Solved

Install secure ftp on CentOS

Posted on 2012-04-07
2
747 Views
Last Modified: 2012-04-16
Hi,

I would like to get help to install secure FTP on CentOS 6.0.

Thanks
0
Comment
Question by:wsyy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 78

Expert Comment

by:arnold
ID: 37820389
Are you talking about ftps or sftp?
Proftpd, vsftpd or looking at using the sftp which is part of the OpenSSh?

Which FTP server do you have/want?
0
 
LVL 25

Accepted Solution

by:
madunix earned 200 total points
ID: 37821685
To install ftp services on centos check
http://www.cyberciti.biz/faq/rhel-centos-linux-install-ftp-server/
http://wiki.vpslink.com/Configuring_vsftpd_for_secure_connections_(TLS/SSL/SFTP)


In order to use SSL encryption, FTP server requires a certificate to be installed. Thus obtain a Certificate from a Certificate Authority or create a self signed (not recommended) certificate using the below command.

Creating a self signed certificate
$ cd /etc/pki/tls/certs/
$ make /etc/vsftpd/vsftpd.pem

Next make it so that root is the only user that can read this file:
$ chmod 600 /etc/vsftpd/vsftpd.pem

Edit the vsftpd configuration file /etc/vsftpd/vsftpd.conf, append or modify the options as shown below.
ssl_enable=YES
allow_anon_ssl=YES
force_local_data_ssl=NO
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
rsa_cert_file=/etc/vsftpd/vsftpd.pem

The above directives enable SSL for local users but disable SSL for anonymous connections and force SSL for data transfers and logins. For a more info, please check the man page of vsftpd.conf. (man vsftpd.conf)

Restart the vsftpd daemon to make the changes take effect.
$ service vsftpd restart

Note: Use a client that does support the ftps protocol, for Linux, gftp does this quite well, however it initially rejects self-signed server certificates. This can be fixed by disabling the "Verify SSL Peer" setting in options. When making connections, be sure to select the FTPS protocol.

Using sftp for Secure File Transfer, note sftp uses a secure, encrypted connection to establish the ftp transfer. sftp is available for version 2.5.0p1 and higher. Make sure that this is not using a ftp protocol but is rather using the ssh protocol on port 22. However, it functions much like ftp. You cannot connect to a ftp server using sftp as they use different protocols and ports.
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
lunix and unix command 21 155
Samba Question 11 139
UM7 Stop Sending packets with GPS Sensor 1 45
Cron job never runs on vCenter 6.5 appliance 7 35
Over the last ten+ years I have seen Linux configuration tools come and go. In the early days there was the tried-and-true, all-powerful linuxconf that many thought would remain the one and only Linux configuration tool until the end of times. Well,…
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question