Linux中关于FTP服务器的加密配置（SSL）

有时我们使用FTP进行连接时，需要对信息进行加密，即使用SSL或者TSL进行连接。这时需要用到OpenSSL安装配置好SSL之后，需要安装OpenSSL

1. 使用如下命令安装OpenSSL

wget http://www.openssl.org/source/openssl-1.0.2g.tar.gz
tar -xvzf openssl-1.0.1f.tar.gz
cd openssl-1.0.1f
./config
make
make install

2. 新建目录放置要生成的证书及设置权限。

mkdir -p /etc/ssl/certs
chmod 700 /etc/ssl/certs

3. 执行以下命令生成证书。
   openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout /etc/ssl/certs/vsftpd.pem -out /etc/ssl/certs/vsftpd.pem
   在此过程中需要填写部分信息以便FTP连接时给予证书提示。
4. 进到 /etc/ssl/certs 目录下看证书有没有生成。
5. 修改 vsftpd 的配置文件在最后添加如下信息。

 # Turn on SSL  
ssl_enable=YES  
 # Allow anonymous users to use secured SSL connections  
allow_anon_ssl=YES  
# All non-anonymous logins are forced to use a secure SSL connection in order to  
# send and receive data on data connections.  
force_local_data_ssl=YES  
force_anon_data_ssl=YES  
# All non-anonymous logins are forced to use a secure SSL connection in order to send the password.  
force_local_logins_ssl=YES  
force_anon_logins_ssl=YES  
# Permit TLS v1 protocol connections. TLS v1 connections are preferred  
ssl_tlsv1=YES  
# Permit SSL v2 protocol connections. TLS v1 connections are preferred  
ssl_sslv2=NO  
# permit SSL v3 protocol connections. TLS v1 connections are preferred  
ssl_sslv3=NO  
# Disable SSL session reuse (required by WinSCP)  
require_ssl_reuse=NO  
# Select which SSL ciphers vsftpd will allow for encrypted SSL connections (required by FileZilla)  
ssl_ciphers=HIGH  
# This option specifies the location of the RSA certificate to use for SSL  
# encrypted connections.  
rsa_cert_file=/etc/ssl/cert/vsftpd.pem  

6. 配置修改完成后，重启vsftpd服务。
7. 使用FTP工具进行连接。
   

这样一个可加密的FTP服务器就搭建好了。