## proftpd sample configuration for ftps connections.## note that ftps impose some limitations in nat traversing.# see http:// www.castaglia.org/proftpd/doc/contrib/proftpd-mini-howto-tls.html# for more information.#< ifmodule mod_tls.c>tlsengine onTLSLog / var/log/proftpd/tls.logtlsprotocol sslv23## server ssl cerTificate. you can generate a self-signed certificate using # a command like:## openssl req -x509 -newkey rsa:1024 # -keyout /etc/ssl/private/proftpd.key -out /etc/ Ssl/certs/proftpd.crt # -nodes -days 365## the proftpd.key file must be readable by root only. the other file can be# readable by anyone.## chmod 0600 /etc/ssl/private/proftpd.key # chmod 0640 /etc/ssl/private/proftpd.key# tlsrsacertificatefile /etc/ssl/certs/proftpd.crtTLSRSACertificateKeyFile /etc/ssl/private/proftpd.key## ca the server trusts...# tlscacertificatefile /etc/ssl/certs/ca.pem# ...or avoid ca cert and be verbose#tlsoptions NoCertRequest EnableDiags # ... or the same with relaxed session use for some clients (e.g. FIREFTP) tlsoptions NoCertRequest EnableDiags NoSessionReuseRequired### per default drop connection if client tries to start a Renegotiate# this is a fix for cve-2009-3555 but could break some clients.# #TLSOptions &NBSp allowclientrenegotiations## authenticate clients that want to use ftp Over tls? #TLSVerifyClient off## Are clients required to use ftp over tls when talking to this server?# tlsrequired on## allow ssl/tls renegotiations when the client requests them, but# do not Force the renegotations. some clients do not support# ssl/tls renegotiations; when mod_tls forces a renegotiation, these# clients will close the data connection, or there will be a timeout# on an Idle data connection. #TLSRenegotiate required Off</ifmodule>
With this configuration, we can use the Python ftplib module to operate the
In [1]: From ftplib import Ftp_tlsin [2]: Ftps=ftp_tls (' 127.0.0.1 ') in [3]: Ftps.login (' jastme ', ' jastme ') out[3]: ' User Jastme logged in [4]: Ftps.prot_p () out[4]: ' + Protection set to Private ' in [5]: Ftps.retrlines (' LIST ')-rw-r--r--1 Jastme Ftpgroup 1724 Mar one 02:46 updatewebserver-gevent.pyout[5]: ' 226 Transfer complete ' in [7]:
ProFTP Configure TLS, connection requires SSL encryption, data transfer can not be