File Transfer Protocol (FTP) is a commonly used method to transfer files between a client and a server over a network. To ensure the security of your data during file transfers, setting up a secure FTP server on CentOS 8 is essential. In this step-by-step guide, we will walk you through the process of creating a secure FTP server using the vsftpd (Very Secure FTP Daemon) software on CentOS 8.
Step 1: Update the System
Before starting, ensure that your CentOS system is up-to-date by running the following commands:
sudo yum update
sudo yum upgrade
Step 2: Install vsftpd
vsftpd is a secure and efficient FTP server software. Install it using the following command:
sudo yum install vsftpd
Step 3: Configure vsftpd
After installation, you need to configure vsftpd for enhanced security. Open the configuration file using a text editor:
sudo nano /etc/vsftpd/vsftpd.conf
Make the following changes or additions to the configuration file:
anonymous_enable=NO
local_enable=YES
write_enable=YES
chroot_local_user=YES
allow_writeable_chroot=YES
Save and close the file.
Step 4: Create a Dedicated FTP User
It’s recommended to create a dedicated user for FTP access. Replace “ftpuser” with your chosen username:
sudo useradd -m -c "FTP User" -s /bin/bash ftpuser
sudo passwd ftpuser
Step 5: Configure Firewall
Ensure that your firewall allows FTP traffic. If you’re using firewalld, allow FTP traffic using:
sudo firewall-cmd --permanent --add-service=ftp
sudo firewall-cmd --reload
Step 6: Enable TLS Encryption
Securing your FTP connections with TLS encryption is crucial. Install the OpenSSL package:
sudo yum install openssl
Generate a self-signed SSL certificate:
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/pki/tls/private/vsftpd.key -out /etc/pki/tls/certs/vsftpd.crt
Edit the vsftpd configuration file:
sudo nano /etc/vsftpd/vsftpd.conf
Add the following lines to enable SSL:
rsa_cert_file=/etc/pki/tls/certs/vsftpd.crt
rsa_private_key_file=/etc/pki/tls/private/vsftpd.key
ssl_enable=YES
Save and close the file.
Step 7: Restart vsftpd
After making changes, restart the vsftpd service:
sudo systemctl restart vsftpd
Step 8: Test the FTP Server
Use an FTP client such as FileZilla to connect to your server. Enter the server’s IP address, FTP username, and password. Make sure to choose “Use explicit FTP over TLS if available” as the encryption method.
By following these steps, you’ve successfully set up a secure FTP server on CentOS 8. Your data transfers are now protected by encryption, ensuring secure and private file sharing.