Chekwaa njikọ ProFTPD iji TLS/SSL Protocol na RHEL/CentOS 7

Site na okike ya FTPprotocol e mere ka ọ bụrụ ụkpụrụ na-enweghị nchebe ma na-ebufe data niile na okwuntughe na ederede doro anya, na-eme ka ọrụ ndị ọzọ dị mfe igbochi azụmahịa niile nke ndị ahịa FTP, karịsịa aha njirimara na okwuntughe ejiri na usoro nyocha.

  1. Ịwụnye ProFTPD Server na RHEL/CentOS 7
  2. Kwado Akaụntụ Amaghị Aha maka Proftpd Server na RHEL/CentOS 7

Nkuzi a ga-eduzi gị ka ị ga-esi chekwaa ma zoo FTP nzikọrịta ozi na ProFTPd Sava na CentOS/RHEL 7 , iji TLS(Transport Layer Security) na ndọtị FTPS doro anya (chee na FTPS ka ihe HTTPS bụ maka HTTP Protocol).

Kwụpụ 1: Mepụta faịlụ nhazi Module Proftpd TLS

1. Dịka a tụlere na nkuzi Proftpd gara aga gbasara akaụntụ Anonymous, ntuziaka a ga-ejikwa otu ụzọ ahụ maka ijikwa faịlụ nhazi Proftpd n'ọdịnihu dị ka modul, site na enyemaka nke enabled_mod na disabled_mod akwụkwọ ndekọ aha, nke ga-anabata ikike niile nke ihe nkesa.

Yabụ, mepụta faịlụ ọhụrụ site na iji ndezi ederede ọkacha mmasị gị aha ya bụ tls.conf na disabled_mod Proftpd ụzọ wee tinye ntuziaka ndị a.

# nano /etc/proftpd/disabled_mod/tls.conf

Tinye ntinye nhazi faịlụ TLS.

<IfModule mod_tls.c>
TLSEngine                               on
TLSLog                                  /var/log/proftpd/tls.log
TLSProtocol                             SSLv23
 
TLSRSACertificateFile                   /etc/ssl/certs/proftpd.crt
TLSRSACertificateKeyFile                /etc/ssl/private/proftpd.key

#TLSCACertificateFile                                     /etc/ssl/certs/CA.pem
TLSOptions                      NoCertRequest EnableDiags NoSessionReuseRequired
TLSVerifyClient                         off
TLSRequired                             on
TLSRenegotiate                          required on
</IfModule>

2. Ọ bụrụ na ị na-eji ihe nchọgharị ma ọ bụ ndị ahịa FTP na-akwadoghị njikọ TLS, kwuo akara TLS chọrọ na ka ị kwe ka njikọ TLS na ndị na-abụghị TLS n'otu oge wee zere ozi njehie dị ka ọ dị na nseta ihuenyo n'okpuru.

Kwụpụ 2: Mepụta faịlụ Asambodo SSL maka TLS

3. Mgbe ị mepụtara TLS modul nhazi faịlụ. nke ahụ ga-eme ka FTP karịa TLS na Proftpd, ịkwesịrị ịmepụta SSL Asambodo na igodo iji jiri nkwurịta okwu echekwara n'elu ProFTPD Server site n'enyemaka nke ngwugwu OpenSSL.

# yum install openssl

Ị nwere ike iji otu ogologo iwu ka ịmepụta SSL Certificate na Key pairs, mana iji mee ka ihe dị mfe ị nwere ike ịmepụta edemede bash dị mfe nke ga-emepụta SSL pairs na aha gị chọrọ ma kenye ikike ziri ezi maka faịlụ igodo.

Mepụta faịlụ bash aha ya bụ proftpd_gen_ssl na /usr/local/bin/ ma ọ bụ n'ụzọ sistemụ arụmọrụ ọ bụla ọzọ (akọwapụtara site na PATH variable).

# nano /usr/local/bin/proftpd_gen_ssl

Tinye ọdịnaya ndị a na ya.

#!/bin/bash
echo -e "\nPlease enter a name for your SSL Certificate and Key pairs:"
read name
 openssl req -x509 -newkey rsa:1024 \
          -keyout /etc/ssl/private/$name.key -out /etc/ssl/certs/$name.crt \
          -nodes -days 365\

 chmod 0600 /etc/ssl/private/$name.key

4. Mgbe ịmechara faịlụ ahụ dị n'elu, kenye ya na ikikere igbu, jide n'aka na ndekọ /etc/ssl/private dị ma mee edemede ahụ ka ịmepụta SSL Asambodo na isi ụzọ abụọ.

# chmod +x /usr/local/bin/proftpd_gen_ssl
# mkdir -p /etc/ssl/private
# proftpd_gen_ssl

Weta Asambodo SSL ahụ na ozi achọrọ kpaliri nke bụ nkọwa nke onwe, mana ṅaa ntị na Aha a na-ahụkarị ka ị kwekọọ na onye ọbịa gị Aha ngalaba ruru eru zuru okeFQDN b>.

Kwụpụ 3: Kwado TLS na ProFTPD Server

5. Dị ka faịlụ nhazi TLS emebere na mbụ na-arụtụ aka na SSL Asambodo na faịlụ igodo naanị ihe fọdụrụ bụ ime ka modul TLS rụọ ọrụ site na ịmepụta njikọ akara nke tls.conf > faịlụ na enabled-mod ndekọ yana malitegharịa ProFTPD daemon iji tinye mgbanwe.

# ln -s /etc/proftpd/disabled_mod/tls.conf  /etc/proftpd/enabled_mod/
# systemctl restart proftpd

6. Iji gbanyụọ modul TLS dị nnọọ wepụ tls.conf symlink na enabled_mod ndekọ wee malitegharịa ihe nkesa ProFTPD iji tinye mgbanwe.

# rm /etc/proftpd/enabled_mod/tls.conf
# systemctl restart proftpd

Kwụpụ 4: Mepee Firewall iji kwe FTP karịa Nkwukọrịta TLS

7. Ka ndị ahịa wee nweta ProFTPD ma chekwaa faịlụ mbufe na Passive Mode ị ga-emepe oke ọdụ ụgbọ mmiri n'etiti 1024 na 65534 na RHEL. /CentOS Firewall, na-eji iwu ndị a.

# firewall-cmd --add-port=1024-65534/tcp  
# firewall-cmd --add-port=1024-65534/tcp --permanent
# firewall-cmd --list-ports
# firewall-cmd --list-services
# firewall-cmd --reload

Ọ bụ ya. Ugbu a sistemụ gị adịla njikere ịnakwere nzikọrịta ozi FTP na TLS site n'akụkụ ndị ahịa.

Kwụpụ 5: Nweta ProFTPD karịa TLS sitere na ndị ahịa

8. Ihe nchọgharị weebụ na-enwekarị nkwado arụnyere FTP n'elu protocol TLS, ya mere a na-ebufe azụmahịa niile na FTP na-abụghị ezoro ezo. Otu n'ime ndị ahịa FTP kacha mma bụ FileZilla, nke bụ isi mmalite mepere emepe ma nwee ike na-agba ọsọ n'ihe fọrọ nke nta ka ọ bụrụ sistemụ arụmọrụ niile.

Iji nweta FTP n'elu TLS site na FileZilla meghere Onye njikwa saịtị, họrọ FTP na Protocol na Chọọrọ FTP akọwapụta n'elu TLS na Ezo ya ezo menu wedata, họrọ gị Ụdị Logon dị ka Nkịtị, tinye nzere FTP gị wee pịa Jikọọ iji kparịta ụka ya na ihe nkesa.

9. Ọ bụrụ na ọ bụ nke mbụ ị jikọọ na ProFTPD Server a mmapụta na ọhụrụ Asambodo kwesịrị ịpụta, pịa igbe nke na-ekwu Tụkwasị obi mgbe niile akwụkwọ maka ọdịnihu sessions wee kụọ na OK ịnakwere Asambodo wee gosi na sava ProFTPD.

Ọ bụrụ na ị na-eme atụmatụ iji ndị ahịa ndị ọzọ karịa FileZilla iji nweta akụrụngwa FTP na ntụkwasị obi jide n'aka na ha kwadoro FTP karịa ụkpụrụ TLS. Ụfọdụ ezi ihe atụ maka ndị ahịa FTP nwere ike ịsụ FTPS bụ gFTP ma ọ bụ LFTP(ahịrị iwu) maka NIX.