In addition, we can set which SSL ciphers VSFTPD will permit for encrypted SSL connections with the ssl_ciphers option. With option require_ssl_reuse=YES, all SSL data connections are required to exhibit SSL session reuse proving that they know the same master secret as the control channel. Furthermore, we can use the options below to add more security features in the FTP server. Now, we also have to prevent anonymous users from using SSL, then force all non-anonymous logins to use a secure SSL connection for data transfer and to send the password during login: allow_anon_ssl=NOħ. Rsa_private_key_file=/etc/ssl/private/vsftpd.pemĦ. #rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.keyĪfterwards, add the lines below to define the location of the SSL certificate and key file: rsa_cert_file=/etc/ssl/private/vsftpd.pem Next, comment out the lines below using the # character as follows: #rsa_cert_file=/etc/ssl/private/ssl-cert-snakeoil.pem
Then, add or locate the option ssl_enable and set its value to YES to activate the use of SSL, again, because TLS is more secure than SSL, we will restrict VSFTPD to use TLS instead, by enabling the ssl_tlsv1 option: ssl_enable=YESĥ. Now, open the VSFTPD config file and define the SSL details in it: $ sudo vi /etc/vsftpd/nf Before we perform any VSFTPD configurations, for those who have UFW firewall enabled, you have to open the ports 90-50000 to allow TLS connections and the port range of passive ports to set in the VSFTPD configuration file respectively: $ sudo ufw allow 990/tcpĤ. Organizational Unit Name (eg, section) : Linux and Open SourceĬommon Name (eg, your name or your server's hostname) : tecmintĮmail Address : Step 2: Configuring VSFTPD to Use SSL/TLS on Ubuntuģ. State or Province Name (full name) : Lower Parel The above command will prompt you to answer the questions below, don’t forget to enter values that applicable to your scenario.
$ sudo openssl req -x509 -nodes -keyout /etc/ssl/private/vsftpd.pem -out /etc/ssl/private/vsftpd.pem -days 365 -newkey rsa:2048
Now let’s generate the certificate and key in a single file, by running the command below.
0 kommentar(er)
