How to build the vsftpd server with TLS/SSL encryption

Posted 2022-01-16 程序小黑

1、 install vsftpd server

vsftpd is not secure by default.we have to do a couple of things to make the ftp server bit secure.

After installing and configuring vsftpd,I have created a ftp user called “test” at the first!
    So,let us assign root ownership to the “test” user’s home directory “/home/test”
    We can run：
    Userasdd -d /home/test test
    Chown root:root /home/test

    we can use the directory to store the ftp file or to be the ftp directory!

      Now if we have done this setup,first let us create the required SSL certicates to use tith VSFTPD.to do so ,run the following command from the terminal.
     “openssl req -x509 -nodes -day 365 -new key rsa:1024 -keyout /etc/ssl/private/vsftpd.pem -out /etc/ssl/private/vsftpd.pem”
    Enter the required values!

now we create the ssl certicaties to vsftp configura

we append the line like this in the vsftd config file like /etc/vsftpd/vsftpd.conf
“rsa_cert_file=/etc/ssl/certs/vsftpd.pem”
“rsa_private_key_file=/etc/ssl/private/vsftpd.pem”

“ssl_enable=YES”

“force_local_data_ssl=YES”

“allow_anon_ssl=YES”

“force_local_logins_ssl=YES”

“ssl_tlsv1=YES”

“ssl_tlsv2=NO”

“ssl_tlsv3=NO”

“require_ssl_reuse=NO”

“ssl_ciphers=HIGH”

When modifying the values ,the vsftpd configuration file should look like this:

Save and close the file

Finally ,restart the vsftpd service to take effect the changes

(centos6)service vsftpd restart

(centos7)systemctl restart vsftpfd

Vsftpd configuration with ssl is over,now ,we use wireshark to get the packet.

Now ，though the packet ,we should know the vsftpd with the ssl is complete!