CentOS 6.3下安装加密的vsftpd

1.vim /etc/sysconfig/iptables

-A INPUT -p TCP --dport 21 --sport 1024:65534 -j ACCEPT

-A INPUT -p TCP --dport 65400:65410 --sport 1024:65534 -j ACCEPT

2.vim /etc/sysconfig/iptables-config

IPTABLES_MODULES="ip_nat_ftp ip_conntrack_ftp"

3.vim /etc/sysconfig/vsftpd.conf

ssl_enable=YES

ssl_ciphers=AES128-SHA

allow_anon_ssl=NO

force_local_data_ssl=YES

force_local_logins_ssl=YES

ssl_tlsv1=YES

ssl_sslv2=NO

ssl_sslv3=NO

rsa_cert_file=/etc/vsftpd/vsftpd.pem

max_clients=50

max_per_ip=5

use_localtime=yes

ftpd_banner=Welcome.

dual_log_enable=YES

pasv_min_port=65400

pasv_max_port=65410

4.生成vsftpd.pem

[root@www ~]# cd /etc/pki/tls/certs

[root@www certs]# make vsftpd.pem

----- ....(前面省略)....

Country Name (2 letter code) [XX]:TW

State or Province Name (full name) []:Taiwan

Locality Name (eg, city) [Default City]:Tainan

Organization Name (eg, company) [Default Company Ltd]:KSU

Organizational Unit Name (eg, section) []:DIC

Common Name (eg, your name or your server's hostname) []:www.centos.vbird

Email Address []:root@www.centos.vbird

[root@www certs]# cp -a vsftpd.pem /etc/vsftpd/

[root@www certs]# ll /etc/vsftpd/vsftpd.pem

-rw-------. 1 root root 3116 2011-08-08 16:52 /etc/vsftpd/vsftpd.pem

# 要注意一下權限喔！

5.selinux

[root@www ~]# setsebool -P ftp_home_dir=1

6.chkconfig

chkconfig vsftpd on

7.添加用户

useradd -d /home/wwwroot/ftpuser -g ftp -s /sbin/nologin ftpuser

8.restart

service vsftpd restart

service iptables restart

注：

指定ssl_ciphers=AES128-SHA很重要，否则不能正确读取证书

证书及证书所在目录的权限也可能造成读取证书问题。

参考：
http://linux.vbird.org/linux_server/0410vsftpd.php http://www.centos.bz/2011/03/centos-install-vsftpd-ftp-server/ http://www.centos.bz/category/ftp/vsftpd-ftp/ http://www.cmdsir.com/linux/centos6-3-vsftp-ssl.cgi
本文出自 “GONE WITH THE WIND” 博客，请务必保留此出处http://h2appy.blog.51cto.com/609721/1111747