Ịtọlite Secure FTP Server iji SSL/TLS na Ubuntu
N'ime nkuzi a, anyị ga-akọwa otu esi echekwa sava FTP (VSFTPD na-anọchi anya FTP Daemon dị ezigbo nchebe) site na iji SSL/TLS na Ubuntu 16.04/16.10.
Ọ bụrụ na ị na-achọ ịtọlite sava FTP echekwara maka nkesa dabere na CentOS, ị nwere ike ịgụ - Chekwaa sava FTP site na iji SSL/TLS na CentOS.
Mgbe anyị gbasoro usoro dị iche iche dị na ntuziaka a, anyị ga-amụtala isi ihe na-enyere aka ọrụ nzuzo na sava FTP maka ịnyefe data echekwara dị oke mkpa.
- Ị ga-arụnye ma hazie sava FTP na Ubuntu
Tupu anyị aga n'ihu, jide n'aka na iwu niile dị n'isiokwu a ga-agba ọsọ dị ka mgbọrọgwụ ma ọ bụ akaụntụ sudo privileged.
Kwụpụ 1: Ịmepụta SSL/TLS Asambodo maka FTP na Ubuntu
1. Anyị ga-amalite site na ịmepụta subdirectory n'okpuru: /etc/ssl/ iji chekwaa SSL/TLS akwụkwọ na isi faịlụ ma ọ bụrụ na ọ dịghị:
$ sudo mkdir /etc/ssl/private
2. Ugbu a, ka anyị mepụta akwụkwọ na igodo n'otu faịlụ, site na ịme iwu dị n'okpuru.
$ sudo openssl req -x509 -nodes -keyout /etc/ssl/private/vsftpd.pem -out /etc/ssl/private/vsftpd.pem -days 365 -newkey rsa:2048
Iwu dị n'elu ga-akpali gị ịza ajụjụ ndị dị n'okpuru, echefula itinye ụkpụrụ ndị dabara na ọnọdụ gị.
Country Name (2 letter code) [XX]:IN State or Province Name (full name) []:Lower Parel Locality Name (eg, city) [Default City]:Mumbai Organization Name (eg, company) [Default Company Ltd]:TecMint.com Organizational Unit Name (eg, section) []:Linux and Open Source Common Name (eg, your name or your server's hostname) []:tecmint Email Address []:[email
Kwụpụ 2: Ịhazi VSFTPD iji SSL/TLS na Ubuntu
3. Tupu anyị emee nhazi VSFTPD ọ bụla, maka ndị nwere ọkụ ọkụ UFW, ị ga-emepe ọdụ ụgbọ mmiri 990 na 40000-50000 iji kwe ka njikọ TLS na ọdụ ụgbọ mmiri nke ọdụ ụgbọ mmiri na-agafe agafe ka ịtọ na faịlụ nhazi VSFTPD n'otu n'otu:
$ sudo ufw allow 990/tcp $ sudo ufw allow 40000:50000/tcp $ sudo ufw status
4. Ugbu a, mepee faịlụ nhazi VSFTPD ma kọwaa nkọwa SSL dị na ya:
$ sudo vi /etc/vsftpd/vsftpd.conf OR $ sudo nano /etc/vsftpd/vsftpd.conf
Mgbe ahụ, tinye ma ọ bụ chọta nhọrọ ssl_enable
wee tọọ uru ya YES iji mee ka ojiji nke SSL rụọ ọrụ, ọzọ, n'ihi na TLS dị nchebe karịa SSL, anyị ga-amachibido VSFTPD iji TLS kama, site n'ịkwalite ssl_tlsv1
nhọrọ:
ssl_enable=YES ssl_tlsv1=YES ssl_sslv2=NO ssl_sslv3=NO
5. Ọzọ, jiri akara #
kọwaa ahịrị ndị dị n'okpuru dị ka ndị a:
#rsa_cert_file=/etc/ssl/private/ssl-cert-snakeoil.pem #rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
E mesịa, tinye ahịrị ndị dị n'okpuru iji kọwaa ebe akwụkwọ SSL na faịlụ igodo dị:
rsa_cert_file=/etc/ssl/private/vsftpd.pem rsa_private_key_file=/etc/ssl/private/vsftpd.pem
6. Ugbu a, anyị ga-egbochi ndị ọrụ na-amaghị aha iji SSL, wee manye ndị niile na-amaghị aha logins iji njikọ SSL echekwara maka ịnyefe data na izipu paswọọdụ n'oge nbanye:
allow_anon_ssl=NO force_local_data_ssl=YES force_local_logins_ssl=YES
7. Ọzọkwa, anyị nwere ike iji nhọrọ dị n'okpuru ebe a iji gbakwunye atụmatụ nchekwa na sava FTP. Na nhọrọ require_ssl_reuse=YES
, a chọrọ njikọ data SSL niile iji gosipụta ojiji ọzọ nke oge SSL; na-egosi na ha maara otu ihe nzuzo nzuzo dị ka ọwa njikwa. Yabụ, anyị kwesịrị gbanyụọ ya.
require_ssl_reuse=NO
Na mgbakwunye, anyị nwere ike ịtọ nke SSL ciphers VSFTPD ga-enye ohere maka njikọ SSL ezoro ezo na nhọrọ ssl_ciphers
. Nke a ga-enyere aka imebi mbọ ọ bụla nke ndị na-awakpo na-anwa ịmanye otu akara nke ha nwere ike chọpụta adịghị ike na:
ssl_ciphers=HIGH
8. Mgbe ahụ, ka anyị kọwaa ọdụ ụgbọ mmiri (min na max port) nke ọdụ ụgbọ mmiri na-agafe agafe.
pasv_min_port=40000 pasv_max_port=50000
9. Iji mee ka SSL debugging, nke pụtara openSSL njikọ nchọpụta na-dekọrọ na VSFTPD log faịlụ, anyị nwere ike iji debug_ssl
nhọrọ:
debug_ssl=YES
N'ikpeazụ chekwaa faịlụ ma mechie ya. Mgbe ahụ malitegharịa ọrụ VSFTPD:
$ systemctl restart vsftpd
Kwụpụ 3: Nyochaa FTP na njikọ SSL/TLS na Ubuntu
10. Mgbe ịmechara nhazi niile dị n'elu, nwalee ma ọ bụrụ na VSFTPD na-eji njikọ SSL/TLS ugbu a site n'ịgbalị iji FTP site na akara iwu dị n'okpuru.
Site na mmepụta dị n'okpuru, enwere ozi njehie na-agwa anyị VSFTPD nwere ike ikwe ka ndị ọrụ (na-enweghị aha) banye n'aka ndị ahịa nwere nchebe na-akwado ọrụ nzuzo.
$ ftp 192.168.56.10 Connected to 192.168.56.10 (192.168.56.10). 220 Welcome to TecMint.com FTP service. Name (192.168.56.10:root) : ravi 530 Non-anonymous sessions must use encryption. Login failed. 421 Service not available, remote server has closed connection ftp>
Ahịrị iwu anaghị akwado ọrụ ezoro ezo wee bute njehie dị n'elu. Ya mere, iji jikọọ na nchekwa na sava FTP yana ọrụ ezoro ezo enyere, anyị chọrọ onye ahịa FTP nke na-akwado njikọ SSL/TLS na ndabara, dị ka FileZilla.
Kwụpụ 4: Wụnye FileZilla na ndị ahịa iji jikọọ FTP na nzuzo
FileZilla bụ onye ahịa FTP cross-platform dị ike, nke na-akwado FTP karịa SSL/TLS na ndị ọzọ. Iji tinye FileZilla na igwe ahịa Linux, jiri iwu na-esonụ.
--------- On Debian/Ubuntu --------- $ sudo apt-get install filezilla --------- On CentOS/RHEL/Fedora --------- # yum install epel-release filezilla --------- On Fedora 22+ --------- $ sudo dnf install filezilla
12. Ozugbo nrụnye ahụ mechara, mepee ya ma gaa na File=>Sites Manager ma ọ bụ (pịa Ctrl + S) iji nweta interface njikwa saịtị n'okpuru.
13. Ugbu a, kọwapụta aha onye ọbịa/saịtị, tinye adreesị IP, kọwapụta protocol iji, izo ya ezo na ụdị logon dị ka ọ dị na nseta ihuenyo dị n'okpuru (jiri ụkpụrụ na-emetụta ọnọdụ gị):
Pịa bọtịnụ saịtị ọhụrụ iji hazie njikọ saịtị/ọbịa ọhụrụ.
Host: 192.168.56.10 Protocol: FTP – File Transfer Protocol Encryption: Require explicit FTP over #recommended Logon Type: Ask for password #recommended User: username
14. Wee pịa Jikọọ site na interface dị n'elu iji tinye paswọọdụ, wee nyochaa akwụkwọ a na-eji maka njikọ SSL/TLS, wee pịa OK ọzọ iji jikọọ na sava FTP:
15. Ugbu a, ị kwesịrị ịbanye nke ọma na sava FTP n'elu njikọ TLS, lelee ngalaba ọnọdụ njikọ maka ozi ndị ọzọ site na interface dị n'okpuru.
16. N'ikpeazụ, ka anyị nyefee faịlụ site na igwe mpaghara gaa na ihe nkesa FTP na nchekwa faịlụ, lee anya na njedebe dị ala nke FileZilla interface iji lelee akụkọ gbasara ịnyefe faịlụ.
Ọ gwụla! Na-echeta mgbe niile na ịwụnye ihe nkesa FTP na-enweghị ike ọrụ ezoro ezo nwere ụfọdụ ihe nchekwa. Dịka anyị kọwara na nkuzi a, ị nwere ike hazie sava FTP ka ọ jiri njikọ SSL/TLS mejuputa nchekwa na Ubuntu 16.04/16.10.
Ọ bụrụ na ị na-eche nsogbu ọ bụla ihu na ịtọlite SSL/TLS na sava FTP, jiri ụdị nkọwa dị n'okpuru kesaa nsogbu gị ma ọ bụ echiche gị gbasara nkuzi/isiokwu a.