Very Secure FTP on Centos Server
For this blog post I will be using a VSFTPD as a fast, realible and very secure SFTP server for transferring data between client and server sites. One notice FTP is inherently insecure. If you must use FTP, consider securing your FTP connection with SSL/TLS. Otherwise, it is best to use SFTP, a secure alternative to FTP.
I have a basic built of Centos 6.5 server that is updated with the latest kernel and important security packages for this example. Once we have configured and installed the SFTP server, you will need a SFTP client application to test the connection. I often use Filezilla or WinScp as a alternative application.
Login via ssh to your Linux server and use the su command to become root and start the package installation. At the picture below this is a simple first step.
After this issues a simple command to install the VSFTPD package on your linux server:
yum install vsftpd
After this command issued you should have the package installed and as an example on the next picture I have shown here.
Also for a public server, should be a FTP connection availlable if the client has no possibility to use the SFTP protocol with this software. Then we can install also these packages.
yum install ftp
Now a ftp server should be installed and default configured as an service on your Centos machine.
BASIC VSFTPD CONFIGURATION
The default file for the configuration of this service is located under the /etc/vsftpd folder. I will use Nano editor to change the settings here.
nano /etc/vsftpd/vsftpd.conf
The first item you should configure , is the option to disable anoymous login:
anonymous_enable = NO
Next one is to enable local user logins with the command below:
locale_enable = yes
Next very important configuration to uncomment and set is the chroot option. This option will make a possibility for users, only to use their dedicated home folders on the server, and not able to traverse over different folders. This is a good security practice.
chroot_local_user=YES
So now bassically these are the most command and important settings to get the server up and running. You can fine tune the other settings , like change the default port, or certificates and etc. But this is not needed in this blog demontstration of basic secure server setttings.
We should now restart the service and make it a startup one on boot time of the Centos server. We achieve this with two simple commands:
service vsftpd restart
chkconfig vsftpd on
That is all to it. Now we can test our connection with a SFTP or FTP client.
I have used the Filezilla with a SFTP protocol and I have succesfully connected to my server via a secure channel.
Up and ready for receiving traffic. Now the users can enjoy security, performance and stability in your network.
Feel free to comment and suggest more topics.
No comments:
Post a Comment