vincent's Blog

一個無聊的網路雜工的紀錄!!

CentOS 6 - FTP Server - ProFTPD over TLS/SSL  

Vincent , Add comments


openssl req -new -x509 -days 365 -nodes -out proftpd.cert.pem -keyout proftpd.key.pem



proftpd.conf



DebugLevel 10

UseIPv6 off

RequireValidShell       no

########################################
AuthUserFile    /etc/proftpd/ftpd.passwd
########################################

##AuthGroupFile   /etc/proftpd/etc/ftpd.group
##############################################
SystemLog /var/log/proftpd/proftpd.log
ExtendedLog /var/log/proftpd/login.log auth
##############################################

  TLSEngine                     on
  TLSRequired                   off
  #TLSRSACertificateFile                /etc/pki/tls/certs/proftpd.cert.pem
  TLSRSACertificateFile         /etc/pki/tls/private/myhost.crt
  #TLSRSACertificateKeyFile     /etc/pki/tls/certs/proftpd.key.pem
  TLSRSACertificateKeyFile      /etc/pki/tls/private/myhost.key
  TLSCACertificateFile          /etc/pki/tls/private/myrootca.crt
  #TLSCipherSuite               ALL:!ADH:!DES
  TLSCipherSuite                HIGH:MEDIUM:+TLSv1:!SSLv2:!SSLv3
  TLSOptions                    NoCertRequest
  TLSVerifyClient               off
  #TLSRenegotiate               ctrl 3600 data 512000 required off timeout 300
  TLSLog                        /var/log/proftpd/tls.log
  TLSProtocol                    SSLv3 TLSv1
 
  TLSSessionCache             shm:/file=/var/run/proftpd/sesscache
 



###debug mode
proftpd -c /etc/proftpd.conf -n -d 10 -DTLS



#####
error
以下訊息在log 中出現 ,但用 proftpd -c /etc/proftpd.conf -n -d 10 -DTLS 啟動 FTP server ftp server 卻又能夠 login

dispatching PRE_CMD command 'AUTH TLS' to mod_tls
dispatching PRE_CMD command 'AUTH TLS' to mod_core
dispatching PRE_CMD command 'AUTH TLS' to mod_core
dispatching CMD command 'AUTH TLS' to mod_tls
dispatching LOG_CMD_ERR command 'AUTH TLS' to mod_log
mod_tls/2.4.2: scrubbing 1 passphrase from memory

solution

 [root@pftp-01 etc]# vi /etc/sysconfig/proftpd
# Set PROFTPD_OPTIONS to add command-line options for proftpd.
# See proftpd(8) for a comprehensive list of what can be used.
#
# The following "Defines" can be used with the default configuration file:
# -DANONYMOUS_FTP       : Enable anonymous FTP
# -DDYNAMIC_BAN_LISTS   : Enable dynamic ban lists (mod_ban)
# -DTLS                 : Enable TLS (mod_tls)
#
# For example, for anonymous FTP and dynamic ban list support:
# PROFTPD_OPTIONS="-DANONYMOUS_FTP -DDYNAMIC_BAN_LISTS"
PROFTPD_OPTIONS="-DTLS"

 restart proftd








0 意見

張貼留言

較新的文章 較舊的文章

Categories

追蹤者

Change Language

Your Source