Server :: Client Certificates In Vsftpd: Require_cert Is Ignored?
Jun 28, 2009
I have vsftpd running as FTP server on Ubuntu 9.04 jaunty. Login works correctly with password for local users (those with an login account on the server) and without password for anonymous.
I want to further tighten security by requiring local users to provide a client certificate. But even if I include "require_cert=YES" and "validate_cert=YES" in etc/vsftpd.conf, clients without certificate are allowed to login; require_cert seems to be simply ignored.
View 1 Replies
ADVERTISEMENT
Jan 5, 2010
I've recently been asked to setup our FTP server to accept connections from a remote host. They sent me a file "id_dsa.pub" with instructions to add this key to the xfer user.
Unfortunately I've no idea how to do this!
I'm running vsftpd 2.0.5 on Centos 5.3
View 4 Replies
View Related
Sep 11, 2010
My sendmail server makes use of the TLS_SRV_OPTIONS which is set to `V' meaning it shouldn't verify certificates. As a server, it doesn't and the {verify} macro shows "NOT" in the logs, showing that no certificate request was sent out.
Acting as a client though, and I'm talking both about the server acting as a client towards other mail servers and about the local mail submission agent, it always verifies certificates. My mail submission agent when contacting my own mail server verifies the mail servers' certificate and still, the mail server has not initiated any exchanging of certificates since it still says "verify=NOT" in the logs (whereas the same entry for the submission agent reads OK or FAIL depending on what I use).
So, does mail servers ALWAYS send out its certificates and when they do, the "client" in question (no matter if it's the mail server acting as client or the mail submission agent) validates it because the TLS_SRV_OPTIONS setting just applies to when it's running as a server, or is there a setting to tell Sendmail not to send out certificates since you're not in the business of certificate verification relaying anyways?
View 1 Replies
View Related
Aug 24, 2010
I run a web server on Fedora 12, principally using Apache, MySQL, and PHP. I host a variety of sites, one of which is a family website that contains semi-sensitive personal data for several hundred extended family members, who all have access to the database-driven site.
Until now, I have been using a self-signed SSL certificate to encrypt the data as it is read and written back and forth from my database. Family members have simply had to put up with clicking past certificate warnings as they enter the site, as most browsers flag self-signed certificates as bad. It hasn't really been that much of a bother, but I'd love to do it more professionally. I have looked into buying SSL certificates, but it's a site I host for free and would rather find a cheap or free alternative if possible.
So I'm just fishing for ideas to work with. What are some alternatives to using SSL certificates for moderately strong website encryption? So far, I run only one host on the domain, but may eventually need encryption that would support multiple hosts. Or does anybody know a way to make self-signed certificates work on most popular browsers without being flagged as suspicious?
View 7 Replies
View Related
Feb 23, 2010
I currently have 4 Linux Servers installed in a test lab that I have built for my job. I am in the process of trying to get FTP to work (vsftpd is installed). I don't need an FTP GUI or anything, I can use terminal (and I don't have an internet connection, so I probably can't get one anyway). I bring up the terminal and I type FTP and I am presented with a few problems:
1. If I try to FTP to one of the other Linux Servers on the network, I get "No route to host" error.
2. If I try to FTP to the Server I am sitting on, then I am able to successfully connect, obviously. But when I do an "ls," I don't see any available files.
I am assuming this is because I have not yet set up a folder for it (i.e. Windows uses "ftproot" folder). I am running Ubuntu Gnome 9.04 Jaunty Jackalope for a GUI, and I am running Ubuntu Server underneath (Yes I need a GUI for what I am using the server for).
View 3 Replies
View Related
Aug 24, 2010
I have CentOS 5.5 distribution with Dom0 and DomU installed. I try to access Dom0 files during vsftpd server from DomU during ftp client. I successfully login with root and simple user, but when I try to list (or cd to some directory) in user home the SELinux prevent it from me. I get this in audit.log:
[Code]....
View 2 Replies
View Related
Feb 10, 2011
Any clue? I'm using the same key for root login and it works fine (also works fine for SFTP but i hate using that cause its extremely slow)
View 2 Replies
View Related
Jan 17, 2009
i am using red hat5 n i want to create X.509 certificates for ipsec vpn help me in creating certificates, not able 2 create certificates guide me ehere is the location for certificates.
View 1 Replies
View Related
Apr 1, 2010
I want to access ftp server without entering user name and password ,second thing i have create repository on my Installation Server that is redhat os now i have created another server and i want to access that repository so what changes i can do on /etc/yum.repos.d/server.repo file
View 1 Replies
View Related
Jul 20, 2010
How to change pass all user VSFTPD via ftp client, web, ...? Gene6FTP could change by command: site pswd oldpass newpass. So, how can vsftpd do it?
View 3 Replies
View Related
Apr 19, 2011
I've installed PostgreSQL on Arch Linux & also self generated self signed certificates in /etc/ssl/ directory. My PostgreSQL 'data' directory is /var/lib/postgres/data & I've edited my postgresql.conf file to use SSL however I'm having permission / access problems starting my database using SSL. It can't access the certificates and errors out when I try and start the database engine:
Code:
LOG: autovacuum launcher shutting down
LOG: shutting down
LOG: database system is shut down
FATAL: could not load server certificate file "server.crt": No such file or directory
code....
I don't know what I need to chown or chmod in order to get PostgreSQL to access my self signed certificates.
View 3 Replies
View Related
Apr 4, 2010
I'm trying to set up a 2nd SSL cert on a different domain on a server, each domain has its own IP address, the problem is the Web developer that configured the first domain specified ssl keys for the primary domain in both the vhost config in httpd.conf AND in the ssl.conf config files. If I attempt to remove the keys form ssl.conf the server will not start up. and with them there It will not start up if I specify keys for the secondary domain.
ssl.conf
Code:
LoadModule ssl_module modules/mod_ssl.so
SSLCertificateFile /etc/pki/tls/certs/primary.com.crt
SSLCertificateKeyFile /etc/pki/tls/certs/primary.com.key
SSLCertificateChainFile /etc/pki/tls/certs/primary_gd_bundle.crt
View 14 Replies
View Related
Jun 11, 2011
I configured openLdap in RHEL5 on virtual achines,everything is working fine, I created a user called ldapuser,in LDAP server and i created a home directory for ldapuser in my LDAP client, now i can able to login to the both Server and client with ldapuser account....
Now here what am expecting is i want to export my server's home directory to the client, i dont want to create home directories manually in the client machine, i googled about that, and it can be done through autofs.....
what need to be done on the client and server side.
View 6 Replies
View Related
Jan 6, 2011
I have installed Ionix vCM onto a Red Hat Linux box. It correctly communicates with the collection server if I use the Ionix certificate. However, if I use a self-generate certificate, communication fails.
(1) How do I determine which PKI certificates are resident on the Red Hat box?
(2) How do I manually install a PKI certificate?
View 2 Replies
View Related
Jan 9, 2011
I run couple of sites on a virtual hosting environment and I am in need of adding additional SSL for a different domain name. From what I read on some forum topics indicate that SSL cert requires different IP address. meaning one cert for each IP. Is this true? If so, then I'm having some difficulties understanding the benefits of running virtual host if a server can't host multiple secured site through single IP. Any way to run multiple ssl site within virtual host environment. I'm hoping for a possible workaround.
View 3 Replies
View Related
Jul 26, 2009
I am having problems creating ssl certificates for use with openLDAP. Does anyone know a good centos tutorial as I am having problems finding ones by searching through google and the forums.
To clarify further I have a small network im trying to setup to use ldap for auth due to the size I figured using kerberos for auth would be a bit overkill.....
I have the server up and running fine however at the moment all auth is done by using clear text (which is fine as the network has no connection to the internet at current) however in the future it will so I am trying to use ssl however I am having confusing as which certificates I point to where in the slapd.conf file
View 2 Replies
View Related
Sep 17, 2010
i have a quick question about using plesk on centos 5.x server and installation of ssl certificates. if anyone out there has expertise with above,
View 1 Replies
View Related
Feb 17, 2010
I have a Server with Webmin, Usermin and Sendmail using pop3s. I have created a seft signed certificate using webmin. Exported it and imported it to the trusted root certification authorities on my client. This fixes the warning message from internet explorer when attempting making a ssl connection to webmin. When attempting to use usermin or retrieving mail I get that warning that this site's certificate is self signed. I look at the certificate and its not the same as the one I created with webmin. My question is. Is possible to have the same certificate be used by each?
View 6 Replies
View Related
Aug 31, 2009
OS: CentOS 5.3
vsftpd ver: vsftpd-2.0.5-12.el5_3.1
I installed vsftpd server in one of my servers using "yum install vsftpd" command. NFS server is running in the other server and mounted as "/data" in this FTP server. root in FTP server has also root authority in NFS server. All the files and sub-folders under "/data" in FTP server have 755 or 766 mode. Even I modified vsftpd setting to allow root login.
When I login as root to FTP server with FileZilla client, I can see all the file list in root home directory and move to /data directory. I can download any file in a local HDD but I can not download any file in /data directory.
View 1 Replies
View Related
Aug 3, 2010
pls tell me complete configuration of vsftpd server on redhat 5
View 1 Replies
View Related
Oct 7, 2010
I have one physical dedicated server. The name of the server is 'mail.iamghost.tld' which is obviously my Postfix mail server for my users. Now I generated SSL self signed certificates with 'OpenSSL' which is for 'mail.iamghost.tld'. I also have Apache installed on the same server to access my webmail application. I created a pointer record for 'url' to point to the same static I.P. as 'mail.iamghost.tld'. So my question is if I also want to encrypt site login's for url, do I need to generate a unique SSL certificate for 'url' or can I use my existing SSL certificates that are assigned to 'mail.iamghost.tld'? It's the same server but when people browse to my 'url' site, I don't want there to be an issue with the certificates saying it's for 'mail.iamghost.tld' when they're really communicating with 'url'.
View 5 Replies
View Related
Jun 25, 2009
I have a Nis server on Suse 11 which is configured using Yast and nis clients on Suse and CentOs .All clients which is on the Suse Os is working fine. But on CentOs , users couldn't login using nis username.I have mounted home directory using nfs in fstab . I can switch to nis users homedirectory only when i am root. But nis users could'nt login on reboot.' ypcat passwd username ' is showing the output . No selinux is enabled in the client .Is there is any problem with Suse server to Centos Client in nis ??
View 2 Replies
View Related
Apr 14, 2010
I have just generated a new ssl key on my ftp server with the following command
Code:
I then put my new key onto my file server and attempted to connect to the FTP and it failed (this did work before with the default key).. I use curlFTPfs to mount the FTP directory locally as /ftpbackup, below is the command and the output.
Code:
Error connecting to ftp: server certificate not activated yet. As you see it gives an error about the certificate not being activated, I have looked this up and cant find a way to activate it.
Below is the contents of vsftpd.conf on the ftp server
Code:
View 1 Replies
View Related
Jan 18, 2010
I just installed Ubuntu server and wish to run an apache web server from it. I have that setup, with each user having their individual folder. (E.G) apache root /var/www/ LazerPhreaks folder is /var/www/LazerPhreak/ so their website would be www.mysite.com/LazerPhreak/) I wish to setup vsftp to let each user access their individual folder and upload website files via ftp. How should I go about this?
View 1 Replies
View Related
Mar 13, 2010
After giving it some thought, I decided to bail on proftpd, which I've used for some time.
I used
Quote:
But when I search around with locate proftpd, there seems to be a lot of "leftover" stuff. I'd like to remove all traces. Possible?
Now, I installed vsftpd:
Quote:
But when I try to start it, I get:
Quote:
I tried to locate its conf file, but I get this:
Quote:
Though I know it's at:
Quote:
Also, there does not seem to be a log file at /var/log/vsftpd.log or anywhere else.
View 1 Replies
View Related
Feb 13, 2010
how to configure vsftpd? i use rhel-5 server.
View 1 Replies
View Related
Sep 5, 2010
I'm trying to add users.
(Translation: gebruiker = user)
I did this:
I want that only gebruiker1 can be in his map home/gebruikers/gebruiker1
But now he can see the whole server dir.
View 8 Replies
View Related
Mar 31, 2010
I have a vsftpd server configured and I cannot upload using anonymous account, I've trawled the net have have exhausted my search for answers. Here is my vsftpd.conf file
Code:
# Example config file /etc/vsftpd/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
[Code]...
View 9 Replies
View Related
Mar 8, 2011
Does someone know of a solid article on what files to back up to restore a vsftpd server onto another server?
Right now i'm backing up the ftp directory structure with all the files in it, but no configs, users, etc
View 2 Replies
View Related
Mar 16, 2010
I've setup vsftpd for my FTP on my server, I edited the vsftpd.conf to allow me user to gain access to their home directory, It doesn't seem to let me in, I'm getting the error
Quote:
530 This FTP server is anonymous only.
this is set at yes
I've set it to NO and I get
Quote:
500 OOPS: vsftpd: both local and anonymous access disabled!
I don't quiet under whats going on, I followed this tutorial [URL]
In the end I want to be able to upload files to the www directory for my web site.
View 5 Replies
View Related
