Vsftp-2.2.2安装部署-TSL
1.安装vsftpd
yum install vsftpd -y /etc/init.d/vsftpd start chkconfig vsftpd on
2.配置pem SSL
penssl req -x509 -days 365 -newkey rsa:2048 -nodes -keyout /etc/vsftpd/vsftpd.pem -out /etc/vsftpd/vsftpd.pem
3.配置vsftpd.conf文件
cp /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf.bak vim /etc/vsftpd/vsftpd.conf # listen=YES listen_port=2100 pasv_enable=YES pasv_max_port=65535 pasv_min_port=64000 # 匿名用户相关 anonymous_enable=NO anon_upload_enable=NO anon_mkdir_write_enable=NO anon_world_readable_only=NO anon_other_write_enable=NO # 本地用户相关 local_enable=YES write_enable=YES local_umask=022 chroot_local_user=YES dirmessage_enable=YES pam_service_name=vsftpd userlist_enable=YES tcp_wrappers=YES # 日志相关 xferlog_enable=YES xferlog_std_format=NO xferlog_file=/var/log/vsftpd.log log_ftp_protocol=YES debug_ssl=YES # enable TLS/SSL,force client to use TLS when logging in ssl_enable=YES allow_anon_ssl=NO force_local_data_ssl=YES force_local_logins_ssl=YES ssl_tlsv1=YES ssl_sslv2=NO ssl_sslv3=NO require_ssl_reuse=NO ssl_ciphers=HIGH # specify SSL certificate/private key (Debian/Ubuntu) # For CentOS/Fedora/RHEL, replace it with /etc/vsftpd/vsftpd.pem rsa_cert_file=/etc/vsftpd/vsftpd.pem rsa_private_key_file=/etc/vsftpd/vsftpd.pem # bandwidth allocation per anonymous session is set to roughly 30 KB/s ## #anon_max_rate=30000 # each local user is granted roughly 30 KB/s bandwidth ## #local_max_rate=30000 # client session is terminated after being idle for 300 seconds ## #idle_session_timeout=300 # maximum number of connections per source IP, which can help secure against DoS and DDoS attacks ## #max_per_ip=50
4.修改了vsftpd配置文件需要重启服务
/etc/init.d/vsftpd restart
5.开放防火墙端口及selinux
# iptables -I INPUT -p tcp --dport 2100 -j ACCEPT # iptables -I INPUT -p tcp --dport 64000:65535 -j ACCEPT vim /etc/sysconfig/iptables -A INPUT -p tcp --dport 2100 -j ACCEPT -A INPUT -p tcp --dport 64000:65535 -j ACCEPT setenforce 0 vim /etc/sysconfig/selinux SELINUX=disabled
# http://xmodulo.com/secure-ftp-service-vsftpd-linux.html
浙公网安备 33010602011771号