Nov 28, 2010

Configure vsftpd to use ssl encryption

configure vsftpd to use ssl encryption

 

Release:

RedHat Enterprise Linux 5.0

 

Problem:

Configure  ftp service to use the ssl encription in RhedHat Enterprise Linux 5.0

 

Solution:

 

1) Install the FTP server RPM using the below command

            # yum install vsftpd

 

2) Once installed, start the ftp service 

            # service vsftpd start

 

3) To use ssl encryption, ftp server requires a certificate. To Create a certificate use the below command

            # cd /etc/pki/tls/certs

     # make /etc/vsftpd/vsftpd.pem

 

4) Change the file permission of the certificate (give only access to root)

             # chmod 600 /etc/vsftpd/vsftpd.pem

 

5) Edit the FTP configuration file to use this certifiate

      # vi /etc/vsftpd/vsftpd.conf

        ssl_enable=YES

        allow_anon_ssl=yes

        force_local_data_ssl=NO

        force_local_logins_ssl=YES


        ssl_tlsv1=YES

        ssl_sslv2=NO

        ssl_sslv3=NO

        rsa_cert_file=/etc/vsftpd/vsftpd.pem

 

6) Restart the vsftpd daemon to make the changes take effect

               # service vsftpd restart


Note: Use a client that does support the ftps protocol, for Linux, gftp does this quite well, however it initially rejects self-signed server certificates. This can be fixed by disabling the "Verify SSL Peer" setting in options. When making connections, be sure to select the FTPS protocol.

                 

Posted by at 6:10 PM 0 comments
Labels: ,

Nov 2, 2010

Cloning the Linux Machine through Network

Cloning the Linux Machine through Network




Release:

Redhat Enterprise Linux

CentOS

Fedora



Problem:

Ghosting the Linux server without third party software



Solution:

Assumption:

a) New server ipaddress 172.16.1.247

b) Running server ipaddress 172.16.1.248



In new machine side Configuration:



1) Booted into the rescue mode

2) Enable the networking option

3) Give the below command to make dd command listening to port 30 for input,

# nc -l -p 30
dd of=/dev/sda



In running server side configuration:



4) Dump the content of the disk to the target pc though port 30 using the following command,

# dd if=/dev/sda
nc 172.16.1.247 30



5) Then to check that traffic is flowing, on the source machine go to another terminal (ALT/F2) and dump the tcp data on the NIC (assuming it's eth0)

# tcpdump -tnli eth0 port 30



Note: Assuming that Network controller driver is available in default OS Kernel.
Posted by at 11:07 AM 0 comments
Labels: ,
Subscribe to: Posts (Atom)