如何在 CentOS 5.5配置PureFTPd的TSL协议进行远程连接?

         FTP是一个很不安全的协议,因为密码和所有数据都是通过一般文本传输的,利用TSL协议,会使整个通信即可加密,从容使FTP更安全。本文介绍了如何在 CentOS 5.5配置PureFTPd的TSL协议进行远程连接。

 我不敢保证这个方法对你也适用。

1初步注释;

你应该有一个工作PureFTPd安装在你的CentOS 5.5服务器,

 安装OpenSSL:

TSL协议需要OpenSSL支持,去安装OpenSSl, 我们现在运行,

yum install openssl

配置PureFTPd:

打开:/etc/pure-ftpd/pure-ftpd.conf...

vi /etc/pure-ftpd/pure-ftpd.conf

如果你想让PureFTPd与TSL通信,设置TLS为1:

[...]
# This option can accept three values :
# 0 : disable SSL/TLS encryption layer (default).
# 1 : accept both traditional and encrypted sessions.
# 2 : refuse connections that don't use SSL/TLS security mechanisms,
#     including anonymous sessions.
# Do _not_ uncomment this blindly. Be sure that :
# 1) Your server has been compiled with SSL/TLS support (--with-tls),
# 2) A valid certificate is in place,
# 3) Only compatible clients will log in.

TLS                      1
[...]

如果你想只设置TLS通信,设置TLS为2;

[...]
# This option can accept three values :
# 0 : disable SSL/TLS encryption layer (default).
# 1 : accept both traditional and encrypted sessions.
# 2 : refuse connections that don't use SSL/TLS security mechanisms,
#     including anonymous sessions.
# Do _not_ uncomment this blindly. Be sure that :
# 1) Your server has been compiled with SSL/TLS support (--with-tls),
# 2) A valid certificate is in place,
# 3) Only compatible clients will log in.

TLS                      2
[...]

不容许TLS协议,容许FTP,设置TLS 为0:

[...]
# This option can accept three values :
# 0 : disable SSL/TLS encryption layer (default).
# 1 : accept both traditional and encrypted sessions.
# 2 : refuse connections that don't use SSL/TLS security mechanisms,
#     including anonymous sessions.
# Do _not_ uncomment this blindly. Be sure that :
# 1) Your server has been compiled with SSL/TLS support (--with-tls),
# 2) A valid certificate is in place,
# 3) Only compatible clients will log in.

TLS                      0
[...]

创建TLS中lls证书:

为了使用TLS,我们必须创建一种ssl 证书,我创建在/etc/ssl/private/目录:

 

改变SSL许可证书:

6.连接地址:

  • PureFTPd: http://www.pureftpd.org/
  • FileZilla: http://filezilla-project.org/
  • CentOS: http://www.centos.org/


 

chmod 600 /etc/ssl/private/pure-ftpd.pem

最后重启PureFTPd:

/etc/init.d/pure-ftpd restart

就是这样。现在你可以尝试连接使用你的FTP客户端,但是,你应该配置你的FTP客户端使用TLS ,看下一章与FileZilla如何做到这一点

FileZilla为TLS 5配置

了使用FTP和TLS协议,就需要一种的FTP客户端,支持TLS协议,例如FileZillaFileZilla.

在FileZilla,打开服务器管理:

选择服务器,使用PureFTPd;与TLS Server Type服务器类型菜单中,选择 FTPES代替普通 FTP:

现在你可以连接到服务器,如果你第一次连接,就必须服务器的新SSL证书:

如果一切正常,你现在能登陆到服务器上:

mkdir -p /etc/ssl/private/

然后我们可以产生证书,如下:

openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem

Country Name (2 letter code) [GB]: <-- Enter your Country Name (e.g., "DE").
State or Province Name (full name) [Berkshire]:
<-- Enter your State or Province Name.
Locality Name (eg, city) [Newbury]:
<-- Enter your City.
Organization Name (eg, company) [My Company Ltd]:
<-- Enter your Organization Name (e.g., the name of your company).
Organizational Unit Name (eg, section) []:
<-- Enter your Organizational Unit Name (e.g. "IT Department").
Common Name (eg, your name or your server's hostname) []:
<-- Enter the Fully Qualified Domain Name of the system (e.g. "server1.example.com").
Email Address []:
<-- Enter your Email Address.

你可能感兴趣的:(通信,centos,服务器,密码,5.5,pureftpd)