Vsftpd configuration SSL encryption FTP Data Transmission

Source: Internet
Author: User
Tags ftp connection ftp client file transfer protocol

FTP is a File Transfer Protocol widely used on the Internet. Its disadvantage is that it transmits data in plaintext. It can easily obtain users and passwords by listening on nodes that pass through the data, which brings many risks to the installation, you can use SSL to encrypt the FTP connection. First, test the use of Tcpdump to listen to the ftp user name and password for plaintext transmission: tcpdump port 21-nA20: 03: 43.077038 IP 192.168.1.1.34453> 192.168.1.4.21: Flags [P.], seq, ack 134, win 2920, length 13E .. 5. "@. @.. J ............ k .. 3 .. (kP .. hC... USER myhack5820: 03: 43.077506 IP 192.168.1.4.21> 192.168.1.1.34453: Flags [P.], seq 134: 168, ack 34, win 365, length 34E .. j. g @. @................. (kk .. @ P .. m #... 331 Please specify the password.20: 03: 43.081218 IP 192.168.1.1.34453> 192.168.1.4.21: Flags [P.], seq 34: 47, ack 168, win 2920, length 13E .. 5. #@. @.. I ............ k .. @.. (. P .. h :... PASS myhack5820: 03: 43.102350 IP 192.168.1.4.21> 192.168.1.1.34453: Flags [P.], seq 168: 191, ack 47, win 365, length 23E ..?. H @. @................. (. k .. MP .. m.8 .. 230 Login successful.20: 03: 43.103626 IP 192.168.1.1.34453> 192.168.1.4.21: Flags [P.], seq 47: 52, ack 191, win 2920, length 5E .. -. $ @. @.. P ............ k .. M .. (. P .. h. L .. PWD20: 03: 43.104025 IP 192.168.1.4.21> 192.168.1.1.34453: Flags [P.], seq 191: 211, ack 52, win 365, length 20E .. <. I @. @................. (. k .. RP .. mt... 257 "/home/myhack58" check whether Vsftpd supports SSL :# http://blog.myhack58.comldd 'Which vsftpd '| grep ssllibssl. so.0.9.8 =>/usr/lib/libssl. so.0.9.8 (0x00007f18f8c0a000) to generate an SSL Certificate: openssl req-new-x509-nodes-out vsftpd. pem-keyout vsftpd. pemchmod 400 vsftpd. pemcp vsftpd. pem/etc/ssl/certs/Vsftpd Configure SSL support: ssl_enable = YESallow_anon_ssl = YESforce_local_data_ssl = secure = YESssl_tlsv1 = YESssl_sslv2 = NOssl_sslv3 = NOrsa_cert_file =/etc/ssl/certs/vsftpd. pem restart vsftp to connect with an ftp client that supports ssl. In this example, FlashFXP is used for connection:

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.