반응형
FTPS(FTP + SSL/TLS) 서버를 구성하는 방법(vsftpd)
vsftpd(vsftpd Very Secure FTP Daemon)는 Linux 및 Unix 시스템에서 매우 안전한 FTP 서버를 구성하는 데 사용되는 소프트웨어입니다. 이를 사용하여 FTPS(FTP + SSL/TLS) 서버를 구성합니다.
테스트 환경
$ cat /etc/redhat-release
CentOS Linux release 7.9.2009 (Core)
- vsftpd 설치
yum install -y vsftpd
systemctl --now enable vsftpd
FTPS 서버 구성(FTP + SSL/TLS)
- ftps 포트 확인
cat /etc/services | grep ftps
$ cat /etc/services | grep ftps
ftps-data 989/tcp # ftp protocol, data, over TLS/SSL
ftps-data 989/udp # ftp protocol, data, over TLS/SSL
ftps 990/tcp # ftp protocol, control, over TLS/SSL
ftps 990/udp # ftp protocol, control, over TLS/SSL
- vsftpd990.conf 파일 설정
cp /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd990.conf
vim /etc/vsftpd/vsftpd990.conf
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
vsftpd_log_file=/var/log/vsftpd/vsftpd.log
dual_log_enable=YES
xferlog_file=/var/log/vsftpd/xferlog.log
xferlog_std_format=YES
log_ftp_protocol=YES
connect_from_port_20=YES
xferlog_std_format=YES
listen=YES
listen_ipv6=NO
listen_port=990
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
require_ssl_reuse=NO
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
ssl_ciphers=HIGH
rsa_cert_file=/etc/ssl/vsftpd_cert.pem
rsa_private_key_file=/etc/ssl/vsftpd_key.pem
728x90
- vsftpd990.service 파일 생성
cp /usr/lib/systemd/system/vsftpd.service /usr/lib/systemd/system/vsftpd990.service
vim /usr/lib/systemd/system/vsftpd990.service
[Unit]
Description=Vsftpd ftp daemon
After=network.target
[Service]
Type=forking
ExecStart=/usr/sbin/vsftpd /etc/vsftpd/vsftpd990.conf
[Install]
WantedBy=multi-user.target
※ 자동으로 생성됨
$ ln -s /usr/lib/systemd/system/vsftpd990.service /etc/systemd/system/multi-user.target.wants/vsftpd990.service
- SSL/TLS 인증서 생성
openssl req -x509 -days 3650 -newkey rsa:2048 -nodes -keyout /etc/ssl/vsftpd_key.pem -out /etc/ssl/vsftpd_cert.pem
$ openssl req -x509 -days 3650 -newkey rsa:2048 -nodes -keyout /etc/ssl/vsftpd_key.pem -out /etc/ssl/vsftpd_cert.pem
Generating a 2048 bit RSA private key
...+++
.+++
writing new private key to '/etc/ssl/vsftpd_key.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:KR
State or Province Name (full name) []:Seoul
Locality Name (eg, city) [Default City]:Jongno-gu
Organization Name (eg, company) [Default Company Ltd]:sangchul
Organizational Unit Name (eg, section) []:infra team
Common Name (eg, your name or your server's hostname) []:ftps.sangchul.kr
Email Address []:admin@sangchul.kr
- vsftpd 재시작
systemctl restart vsftpd990
systemctl status vsftpd990
$ systemctl status vsftpd990
● vsftpd990.service - Vsftpd ftp daemon
Loaded: loaded (/usr/lib/systemd/system/vsftpd990.service; enabled; vendor preset: disabled)
Active: active (running) since 화 2021-05-18 09:05:32 KST; 3min 28s ago
Process: 9834 ExecStart=/usr/sbin/vsftpd /etc/vsftpd/vsftpd990.conf (code=exited, status=0/SUCCESS)
Main PID: 9835 (vsftpd)
Tasks: 3
Memory: 1.1M
CGroup: /system.slice/vsftpd990.service
├─9835 /usr/sbin/vsftpd /etc/vsftpd/vsftpd990.conf
├─9880 /usr/sbin/vsftpd /etc/vsftpd/vsftpd990.conf
└─9882 /usr/sbin/vsftpd /etc/vsftpd/vsftpd990.conf
참고URL
- ftps 클라이언트 접속 방법 : https://scbyun.com/977
- ftps(ftp+ssl) 설치 및 서버 구성(vsftpd) : https://scbyun.com/436
728x90
반응형
'리눅스' 카테고리의 다른 글
리눅스에서 네트워크 어댑터의 MTU를 변경하는 방법(Adapter MTU 변경) (0) | 2021.05.25 |
---|---|
lftp와 FileZilla를 사용한 FTPS 클라이언트 설정 방법 (1) | 2021.05.18 |
CentOS 7에서 vsftpd 데몬을 추가 구성하는 방법 (0) | 2021.05.18 |
rsync 명령어 (0) | 2021.05.13 |
Nginx의 액세스 로그에서 공격자 IP(attacker ip) 주소를 추출하는 방법 (0) | 2021.05.04 |