FTP服务(2)实现基于SSL的FTPS

1、查看当前vsftpd是否具有ssl模块

[root@localhost ~]# ldd $(which vsftpd) |grep ssl
    libssl.so.10 => /usr/lib64/libssl.so.10 (0x00007f55009bf000)

2、创建自签名证书

[root@localhost ~]# cd /etc/pki/tls/certs/
[root@localhost certs]# make vsftpd.pem
umask 77 ; \
PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
/usr/bin/openssl req -utf8 -newkey rsa:2048 -keyout $PEM1 -nodes -x509 -days 365  \ 
 -out $PEM2 -set_serial 0 ; \
cat $PEM1 >  vsftpd.pem ; \
echo ""    >> vsftpd.pem ; \
cat $PEM2 >> vsftpd.pem ; \
rm -f $PEM1 $PEM2
Generating a 2048 bit RSA private key
..................................................+++
............................+++
writing new private key to '/tmp/openssl.x3aynR'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:beijing
Locality Name (eg, city) [Default City]:beijing
Organization Name (eg, company) [Default Company Ltd]:it
Organizational Unit Name (eg, section) []:ftp
Common Name (eg, your name or your server's hostname) []:
Email Address []:

3、查看证书

[root@localhost certs]# openssl x509 -in vsftpd.pem -noout -text

4、配置vsftp支持ssl

注:在编辑vstpd.conf时,注意格式,选项行后不得有空格

anonymous_enable=NO   #禁止匿名用户登录
chroot_local_user=YES    #禁锢所用系统用户在家目录中
ssl_enable=YES  #启用ssl
allow_anon_ssl=NO   #匿名不支持SSL
force_local_logins_ssl=YES   #本地用户登录加密
force_local_data_ssl=YES   #本地数据传输加密
rsa_cert_file=/etc/pki/tls/certs/vsftpd.pem   #证书
 
[root@localhost ~]# useradd test    创建测试用户
[root@localhost ~]# passwd test

5、测试、利用filezilla 登录测试 

 

posted @ 2018-06-26 15:07  Gmiao  阅读(630)  评论(0编辑  收藏  举报