IT Notes about: Juniper, Cisco, Checkpoint, FreeBSD, Linux, Windows, VmWare, VDI, Cloud.... » en » jobs » ftps_on_vsftpd
Translations of this page:
Show pagesourceMedia Manager
Recent Changes
Main page

Tasks:

This is an old revision of the document!

Table of Contents

Ftps server configuration on the Centos Linux and vsftpd

Introduction.

Once upon a time we needed to configure ftps server with login/pass access.
We chose vsftpd like ftps server and OS - Linux Centos 5.8

Configuration

1. Install packages 

yum install vsftpd openssl

2. Generate self-signed SSL certificates 

openssl genrsa -out key.pem 1024

openssl req -new -key key.pem -out req.pem
 
 Country Name (2 letter code) [AU]:RU
 State or Province Name (full name) [Some-State]:
 Locality Name (eg, city) []:Moscow
 Organization Name (eg, company) [Internet Widgits Pty Ltd]:Test Company
 Organizational Unit Name (eg, section) []:IT dept
 Common Name (eg, YOUR name) []:ftps.example.ru
 Email Address []:adm@example.ru
 
 Please enter the following 'extra' attributes
 to be sent with your certificate request
 A challenge password []:
 An optional company name []:

openssl req -x509 -days 365 -key key.pem -in req.pem -out cert.pem

Move certificate to vsftpd configuration directory. 

mv cert.pem /etc/vsftpd/cert.pem

3. Configure vsftpd

File /etc/vsftpd/vsftpd.conf

ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
require_ssl_reuse=NO
implicit_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=YES
ssl_sslv3=YES
rsa_cert_file=/etc/vsftpd/cert.pem
listen=YES
listen_address=212.1.1.1
listen_port=990
background=YES
log_ftp_protocol=YES
guest_enable=YES
guest_username=ftp
syslog_enable=YES
xferlog_enable=YES
vsftpd_log_file=/var/log/vsftpd.log
local_enable=YES
chroot_local_user=YES
pam_service_name=vsftpd
secure_chroot_dir=/usr/share/vsftpd
user_config_dir=/etc/vsftpd/vsftpd_user_conf
virtual_use_local_privs=YES

Create test user login/password

File /etc/vsftpd/login 

test
password

Create Berkley DB 

db_load -T -t hash -f login login.db
chmod 600 login.db

Create a PAM file which uses login.db
File: /etc/pam.d/vsftpd 

#%PAM-1.0
auth required pam_userdb.so db=/etc/vsftpd/login
account required pam_userdb.so db=/etc/vsftpd/login
session    required     pam_loginuid.so

Create FTP directory for test user and configure write rules. 

mkdir /test_ftp
chmod 775 /test_ftp
chgrp nobody /test_ftp

File /etc/vsftpd/vsftpd_user_conf/ 

write_enable=YES
local_root=/test_ftp

Star service and check out staring at boot. 

service vsftpd start
temp=`chkconfig --list | grep vsftp | grep on`;if [ "$temp" ]; then echo ok; else chkconfig vsftp on; fi

PS: If you will have the access problem try to configure selinux (chcon semanage) or just disable selinux

Client connection example

For example use winSCP client.

Configuration example:

500

Push login button and enjoy.

en/jobs/ftps_on_vsftpd.1357563717.txt.gz · Last modified: 2013/01/07 17:01 by admin
Show pagesource
Back to top
Recent changes RSS feed Debian Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki