Configure FTP Server With TLS/SSL Implicit Encryption On RedHat
1. Install packages vsftpd
# yum install -y vsftpd
2. Create user for ftp
# useradd -g [gid group] [user_name] # passwd [user_name]
3. Configure setup FTP Server on /etc/vsftpd/vsftpd.conf
# vi /etc/vsftpd/vsftpd.conf
anonymous_enable=NO local_enable=YES write_enable=YES local_umask=002 # user and group have same privileges mode dirmessage_enable=YES xferlog_enable=YES connect_from_port_20=YES xferlog_file=/var/log/xferlog log_ftp_protocol=YES xferlog_std_format=YES ftpd_banner=Welcome to blah FTP service. chroot_local_user=YES chroot_list_enable=YES chroot_list_file=/etc/vsftpd/chroot_list listen=NO listen_ipv6=YES pam_service_name=vsftpd userlist_enable=YES tcp_wrappers=YES
4. Create chroot list user allowed FTP
# vi /etc/vsftpd/chroot_list
username1 username2
5. Start and enable start-up Service FTP server on default port 21.
# systemctl start vsftpd # systemctl enable vsftpd
6. Create FTPS with TLS/SSL Implicit encryption. Create key and CSR key for create SSL Certificate.
if you use SSL selfsigned you can create SSL Certificate :
# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/vsftpd.key -out /etc/ssl/private/vsftpd.crt
7. Setup config TLS for VSFTPD
# vi /etc/vsftpd/vsftpd.conf
tambahkan config berikut ini :
#SSL Configuration rsa_cert_file=[Path Certificate File] rsa_private_key_file=[Path Private Key File] ssl_enable=YES implicit_ssl=YES listen_port=990 ssl_request_cert=NO allow_anon_ssl=NO force_local_data_ssl=YES force_local_logins_ssl=YES ssl_tlsv1_2=YES ssl_sslv2=NO ssl_sslv3=NO require_ssl_reuse=NO ssl_ciphers=HIGH allow_anon_ssl=NO force_local_data_ssl=YES force_local_logins_ssl=YES pasv_min_port=30000 pasv_max_port=31000
8. Restart Service VSFTPD
# systemctl restart vsftpd
9. Open firewall from client to FTP server
Port 990 TCP, Port 20 TCP, Port 21 TCP, Port 30000-31000 TCP, Port high_port
10. Testing FTPS Server from Client.