Mepụta Nyefe FTP echekwara na iji SSL/TLS na RHEL 8

N'edemede ikpeazụ anyị, anyị akọwala nke ọma otu esi etinye ma hazie ihe nkesa FTP na RHEL 8 Linux. N'isiokwu a, anyị ga-akọwa otu esi echekwa ihe nkesa FTP site na iji SSL/TLS iji mee ka ọrụ ezoro ezo data maka ịnyefe faịlụ echekwara n'etiti sistemụ.

Anyị na-atụ anya na ị nwetalarị ihe nkesa FTP ma na-arụ ọrụ nke ọma. Ọ bụrụ na ọ bụghị, biko jiri ntuziaka na-esonụ iji wụnye ya na sistemụ gị.

Otu esi etinye, hazie na chekwaa sava FTP na RHEL 8

Nzọụkwụ 1. Ịmepụta SSL/TLS Asambodo na Isi igodo

1. Mepụta ndekọ na-esonụ iji chekwaa SSL/TLS akwụkwọ na isi faịlụ.

# mkdir -p /etc/ssl/vsftpd

2. Na-esote, mepụta SSL/TLS nke aka ya bịanyere aka na ya na igodo nzuzo site na iji iwu a.

# openssl req -x509 -nodes -keyout /etc/ssl/vsftpd/vsftpd.pem -out /etc/ssl/vsftpd/vsftpd.pem -days 365 -newkey rsa:2048

Nke a bụ nkọwa nke ọkọlọtọ ọ bụla ejiri n'iwu dị n'elu.

req – bụ iwu maka njikwa arịrịọ nnabata Asambodo X.509 (CSR).
x509 – pụtara njikwa data asambodo X.509.
ụbọchị – na-akọwa ọnụọgụ ụbọchị asambodo bara uru maka.
key ọhụrụ – ezipụta ihe nhazi igodo akwụkwọ.
rsa:2048 – RSA igodo processor, ga-ewepụta igodo nzuzo 2048.
igodo - na-edozi faịlụ nchekwa igodo.
out – na-edozi faịlụ nchekwa akwụkwọ, mara na a na-echekwa asambodo na igodo n'otu faịlụ: /etc/ssl/vsftpd/vsftpd.pem.

Iwu a dị n'elu ga-akpali gị ịza ajụjụ ndị dị n'okpuru, cheta iji ụkpụrụ na-emetụta ọnọdụ gị.

Country Name (2 letter code) [XX]:IN
State or Province Name (full name) []:Lower Parel
Locality Name (eg, city) [Default City]:Mumbai
Organization Name (eg, company) [Default Company Ltd]:TecMint.com
Organizational Unit Name (eg, section) []:Linux and Open Source
Common Name (eg, your name or your server's hostname) []:tecmint
Email Address []:[email

Nzọụkwụ 2. Ịhazi VSFTPD Iji SSL/TLS

3. Mepee VSFTPD nhazi faịlụ maka edezi site na iji ọkacha mmasị akara nchịkọta akụkọ.

# vi /etc/vsftpd/vsftpd.conf

Tinye usoro nhazi ndị a iji mee ka SSL nwee ike, wee họrọ ụdị SSL na TLS iji, na njedebe nke faịlụ ahụ.

ssl_enable=YES
ssl_tlsv1_2=YES
ssl_sslv2=NO
ssl_sslv3=NO

4. Ọzọ, tinye rsa_cert_file na rsa_private_key_file nhọrọ ezipụta ọnọdụ nke SSL akwụkwọ na isi faịlụ karị.

rsa_cert_file=/etc/ssl/vsftpd/vsftpd.pem
rsa_private_key_file=/etc/ssl/vsftpd/vsftpd.pem

5. Ugbu a tinye paramita ndị a iji gbanyụọ njikọ ndị na-amaghị aha site na iji SSL ma manye njikọ niile na-enweghị aha na SSL.

allow_anon_ssl=NO			# disable anonymous users from using SSL
force_local_data_ssl=YES		# force all non-anonymous logins to use a secure SSL connection for data transfer
force_local_logins_ssl=YES		# force all non-anonymous logins  to send the password over SSL

6. Na-esote, tinye nhọrọ ndị a iji gbanyụọ niile ojiji nke njikọ data SSL wee tọọ SSL ciphers HIGH iji kwe ka njikọ SSL ezoro ezo.

require_ssl_reuse=NO
ssl_ciphers=HIGH

7. Ị ga-akọwapụtakwa ọdụ ụgbọ mmiri (min na max port) nke ọdụ ụgbọ mmiri na-agafe agafe nke vsftpd ga-eji maka njikọ echekwara, na-eji pasv_min_port na pasv_max_port parameters n'otu n'otu. Na mgbakwunye, ị nwere ike ịme ka nbipu SSL dị ka nhọrọ maka nsogbu nsogbu, na-eji nhọrọ debug_ssl.

pasv_min_port=40000
pasv_max_port=50000
debug_ssl=YES

8. N'ikpeazụ, chekwaa faịlụ ma malitegharịa ọrụ vsftpd maka mgbanwe ndị a dị n'elu iji mee ihe.

# systemctl restart vsftpd

9. Otu ọrụ dị oke mkpa ị ga-arụ tupu ị nweta ihe nkesa FTP na nzuzo bụ imepe ọdụ ụgbọ mmiri 990 na 40000-50000 na firewall sistemu. Nke a ga-enye ohere njikọ TLS na ọrụ vsftpd wee mepee ọdụ ụgbọ mmiri nke ọdụ ụgbọ mmiri akọwapụtara na faịlụ nhazi VSFTPD n'otu n'otu, dị ka ndị a.

# firewall-cmd --zone=public --permanent –add-port=990/tcp
# firewall-cmd --zone=public --permanent –add-port=40000-50000/tcp
# firewall-cmd --reload

Kwụpụ 3: Wụnye FileZilla ka ị jikọọ na nchekwa na sava FTP

10. Iji jikọọ na nchekwa na sava FTP, ịchọrọ onye ahịa FTP nke na-akwado njikọ SSL/TLS dị ka FileZilla - bụ ebe mepere emepe, ejiri ọtụtụ ebe, FTP, SFTP, na onye ahịa FTPS na-akwado njikọ SSL/TLS. na ndabara.

Wụnye FileZilla na Linux site na iji njikwa ngwugwu ndabere gị dị ka ndị a:

$ sudo apt-get install filezilla   		#Debian/Ubuntu
# yum install epel-release filezilla		#On CentOS/RHEL
# dnf install filezilla			        #Fedora 22+
$ sudo zypper install filezilla			#openSUSE

11. Mgbe etinyere ngwugwu Filezilla, chọọ ya na menu usoro wee mepee ya. Iji jikọọ sava FTP dịpụrụ adịpụ ngwa ngwa, site na isi interface, nye adreesị IP onye ọbịa, Aha njirimara, na paswọọdụ onye ọrụ. Wee pịa QuickConnect.

12. Mgbe ahụ, ngwa ahụ ga-ajụ gị ka ị kwe ka njikọ dị nchebe site na iji akwụkwọ amaghị, nke aka ya bịanyere aka na ya. Pịa OK ka ịga n'ihu.

Ọ bụrụ na nhazi na ihe nkesa dị mma, njikọ kwesịrị ịga nke ọma dị ka egosiri na nseta ihuenyo na-esonụ.

13. N'ikpeazụ, nwalee FTP ala njikọ ọnọdụ site na-agbalị bulite faịlụ site na igwe gị na ihe nkesa dị ka e gosiri na-esote nseta ihuenyo.

Ọ gwụla! N'isiokwu a, anyị gosipụtara otu esi echekwa ihe nkesa FTP site na iji SSL/TLS maka ịnyefe faịlụ echekwara na RHEL 8. Nke a bụ akụkụ nke abụọ nke nduzi zuru oke anyị iji wụnye, hazie na chekwaa ihe nkesa FTP na RHEL 8. Iji kesaa ajụjụ ọ bụla. ma ọ bụ echiche, jiri ụdị nzaghachi dị n'okpuru.