PROFTPD Configuring FTP over TLS record

PROFTPD Configuring FTP over TLS record

Install PROFTPD First, then locate the proftpd.conf file and add the following lines

Tlsengine on

Tlsrequired on

Tlsrsacertificatefile/usr/local/etc/proftpd.pem

Tlsrsacertificatekeyfile/usr/local/etc/proftpd.pem

Tlsciphersuite all:! Adh:! Des

Tlsoptions nocertreques

Tlsverifyclient off

Tlsrenegotiate CTRL 3600 Data 512000 required off timeout 300

Tlslog/var/log/proftpd/tls.log

To generate the certificate file again

Cd/usr/local/etc

OpenSSL req-x509-nodes-days 365-newkey Rsa:1024-keyout/usr/local/etc/proftpd.pem-out/usr/local/etc/proftpd.pem

Modify the proftpd.conf file again

# ' proftpd.conf ' for actual use. It establishes a single server

# and a single anonymous login. It assumes that's a user/group

# "Nobody" and "ftp" for normal operation and anon.

ServerName "ProFTPD Default Installation"

ServerType Standalone

Defaultserver on

# port is the standard FTP port.

Port 990 Modifying the listening port

# Don ' t use IPV6 support by default.

UseIPv6 off

# Umask 022 is a good standard Umask to prevent new dirs and files

# from being group and world writable.

Umask 022

# to prevent DoS attacks, set the maximum number of child processes

# to 30. If you need to allow more than concurrent connections

# at once, simply increase this value. Note that this is only works

# in standalone mode, in inetd mode-should use an inetd server

# that allows your to limit maximum number of processes per service

# (such as xinetd).

Maxinstances 30

# Set the user and group under which the server would run.

User FTP configuration to start PROFTPD users

Group Users

# to cause every FTP user to being "jailed" (chrooted) into their home

# directory, uncomment this line.

Defaultroot/data/test specify the root directory after FTP login

# Normally, we want files to be overwriteable.

AllowOverwrite on

Tlsengine on to enable TLS

Tlsrequired on connection must be in TLS

Tlsrsacertificatefile/usr/local/etc/proftpd.pem Specifying a certificate file

Tlsrsacertificatekeyfile/usr/local/etc/proftpd.pem specifying a certificate key file

Tlsciphersuite all:! Adh:! Des

Tlsoptions Nocertrequest

Tlsverifyclient off

Tlsrenegotiate CTRL 3600 Data 512000 required off timeout 300

Tlslog/var/log/proftpd/tls.log

# Bar use of SITE CHMOD by default

<limit site_chmod>

Denyall

</Limit>

# A Basic Anonymous configuration, no upload directories. If you does not

# want anonymous users, simply delete this entire <Anonymous> sections.

<anonymous ~ftp>

User FTP

Group FTP

# We want clients to being able to login with ' anonymous ' as well as ' FTP '

Useralias Anonymous FTP

# Limit The maximum number of anonymous logins

MaxClients 10

# We want ' welcome.msg ' displayed at login, and '. Message ' displayed

# in each newly chdired directory.

Displaylogin welcome.msg

Displaychdir. Message

# Limit WRITE everywhere in the anonymous chroot

<limit write>

Denyall

</Limit>

</Anonymous>

<limit login>

Denyuser!ftp prohibit users other than FTP from logging on to FTP server

</Limit>

Passiveports 9900 9930 Specify the port used for passive mode

Extendedlog/var/log/proftpd/access.log write,read Default

Extendedlog/var/log/proftpd/auth.log Auth Auth

To create a startup script

Cd/sbin/init.d

VI proftpd

#!/bin/sh

Ftpd_bin=/usr/local/proftpd/sbin/proftpd

Ftpd_conf=/usr/local/proftpd/etc/proftpd.conf

Pidfile=/usr/local/proftpd/var/proftpd.pid

If [-f $PIDFILE]; Then

Pid= ' Cat $PIDFILE '

Fi

if [!-x $FTPD _bin]; Then

echo "$: $FTPD _bin:cannot Execute"

Exit 1

Fi

Case $ in

Start

If [-N "$pid"]; Then

echo "$0:proftpd [PID $pid] already running"

Exit

Fi

If [-R $FTPD _conf]; Then

echo "Starting proftpd ..."

$FTPD _bin-c $FTPD _conf

Else

echo "$0:cannot start proftpd--$FTPD _conf missing"

Fi

;;

Stop

If [-N "$pid"]; Then

echo "Stopping proftpd ..."

Kill-term $pid

Else

echo "$0:PROFTPD not Running"

Exit 1

Fi

;;

Restart

If [-N "$pid"]; Then

echo "rehashing proftpd Configuration"

Kill-hup $pid

Else

echo "$0:PROFTPD not Running"

Exit 1

Fi

;;

*)

echo "Usage: $ {Start|stop|restart}"

Exit 1

;;

Esac

Exit 0

After saving the file chmod proftpd

You can now start, stop, and restart PROFTPD by scripting

./proftpd Start |stop |restart

Use the FTP client software to connect to the PROFTPD by displaying the FTP over TLS

• This article is from: Linux Learning Tutorial Network

PROFTPD Configuring FTP over TLS record