VsFTPd is one of the FTP server software on Linux. It supports many options, one of which allows OpenSSL to encrypt data, to some extent, this can make up for the defects of the inscription transmitted when FTP transfers the account password information, which can make the FTP account more secure. 1. First, install vsftpd # yuminstallvsftpd2. create CA # cdetcpki
VsFTPd is one of the FTP server software on Linux. It supports many options, one of which allows OpenSSL to encrypt data, to some extent, this can make up for the defects of the inscription transmitted when FTP transfers the account password information, which can make the FTP account more secure.
1. First, installFtpD
# Yum install vsftpd
2. Create a CA
- #Cd/Etc/pki/CA
- #MkdirCerts neWcErts crl
- #TouchIndEx. Txt serial
- # Echo 01>Serial
- # Vim/etc/pki/tLs/Openssl. conf # modify the following fields so that it is convenient to issue a certificate
- [CA_default]
- Dir=/Etc/pki/CA # specify the CA path
- [Req_distinguishEd_ Name]
- CounTrYName_default=CN# Default country name
- StatEOrProviNcEName_default=HN# Province
- LocalityName_default=ZZ# Region
- 0. organizationName_default=RHCE# Company name
- # Openssl genrsa 1024>Private/cakey. pem
- # Openssl req-new x509-key private/cakey. pem-out cacert. pem
- Press enter. Be sure to configure the domain name! The CA certificate has been created.
- Chmod600 private/cakey. pem cacert. pem
3. issue a certificate to vsftpd
- # Cd/etc/vsftpd/
- # Mkdir ssl
- # Openssl genrsa 1024> ssl/ftp. key
- # Openssl req-new-key ssl/ftp. key-out ssl/ftp. req
- Another carriage return, vsfptd's request certificate application number
- # Openssl ca-in ssl/ftp. req-out ssl/ftp. crt
- Confirm signing
- #RmSsl/ftp. req-f
- # Chmod 600 ssl/ftp .*
4. Edit the configuration file and add the following lines:
- # Vim/etc/vsftpd. conf
- Add the following lines
- # SSL configure
- Ssl _Enable= YES
- Ssl_tlsv1 = YES// We recommend that you enable this function.
- Ssl_sslv2 = NO
- Ssl_sslv3 = NO
- Allow_anon_ssl = YES// Enable ssl for anonymous users
- Force_local_data_ssl = YES// Use encryption for forced Data Transmission
- Force_local_logins_ssl = YES// Use ssl for forced Logon
- Rsa_cert _File=/Etc/vsftpd/ssl/ftp. crt
- Rsa_private_key_file =/etc/vsftpd/ssl/ftp. key
5. Enable the vsftpd service and use ssl encryption to access ftp on the client.
# Service vsftpd start
6. We useCommandPacket CaptureTo see if the data is encrypted.
# TCpDuMp-I eth0-A dst 192.168.0.48