd安装在你的CentOS 5.5服务器，

安装OpenSSL：

ＴＳＬ协议需要ＯｐｅｎＳＳＬ支持，去安装ＯｐｅｎＳＳｌ，　我们现在运行，

yum install openssl

配置PureFTPd：

打开：/etc/pure-ftpd/pure-ftpd.conf...

vi /etc/pure-ftpd/pure-ftpd.conf

如果你想让PureFTPd与ＴＳＬ通信，设置ＴＬＳ为１：

[...]
# This option can accept three values :
# 0 : disable SSL/TLS encryption layer (default).
# 1 : accept both traditional and encrypted sessions.
# 2 : refuse connections that don't use SSL/TLS security mechanisms,
#     including anonymous sessions.
# Do _not_ uncomment this blindly. Be sure that :
# 1) Your server has been compiled with SSL/TLS support (--with-tls),
# 2) A valid certificate is in place,
# 3) Only compatible clients will log in.

TLS                      1
[...]

如果你想只设置ＴＬＳ通信，设置ＴＬＳ为２；

[...]
# This option can accept three values :
# 0 : disable SSL/TLS encryption layer (default).
# 1 : accept both traditional and encrypted sessions.
# 2 : refuse connections that don't use SSL/TLS security mechanisms,
#     including anonymous sessions.
# Do _not_ uncomment this blindly. Be sure that :
# 1) Your server has been compiled with SSL/TLS support (--with-tls),
# 2) A valid certificate is in place,
# 3) Only compatible clients will log in.

TLS                      2
[...]

不容许ＴＬＳ协议，容许FTP，设置TLS 为0:

[...]
# This option can accept three values :
# 0 : disable SSL/TLS encryption layer (default).
# 1 : accept both traditional and encrypted sessions.
# 2 : refuse connections that don't use SSL/TLS security mechanisms,
#     including anonymous sessions.
# Do _not_ uncomment this blindly. Be sure that :
# 1) Your server has been compiled with SSL/TLS support (--with-tls),
# 2) A valid certificate is in place,
# 3) Only compatible clients will log in.

TLS                      0
[...]

创建TLS中lls证书：

为了使用TLS，我们必须创建一种ssl 证书，我创建在/etc/ssl/private/目录：

改变SSL许可证书：

6.连接地址：

PureFTPd: http://www.pureftpd.org/
FileZilla: http://filezilla-project.org/
CentOS: http://www.centos.org/

chmod 600 /etc/ssl/private/pure-ftpd.pem

最后重启PureFTPd:

/etc/init.d/pure-ftpd restart

就是这样。现在你可以尝试连接使用你的FTP客户端,但是,你应该配置你的FTP客户端使用TLS ，看下一章与FileZilla如何做到这一点

FileZilla为TLS 5配置

了使用FTP和TLS协议,就需要一种的FTP客户端,支持TLS协议,例如FileZillaFileZilla.

在FileZilla,打开服务器管理：

选择服务器,使用PureFTPd;与TLS Server Type服务器类型菜单中,选择 FTPES代替普通 FTP：

现在你可以连接到服务器，如果你第一次连接，就必须服务器的新SSL证书:

如果一切正常，你现在能登陆到服务器上：

mkdir -p /etc/ssl/private/

然后我们可以产生证书，如下：

openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem

Country Name (2 letter code) [GB]: <-- Enter your Country Name (e.g., "DE").
State or Province Name (full name) [Berkshire]: <-- Enter your State or Province Name.
Locality Name (eg, city) [Newbury]: <-- Enter your City.
Organization Name (eg, company) [My Company Ltd]: <-- Enter your Organization Name (e.g., the name of your company).
Organizational Unit Name (eg, section) []: <-- Enter your Organizational Unit Name (e.g. "IT Department").
Common Name (eg, your name or your server's hostname) []: <-- Enter the Fully Qualified Domain Name of the system (e.g. "server1.example.com").
Email Address []: <-- Enter your Email Address.