## VSFTPD with SSL
Encryption of FTP:
1. Control channel
2. Data channel
Implicit SSL >> TCP:990
Explicit SSL >> TCP:21
##use LFTP client to force SSL connection
lftp -u user localhost | 192.168.10.1
lftp :~> set -a | grep ssl
'nano ~/.lftprc'
## add below lines
'debug'
'set ftp:ssl-force yes'
'set ftp:ssl-protect-data yes'
## setup VSFTPD ssl support
'ssl_enable=yes'
'ssl_tlsv1=yes' Default
'rsa_cert_file=/etc/pki/tls/certs/myftpssl.crt'
##if private is in separate file then use below
'rsa_private_key_file=/etc/pki/tls/certs/private/myftpssl.key'
Optional for without ssl:
force_local_login_ssl=no
force_local_data_ssl=no
'genkey myftpssl'
NOTE: certificate name must be as the hostname
service vsftpd stop
service vsftpd start
'openssl ciphers -v' - to view all the ciphers types
'openssl ciphers -v | grep 'DES-CBC3-SHA'
Default VSFTPD Cipher: DES-CBC3-SHA
Encryption of FTP:
1. Control channel
2. Data channel
Implicit SSL >> TCP:990
Explicit SSL >> TCP:21
##use LFTP client to force SSL connection
lftp -u user localhost | 192.168.10.1
lftp :~> set -a | grep ssl
'nano ~/.lftprc'
## add below lines
'debug'
'set ftp:ssl-force yes'
'set ftp:ssl-protect-data yes'
## setup VSFTPD ssl support
'ssl_enable=yes'
'ssl_tlsv1=yes' Default
'rsa_cert_file=/etc/pki/tls/certs/myftpssl.crt'
##if private is in separate file then use below
'rsa_private_key_file=/etc/pki/tls/certs/private/myftpssl.key'
Optional for without ssl:
force_local_login_ssl=no
force_local_data_ssl=no
'genkey myftpssl'
NOTE: certificate name must be as the hostname
service vsftpd stop
service vsftpd start
'openssl ciphers -v' - to view all the ciphers types
'openssl ciphers -v | grep 'DES-CBC3-SHA'
Default VSFTPD Cipher: DES-CBC3-SHA
No comments:
Post a Comment