IBM Support

IBM AIX: Configure an anonymous ftp user to work with TLS/SSL

How To


Summary

This document describes how to configure an anonymous ftp user to work with TLS/SSL connections.

Steps

1. Configure an anonymous FTP user. This may be done in a number of ways, depending on the user name--ftp, anonymous, or a chosen user name, and whether or not the account requires password authentication.
There are two sample shell scripts to help configure anonymous FTP access--one with the users ftp and anonymous, and another with a chosen user name. They are located in the /usr/samples/tcpip directory and are named anon.ftp and anon.users.ftp.
The anon.ftp shell script creates the ftp and anonymous users, and configures the users' home directory (by default, /home/ftp) for use as an anonymous FTP user. The anon.users.ftp shell script performs the same functions. It requires a user name as a parameter, and creates that user automatically.
Both shell scripts create their users to not require a password to log in. For instructions on setting up an anonymous FTP user that requires a password, refer to the instructions at Anonymous FTP with a secure user account setup.
More information about configuring anonymous FTP users may be found in the ftpaccess.ctl File and File Transfer Protocol Subtree Guidelines sections of the ftpd Daemon documentation.
2. Configure the FTP daemon to use a certificate. This allows FTP clients to connect securely with SSL or TLS.
3. Create a directory in the anonymous FTP user's home directory to hold the FTP server certificate and private key.
4. Set the directory with 555 permissions, owned by the root user and group system.
5. Copy the FTP server certificate and private key files to the directory.
6. Set the FTP server certificate file with 444 permissions, and the FTP server certificate private key file with 400 permissions.
7. Copy the /etc/ftpd.cnf file to the etc directory in the anonymous FTP user's home directory.
8. Modify the FTP user's ftpd.cnf file to change the path name of the CERTIFICATE and CERTIFICATE_PRIVATE_KEY options to the path names of the the FTP server certificate and FTP server certificate private key files, relative to the FTP user's home directory. For example, if the FTP user's home directory is /home/ftpuser1 and the certificate file is /home/ftpuser1/.tls/servercert.pem, then the CERTIFICATE value would be /.tls/servercert.pem.
9. The anonymous FTP user is now able to use SSL/TLS.

Additional Information

SUPPORT:

If the instructions in this document do not lead to resolution of the problem, follow these instructions to open a case. The product must be under warranty or have an active and valid support contract.

a. Document or take screen captures of all symptoms, errors, or messages.

b. Capture any logs or data relevant to the issue.

c. Contact IBM® to open a case.

-For electronic support, visit the IBM Support Community:
https://www.ibm.com/mysupport
-If you require telephone support, visit this web page:
https://www.ibm.com/planetwide/

d. Provide a detailed description of the issue and a reference to this technote.

e. Upload all of the details and data to the case.

-You can attach files to the case in the IBM Support Community, or
-Upload data to IBM test case server analysis at this URL:

http://www.ibm.com/support/docview.wss?uid=ibm10733581

f. Click here to submit feedback for this document.

Document Location

Worldwide

[{"Type":"MASTER","Line of Business":{"code":"LOB08","label":"Cognitive Systems"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SWG10","label":"AIX"},"ARM Category":[{"code":"a8m0z000000cvxGAAQ","label":"Communication Applications-\u003EFTP\/FTPS"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

Document Information

Modified date:
02 February 2024

UID

ibm17114414

Page Feedback