Ftps server configuration on the Centos Linux and vsftpd

Introduction.

Once upon a time we needed to configure ftps server with login/pass access.
We chose vsftpd like ftps server and OS - Linux Centos 5.8

Configuration

1. Install packages

yum install vsftpd openssl 

2. Generate self-signed SSL certificates

openssl genrsa -out key.pem 1024

openssl req -new -key key.pem -out req.pem
 
 Country Name (2 letter code) [AU]:RU
 State or Province Name (full name) [Some-State]:
 Locality Name (eg, city) []:Moscow
 Organization Name (eg, company) [Internet Widgits Pty Ltd]:Test Company
 Organizational Unit Name (eg, section) []:IT dept
 Common Name (eg, YOUR name) []:ftps.example.ru
 Email Address []:adm@example.ru
 
 Please enter the following 'extra' attributes
 to be sent with your certificate request
 A challenge password []:
 An optional company name []:

openssl req -x509 -days 365 -key key.pem -in req.pem -out cert.pem

Move certificate to vsftpd configuration directory.

mv cert.pem /etc/vsftpd/cert.pem

3. Configure vsftpd

File /etc/vsftpd/vsftpd.conf

ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
require_ssl_reuse=NO
implicit_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=YES
ssl_sslv3=YES
rsa_cert_file=/etc/vsftpd/cert.pem
listen=YES
listen_address=212.1.1.1
listen_port=990
background=YES
log_ftp_protocol=YES
guest_enable=YES
guest_username=ftp
syslog_enable=YES
xferlog_enable=YES
vsftpd_log_file=/var/log/vsftpd.log
local_enable=YES
chroot_local_user=YES
pam_service_name=vsftpd
secure_chroot_dir=/usr/share/vsftpd
user_config_dir=/etc/vsftpd/vsftpd_user_conf
virtual_use_local_privs=YES

Create test user login/password

File /etc/vsftpd/login

test
password

Create Berkley DB

db_load -T -t hash -f login login.db
chmod 600 login.db

Create a PAM file which uses login.db
File: /etc/pam.d/vsftpd

#%PAM-1.0
auth required pam_userdb.so db=/etc/vsftpd/login
account required pam_userdb.so db=/etc/vsftpd/login
session    required     pam_loginuid.so

Create FTP directory for test user and configure write rules.

mkdir /test_ftp
chmod 775 /test_ftp
chgrp nobody /test_ftp

File /etc/vsftpd/vsftpd_user_conf/

write_enable=YES
local_root=/test_ftp

Star service and check out staring at boot.

service vsftpd start
temp=`chkconfig --list | grep vsftp | grep on`;if [ "$temp" ]; then echo ok; else chkconfig vsftp on; fi  

PS: If you will have the access problem try to configure selinux (chcon semanage) or just disable selinux

Client connection example

For example use winSCP client. (Also you can use filezilla and etc)

Configuration example:

500

Push login button and enjoy.

About author

Profile of the author

en/jobs/ftps_on_vsftpd.txt · Last modified: 2015/03/12 17:07 by admin
Recent changes RSS feed Debian Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki