How To : FTPS Server Configuration

0 comments

I used to astonish all the time when I see the FTP package name. vsftpd which abrivated to Very Secure File Transfer Demon(vsftpd). But when we see the security prospective of this package there is no much security included with this package. I mean when you login to server the credentials are transfered in plain text. So by defalut root user is not allowed to login to ftp server.

To eliminate transfering data in plain text and to encrypt the entire transmission we can take help from open ssl to generate a certificate and use SSL certificate when communicating with FTP server. This is nothing but a FTPS server.

Some file transfers you should know are.
1. TFTP(Trivial File Transfer Protocol which uses UDP for transmission) –high data rates/not secure
2. (This protocol uses SSH in backend, so you no need to run an FTP server) –secure
3. FTP(This is normal ftp transfer which uses TCP) –not secure

4. FTPS(FTP+SSL certificate to encrypt data transmission)
5. Over SSH(this is a kind of ftp tunnel on SSH protocol)

In this post we will see how you can configure SSL certificate for VSFTPD.

Step1 : Check the following packages on the server and if they are not install please install them.
#yum install openssl
#yum install vsftpd

Step2 : Generate rsa key in /etc/vsftpd folder as below.
#cd /etc/vsftpd
#/usr/bin/openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout vsftpd.pem -out vsftpd.pem

The clipped output for your reference
[root@v-itig42 vsftpd]# /usr/bin/openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout vsftpd.pem -out vsftpd.pem

Generating a 1024 bit RSA private key

....................................................++++++

..........................................++++++

writing new private key to 'vsftpd.pem'

-----

You are about to be asked to enter information that will be incorporated.
into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank.

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [GB]:IN

State or Province Name (full name) [Berkshire]:Andhra Pradesh
Locality Name (eg, city) [Newbury]:Vijaywada
Organization Name (eg, company) [My Company Ltd]:Linuxnix Systems Limited
Organizational Unit Name (eg, section) []: IT admin Group
Common Name (eg, your name or your server's hostname) []:ftp2.linuxnix.co.in

Email Address []:
surendra@linuxnix.co.in

Step3 : Once the Certificate is generated, certificate is kept in /etc/vsftpd folder. We have to provide this entry in vsftpd.conf along some ssl configurations.

Step4 : Edit vsftpd.conf and give enteris at the last of the file.
#vi /etc/vsftpd/vsftpd.conf
#For SSL on specify yes to below option.
ssl_enable=YES
# To allow anonysonomous users to use SSL
allow_anon_ssl=YES
# if you want local users to use both ssl as well unsecure way of transmission of data plz specify no to below option.
force_local_data_ssl=NO
#If you want to allow all the login credentials which are transmitted should be sent with encryption #pleas use below option to force them to use only ssl connection at the time of login.
force_local_logins_ssl=YES
# Permit TLS v1 protocol connections. TLS v1 connections are preferred
ssl_tlsv1=YES
# Permit SSL v2 protocol connections. TLS v1 connections are preferred
ssl_sslv2=NO
# permit SSL v3 protocol connections. TLS v1 connections are preferred
ssl_sslv3=NO
#Please pecifies the location of the RSA certificate to use for SSL encrypted connections
, which we #created some time back.
rsa_cert_file=/etc/vsftpd/vsftpd.pem
Now save and exit the vsftpd file

Step5 : Restart the vsftpd service.
# service vsftpd restart
Shutting down vsftpd: [ OK ]
Starting vsftpd for vsftpd: [ OK ]


Start accessing the ftp server with user name credentials with filezila or some other FTP clients which will support SSL/TSL. If you want to access ftps sites through browsers its not possible. We have to have addon called fireftp. Then only we can access ftps:// site. Here in this example I used filezila.

  • Like the post? Please Subscribe to free RSS feed to get updates
  • Converting Sun Virtualbox vmi file To Vmware vmdk file

    2 comments

    This article show you how to convert Sun Virtualbox vmi file to Vmware vmdk file. Recently I have started using Ubuntu as my desktop in my company. And installed Sun Virtualbox for test VMs. But most of the people have vmplayer installed. So they donot know how to use this vmi images on a windows box. So here is a solution for converting those vdi image files to VMware .vmdk images.

    When we install Sun Virtualbox we have so many command lines tools installed along with it. One good tool is VBoxManage, Please remember commands in Linux are case sensitive. So if you try to type vboxmange it will not work. You have to type exactly as VBoxManage.

    Step1 : Convert from vdi to raw.
    #VBoxManage internalcommands converttoraw /data/Vm-images/ubuntu-vm.vdi /data/Vm-images/ubuntu.raw

    Step2 : Now install qemu, which is used to convert .raw files to .vmdk
    #apt-get install qemu

    Step3 : Convert .raw files to .vdmk using qemu-img command
    #qemu-img convert -O vmdk /data/Vm-images/ubuntu.raw /data/Vm-images/ubuntu.vmdknow try to access this .vmdk file using your VMware workstation or VMware player.

    So what about viseversa?here there are two methods are there
    1. By default your Sun Virtualbox will support .vmdk vmware images.
    2. If its not supported use the following way.

    Step1 : Use again qemu-img to convert .vmdk disk to .rawqemu-img convert ubuntu.vmdk /tmp/ubuntu.raw

    Step2 : VBoxManage convertdd /tmp/ubuntu.raw ubuntu.vdiplease share your thoughts.

  • Like the post? Please Subscribe to free RSS feed to get updates
  • Archive

    Translate this page

     

    The Linux Juggernaut | Copyright 2006-2009 Surendra Kumar Anne | Surendra's Home Page | Give us feedback how we are doing, Click here