VSFTPD 不支持 SSL

VSFTPD 不支持 SSL

我正在尝试在我的 vsftpd 服务器上启用 SSL,它无需 SSL 即可工作,但是当我尝试安装此证书时,它给出了以下错误:Process: 1314 ExecStart=/usr/sbin/vsftpd /etc/vsftpd.conf (code=exited, status=2)当我尝试重新启动服务时

listen=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
local_root=/var/www
chroot_local_user=YES
allow_writeable_chroot=YES
hide_ids=YES

#virutal user settings
user_config_dir=/etc/vsftpd_user_conf
guest_enable=YES
virtual_use_local_privs=YES
pam_service_name=vsftpd
nopriv_user=vsftpd
guest_username=vsftpd

## SSL

ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1_1=YES
ssl_tlsv1_2=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
require_ssl_reuse=YES
ssl_ciphers=HIGH
rsa_cert_file=/etc/ssl/private/vsftpd.pem
rsa_private_key_file=/etc/ssl/private/vsftpd.pem

我使用以下命令生成了 SSL 证书:sudo openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /etc/ssl/private/vsftpd.pem -out /etc/ssl/private/vsftpd.pem

编辑#1 我将配置的 SSL 部分更改为

rsa_cert_file=/etc/ssl/certs/vsftpd.crt
rsa_private_key_file=/etc/ssl/private/vsftpd.key
ssl_enable=YES
ssl_tlsv1=YES

该服务现在可以启动,但我的 filezilla 日志显示:

Status: Connection established, waiting for welcome message...
Response:   220 (vsFTPd 3.0.5)
Command:    AUTH TLS
Response:   504 Command not implemented for that parameter
Command:    AUTH SSL
Response:   504 Command not implemented for that parameter
Status: Insecure server, it does not support FTP over TLS.
Command:    USER runner
Response:   530 Non-anonymous sessions must use encryption.
Error:  Could not connect to server

答案1

我切换到隐式 SSL,并且仅启用 TLSv1 并注释掉其他,这是我的完整配置:

listen=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
local_root=/var/www
chroot_local_user=YES
allow_writeable_chroot=YES
hide_ids=YES

#virutal user settings
user_config_dir=/etc/vsftpd_user_conf
guest_enable=YES
virtual_use_local_privs=YES
pam_service_name=vsftpd
nopriv_user=vsftpd
guest_username=vsftpd

## logs
vsftpd_log_file=/var/log/vsftpd.log

## SSL

rsa_cert_file=/etc/ssl/certs/vsftpd.crt
rsa_private_key_file=/etc/ssl/private/vsftpd.key

ssl_enable=YES
ssl_tlsv1=YES
implicit_ssl=YES
listen_port=990

相关内容