Setting Up A Secure FTP Site Under RHEL 5.3
I have recently setup a RHEL 5.3 server primarily to be used as an Apache web server. I also now have a requirement to have this server also service SFTP requests for uploading/downloading files.
1. By default RHEL 5.3 allows SFTP (over TCP port 22). However when searching for SFTP site setup I've come across the fact that RedHat recommends using vsftpd. So if I configure vsftpd, what happens to the default SFTP and the ability to remotely use something like PuTTY to SSH into the server? Really looking to see if SFTP or vsftpd is best. Also, is vsftpd as or more secure than FTP over SSH? 2. I've set aside a separate disk parition (to keep it away from the system partition to help lock down security) for the SFTP site. So I want to use that as the default SFTP root directory structure. How can this be achieved? 3. My requirements dictate 3 separate directories need to be used, each with their own associated SFTP user. The user can only read/write it's own directory structure and cannot navigate out of it. Also there will be a SFTP super user able to navigate through each of the 3 directory structures mentioned, but will not be able to navigate out of it's home directory. Can this be done, if so how? There will be no SSL certificates in play at the moment. I'm more concerned about getting things setup and working correctly first. However there may be a requirement to use them later. The site will be accessed over the Internet initially, hence the reason I'm looking to make it as secure as possible while getting it up and running quickly. TIA. |
Quote:
Quote:
Quote:
|
I have decided to go with vsftpd and have the FTP site running as I would like. I now do need to add SSL into the mix (customer's request). I already have a wildcard cert on the server and was hoping to use this by putting the follow directives into the vsftpd.conf file:
dsa_cert_file=/usr/share/ssl/certs/<certificate_file> dsa_private_key_file=/usr/share/ssl/certs/<certificate_key_file> Is there anything else I'm missing regarding setup for SSL encryption? When running a FTPS connection using FileZilla I get the following: Status: Connecting to <server_IP>:990... Status: Connection attempt failed with "ECONNREFUSED - Connection refused by server". Error: Could not connect to server Status: Waiting to retry... This test is being run with iptables off. Could it be because the server is not fully commissioned yet, the certificate is causing this error. |
Quote:
http://www.cyberciti.biz/tips/config...a-ssl-tls.html may help. Also, be aware that you need to have an FTP client that is certificate-aware. |
All times are GMT -5. The time now is 04:58 PM. |