G. Instalasi & Konfigurasi FTP Secure (FTPS)

Hits: 1489

 

  1. Prerequisites (Prasyarat)

    1. Topologi Jaringan

      Gambar Topologi Jaringan

       

    2. Konfigurasi Server dan Client 

      Konfigurasi Server :
--------------------------------------------------
- Sistem Operasi        : Linux Debian 10 (Buster)
- IP Address NIC 1      : DHCP Internet
- Gateway               : DHCP Internet

- Hostname              : ns100             (Gantilah angka 100 dengan nomer absen anda masing-masing)
- Domain                : sekolah100.sch.id (Gantilah angka 100 dengan nomer absen anda masing-masing)
- IP Address NIC 2      : 192.168.100.1/24  (Gantilah angka 100 dengan nomer absen anda masing-masing)


Konfigurasi Client :
--------------------------------------------------
- Sistem Operasi        : Windows
- IP Address            : DHCP

     

  2. Seting Server

    1. DHCP Server

      Pastikan instalasi dan konfigurasi DHCP server sudah berjalan dengan baik



    2. FTP Server

      Pastikan instalasi dan konfigurasi FTP server sudah berjalan dengan baik



    3. Instalasi dan Konfigurasi FTPS (ProFTPd + TLS)

      FTPS atau biasa disebut FTP Secure adalah bentuk keamanan dari FTP, dimana akan menggunakan bantuan enkripsi SSL untuk melakukan transfer data. Karena sudah banyaknya tools yang beredar di internet untuk memonitoring kegiatan transfer data dengan FTP, maka disarankan melakukan pengamanan server FTP menggunakan FTPS ini.

      Keamanan FTPS (SSL Security)

      1. FTPS implicit SSL
        • Implicit SSL membutuhkan SSL session untuk menghubungkan antara client dan server sebelum terjadi pertukaran data.
        • Setiap koneksi yang dibuat oleh client tanpa SSL akan di tolak oleh server.
        • SSL implicit berjalan diatas port 990.

      2. FTPS explicit SSL
        • Di dalam Explicit SSL mode, client dan server bernegosiasi tentang level proteksi yang digunakan.
        • Server akan menawarkan unencrypted FTP atau encrypted FTPS session dalam sebuah port.
        • Session yang dibentuk ketika client melakukan koneksi pertama adalah unencrypted.
        • Sebelum mengirimkan user credentials, client akan meminta kepada Server untuk menukar command channel ke SSL encrypted channel dengan mengirimkan perintahAUTH TLS atau AUTH SSLcommand.
        • Setelah berhasil melakukan konfigurasi SSL channel maka client akan mengirimkan user credentials ke FTP server.
        • Level dari proteksi data channel antara client dan server dapat dinegosiasikan dengan menggunakan perintah PROT.

           

           

      Instalasi OpenSSL dan SSL-Cert

      1. Instal paket OpenSSL dan SSL-Cert

        Login sebagai user root

        login as: root
This email address is being protected from spambots. You need JavaScript enabled to view it..1's password:

Linux ns100 4.19.0-17-amd64 #1 SMP Debian 4.19.194-3 (2021-08-27) x86_64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

         

        Instal opsnssl ssl-cert

        root@ns100:~# apt install openssl ssl-cert -y

Reading package lists... Done
Building dependency tree
Reading state information... Done
openssl is already the newest version (1.1.1d-0+deb10u7).
openssl set to manually installed.
Suggested packages:
  openssl-blacklist
The following NEW packages will be installed:
  ssl-cert
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 20.8 kB of archives.
After this operation, 64.5 kB of additional disk space will be used.
Get:1 http://mirror.smkn1klaten.sch.id/debian buster/main amd64 ssl-cert all 1.0.39 [20.8 kB]
Fetched 20.8 kB in 1s (19.6 kB/s)
Preconfiguring packages ...
Selecting previously unselected package ssl-cert.
(Reading database ... 32411 files and directories currently installed.)
Preparing to unpack .../ssl-cert_1.0.39_all.deb ...
Unpacking ssl-cert (1.0.39) ...
Setting up ssl-cert (1.0.39) ...
Processing triggers for man-db (2.8.5-2) ...

         

        Generate sertifikat SSL

        root@ns100:~# openssl req -x509 -newkey rsa:2048 -keyout /etc/ssl/private/proftpd.key -out /etc/ssl/certs/proftpd.crt -nodes -days 365

Generating a RSA private key
................+++++
.......................................................................................+++++
writing new private key to '/etc/ssl/private/proftpd.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:ID
State or Province Name (full name) [Some-State]:Jawa Tengah
Locality Name (eg, city) []:Klaten
Organization Name (eg, company) [Internet Widgits Pty Ltd]:SMK Negeri 1 Klaten
Organizational Unit Name (eg, section) []:Teknik Komputer dan Jaringan
Common Name (e.g. server FQDN or YOUR name) []:sekolah100.sch.id
Email Address []:This email address is being protected from spambots. You need JavaScript enabled to view it.

         

        Konfigurasi file proftpd.conf

        root@ns100:~#  nano /etc/proftpd/proftpd.conf

#UseIPv6                        on
UseIPv6                         off

#ServerName                     "Debian"
ServerName                      "ns100"


# Use this to jail all users in their homes
# DefaultRoot                   ~
DefaultRoot                   ~

# This is used for FTPS connections
#
Include /etc/proftpd/tls.conf


# Include other custom configuration files
Include /etc/proftpd/conf.d/

#<Anonymous ~ftp>
#   User                         ftp
#   Group                        nogroup
#   UserAlias                    anonymous ftp
#   RequireValidShell            off
#</Anonymous>


<Anonymous /home/ftp/siswa100>
   User                         siswa100
   RequireValidShell            off
</Anonymous>

         

        Konfigurasi file tls.conf

        root@ns100:~#  nano /etc/proftpd/tls.conf

<IfModule mod_tls.c>
#TLSEngine                               on
#TLSLog                                  /var/log/proftpd/tls.log
#TLSProtocol                             SSLv23

TLSEngine                               on
TLSLog                                  /var/log/proftpd/tls.log
TLSProtocol                             SSLv1

#
#TLSRSACertificateFile                   /etc/ssl/certs/proftpd.crt
#TLSRSACertificateKeyFile                /etc/ssl/private/proftpd.key
#

TLSRSACertificateFile                   /etc/ssl/certs/proftpd.crt
TLSRSACertificateKeyFile                /etc/ssl/private/proftpd.key

#TLSOptions                      NoCertRequest EnableDiags
# ... or the same with relaxed session use for some clients (e.g. FireFtp)
#TLSOptions                      NoCertRequest EnableDiags NoSessionReuseRequired
TLSOptions                      NoCertRequest EnableDiags NoSessionReuseRequired
#
#
#TLSVerifyClient                         off
TLSVerifyClient                         off
#
# Are clients required to use FTP over TLS when talking to this server?
#
#TLSRequired                             on
TLSRequired                             on
#

         

        Restart service proftp

        root@ns100:~# /etc/init.d/proftpd restart

[ ok ] Restarting proftpd (via systemctl): proftpd.service.

         

         

        Pengujian FTPS

         

         

         

         

         

    4. Kesimpulan

      Selamat! akhirnya kita telah belajar dan berhasil melakukan instalasi dan konfigurasi FTPS (ProFTPd + TLS)