How to deploy FTPS service on Linux system

Method of deploying FTPS service on Linux system

With the increasing awareness of network security, more and more websites and applications have begun to adopt encrypted transmission protocols to protect the security of data. FTPS (File Transfer Protocol Secure) is an FTP protocol based on TLS/SSL encryption, which can provide higher security during data transmission. This article will introduce how to deploy FTPS service on Linux system and provide specific code examples.

Step 1: Install vsftpd

First, we need to install the vsftpd service as an FTPS server. Enter the following command in the terminal to install vsftpd:

sudo apt-get update
sudo apt-get install vsftpd

After the installation is completed, the vsftpd service will automatically start and listen on TCP port 21 by default.

Step 2: Configure vsftpd

Next, we need to configure the vsftpd service to support FTPS. Edit the vsftpd configuration file /etc/vsftpd.conf. You can use vi or other text editors to modify it:

sudo vi /etc/vsftpd.conf

Add the following content to the configuration file to enable FTPS and configure encryption options:

ssl_enable=YES
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
require_ssl_reuse=NO
ssl_ciphers=HIGH

The meaning of the above configuration is to enable SSL, specify the path of the SSL certificate and private key, prohibit anonymous SSL access, force local data and login to use SSL, specify the SSL protocol version as TLSv1, and disable SSLv2 and SSLv3 , set the SSL cipher suite to high-strength encryption.

After saving and closing the configuration file, restart the vsftpd service to make the configuration take effect:

sudo systemctl restart vsftpd

Step 3: Configure the firewall

If the system is turned on The firewall needs to allow data transfer ports for FTP and FTPS services. By default, FTPS uses TCP ports 990 and 989 as data transfer ports. Open these two ports using the following command:

sudo ufw allow 990/tcp
sudo ufw allow 989/tcp

Step Four: Test the FTPS Service

Now, you can use an FTP client to connect to your FTPS server. Enter your server IP address, username and password in the FTP client, and select the FTPS connection method. If everything is set up correctly, you should be able to successfully connect to the FTPS server and perform file transfer operations.

Summary

In this article, we introduced the method of deploying FTPS service on Linux system, including installing vsftpd, configuring vsftpd, configuring firewall and testing FTPS service. Through the above steps, you can successfully deploy and use the FTPS service on your Linux system to protect the security of data transmission. Hope this article helps you!

The above is the detailed content of How to deploy FTPS service on Linux system. For more information, please follow other related articles on the PHP Chinese website!