LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   ftp over ssl or ftps://.. (http://www.linuxquestions.org/questions/linux-security-4/ftp-over-ssl-or-ftps-465493/)

dsids 07-19-2006 06:53 AM

ftp over ssl or ftps://..
 
Hi,
Im trying to use ftp over ssl, that is, ftps. For that I installed an
rpm package of vsftpd and then made the following changes to
vsftpd.conf

ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=NO
force_local_logins_ssl=YES

ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO

rsa_cert_file=/etc/pki/tls/certs/vsftpd.pem

..
1) Now when I use a ftp client like smartFTP from windows using the
option FTP over SSL explicit, It connects to the vsftpd server on my
linux box,
2) but when I type the url ftp://192.168.10.240 (IE or Firefox) of my
linux box, it asks me for the username and pass which I give..
3) after which it gives me an error that non anonymous sessions must
use encryption.

Im lost....Please advise where is the error..

I want that by typing
ftps://192.168.10.240
I should be able to trafer data securely..

Thank you
Danish

dsids 07-19-2006 08:16 AM

I would like to add that I created the certificate (pem file) and then stripped the certificate from all its text to keep only the -CERTIFICATE- section by doing...
#openssl x509 -in vsftpd.pem -out cacert.crt

I then scp'd the cacert.crt to a windows machine. Right clicked the cacert.crt on windows desktop and installed it using the wizard, but still I get the same error message..

login denied: non anonymous sessions must be encrypted...

Please advise

Thanks
Danish

twantrd 07-20-2006 07:15 PM

I have never really setup ftps before so I can't really help you. However, why not use scp? For your clients, tell them to install winscp and then they're good to go.

-twantrd

Matir 07-20-2006 07:17 PM

I don't believe that IE and Firefox support ftps.

dsids 07-21-2006 12:49 AM

Quote:

Originally Posted by twantrd
I have never really setup ftps before so I can't really help you. However, why not use scp? For your clients, tell them to install winscp and then they're good to go.

-twantrd

Installing ftp clients on each n every machine in the LAN can be a pain..especialy if the clients are just interested in accessing ftp through the url...

Matir...Ill have to check on the support n get back...


Thanks
Danish


All times are GMT -5. The time now is 11:31 PM.