FTP是一个很不安全的协议,因为密码和所有数据都是通过一般文本传输的,利用TSL协议,会使整个通信即可加密,从容使FTP更安全。本文介绍了如何在 CentOS 5.5配置PureFTPd的TSL协议进行远程连接。
我不敢保证这个方法对你也适用。
1初步注释;
你应该有一个工作PureFTPd安装在你的CentOS 5.5服务器,
安装OpenSSL:
TSL协议需要OpenSSL支持,去安装OpenSSl, 我们现在运行,
yum install openssl
配置PureFTPd:
打开:/etc/pure-ftpd/pure-ftpd.conf...
vi /etc/pure-ftpd/pure-ftpd.conf
如果你想让PureFTPd与TSL通信,设置TLS为1:
[...] # This option can accept three values : # 0 : disable SSL/TLS encryption layer (default). # 1 : accept both traditional and encrypted sessions. # 2 : refuse connections that don't use SSL/TLS security mechanisms, # including anonymous sessions. # Do _not_ uncomment this blindly. Be sure that : # 1) Your server has been compiled with SSL/TLS support (--with-tls), # 2) A valid certificate is in place, # 3) Only compatible clients will log in. TLS 1 [...]
如果你想只设置TLS通信,设置TLS为2;
[...] # This option can accept three values : # 0 : disable SSL/TLS encryption layer (default). # 1 : accept both traditional and encrypted sessions. # 2 : refuse connections that don't use SSL/TLS security mechanisms, # including anonymous sessions. # Do _not_ uncomment this blindly. Be sure that : # 1) Your server has been compiled with SSL/TLS support (--with-tls), # 2) A valid certificate is in place, # 3) Only compatible clients will log in. TLS 2 [...]
不容许TLS协议,容许FTP,设置TLS 为0:
[...] # This option can accept three values : # 0 : disable SSL/TLS encryption layer (default). # 1 : accept both traditional and encrypted sessions. # 2 : refuse connections that don't use SSL/TLS security mechanisms, # including anonymous sessions. # Do _not_ uncomment this blindly. Be sure that : # 1) Your server has been compiled with SSL/TLS support (--with-tls), # 2) A valid certificate is in place, # 3) Only compatible clients will log in. TLS 0 [...]
创建TLS中lls证书:
为了使用TLS,我们必须创建一种ssl 证书,我创建在/etc/ssl/private/目录:
改变SSL许可证书:
6.连接地址:
chmod 600 /etc/ssl/private/pure-ftpd.pem
最后重启PureFTPd:
/etc/init.d/pure-ftpd restart
就是这样。现在你可以尝试连接使用你的FTP客户端,但是,你应该配置你的FTP客户端使用TLS ,看下一章与FileZilla如何做到这一点
FileZilla为TLS 5配置
了使用FTP和TLS协议,就需要一种的FTP客户端,支持TLS协议,例如FileZillaFileZilla.
在FileZilla,打开服务器管理:
选择服务器,使用PureFTPd;与TLS Server Type服务器类型菜单中,选择 FTPES代替普通 FTP:
现在你可以连接到服务器,如果你第一次连接,就必须服务器的新SSL证书:
如果一切正常,你现在能登陆到服务器上:
mkdir -p /etc/ssl/private/
然后我们可以产生证书,如下:
openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem
Country Name (2 letter code) [GB]: <-- Enter your Country Name (e.g., "DE").
State or Province Name (full name) [Berkshire]: <-- Enter your State or Province Name.
Locality Name (eg, city) [Newbury]: <-- Enter your City.
Organization Name (eg, company) [My Company Ltd]: <-- Enter your Organization Name (e.g., the name of your company).
Organizational Unit Name (eg, section) []: <-- Enter your Organizational Unit Name (e.g. "IT Department").
Common Name (eg, your name or your server's hostname) []: <-- Enter the Fully Qualified Domain Name of the system (e.g. "server1.example.com").
Email Address []: <-- Enter your Email Address.