1.vim /etc/sysconfig/iptables
-A INPUT -p TCP --dport 21 --sport 1024:65534 -j ACCEPT -A INPUT -p TCP --dport 65400:65410 --sport 1024:65534 -j ACCEPT2.vim /etc/sysconfig/iptables-config IPTABLES_MODULES="ip_nat_ftp ip_conntrack_ftp"3.vim /etc/sysconfig/vsftpd.conf ssl_enable=YESssl_ciphers=AES128-SHA allow_anon_ssl=NO force_local_data_ssl=YES force_local_logins_ssl=YES ssl_tlsv1=YES ssl_sslv2=NO ssl_sslv3=NO rsa_cert_file=/etc/vsftpd/vsftpd.pem max_clients=50 max_per_ip=5 use_localtime=yes ftpd_banner=Welcome. dual_log_enable=YES pasv_min_port=65400 pasv_max_port=654104.生成vsftpd.pem [root@www ~]# cd /etc/pki/tls/certs [root@www certs]# make vsftpd.pem ----- ....(前面省略).... Country Name (2 letter code) [XX]:TW State or Province Name (full name) []:Taiwan Locality Name (eg, city) [Default City]:Tainan Organization Name (eg, company) [Default Company Ltd]:KSU Organizational Unit Name (eg, section) []:DIC Common Name (eg, your name or your server's hostname) []:www.centos.vbird Email Address []:root@www.centos.vbird [root@www certs]# cp -a vsftpd.pem /etc/vsftpd/ [root@www certs]# ll /etc/vsftpd/vsftpd.pem -rw-------. 1 root root 3116 2011-08-08 16:52 /etc/vsftpd/vsftpd.pem # 要注意一下權限喔!5.selinux [root@www ~]# setsebool -P ftp_home_dir=16.chkconfig chkconfig vsftpd on7.添加用户
useradd -d /home/wwwroot/ftpuser -g ftp -s /sbin/nologin ftpuser
8.restart
service vsftpd restart service iptables restart注:
指定ssl_ciphers=AES128-SHA很重要,否则不能正确读取证书
证书及证书所在目录的权限也可能造成读取证书问题。参考:
http://linux.vbird.org/linux_server/0410vsftpd.php
http://www.centos.bz/2011/03/centos-install-vsftpd-ftp-server/
http://www.centos.bz/category/ftp/vsftpd-ftp/ http://www.cmdsir.com/linux/centos6-3-vsftp-ssl.cgi