PROFTPD+SSL Installation and use

I. Basic Environment 1, version cat /etc/debian_version 7.82, kernel uname -r3.2.0-4-amd643, proftpd version proftpd version  1.3.4A4, IP (eth0) 10.1.10.117 Server 10.1.10.160 Client 5, PROFTPD official website HTTP://WWW.PROFTPD.ORG/6, Requirements only allow FILEFTP users to connect and log in to FTP and lock in a custom home directory   Other systems (anonymous) users cannot log in to FTP, listen to the eth0 address in this machine, install the configuration proftpd server 10.1.10.1171, Apt Install APT-GET -Y INSTALL PROFTPD-BASIC2, create FTP directory MKDIR /OPT/FTPDATA -P3, create FTP account and Change password 1) USERADD -S /BIN/FALSE FILEFTP -D /OPT/FTPDATA2) Echo fileftp:redhat|chpasswd4, Modify configuration 1) under Backup configuration Cp /etc/proftpd/proftpd.conf /etc/proftpd/proftpd.conf.bak2) cat /etc/proftpd/ proftpd.confinclude                  /etc/proftpd/modules.confRootLogin                offIdentLookups             offusereversedns           offserverident              offAllowStoreRestart       onAllowRetrieveRestart     onServerName         "Debian" servertype         standaloneMultilineRFC2228    onDefaultServer         offListOptions                  "-L" denyfilter        \*.*/ defaultroot        /opt/ftpdatarequirevalidshell     offdefaultaddress          10.1.10.117socketbindtight          onPort             21maxinstances        30user             proftpdGroup             nogroupumask            022   022allowoverwrite        ontransferlog              /var/log/proftpd/xferlogSystemLog                /VAR/LOG/PROFTPD/PROFTPD.LOG5, configuration instructions include  /etc/proftpd/modules.confRootLogin off                                                    #禁止root登录IdentLookups  &NBsp;          off                                     #禁止DNS反查UseReverseDNS  off                                                #禁止DNS反查ServerIdent  off                                                  #隐藏版本号AllowStoreRestart  on                                            #支持上传续传AllowRetrieveRestart  on                                         #支持下载续传ServerName               "Debian"                                     #服务器名称ServerType              standalone                                  #使用standaloneWay to start the service multilinerfc2228        on                                      #FTP安全扩展DefaultServer              off                                     #关闭默认主机ListOptions                       "-L"                                 #DenyFilter              \*.*/                                      #DefaultRoot             /opt/ftpdata                                #锁定在/opt/ftpdata directory, you can go to the next level of directory requirevalidshell         off                                     #不指定ftp用户的shellDefaultAddress          10.1.10.117                              #监听地址SocketBindTight              onPort                 21                                          #监听端口MaxInstances              30                                    # Maximum number of threads user                 proftpd                                    #以proftpd用户运行Group                  nogroup                                     #以nogroup组运行Umask                  022  022                                    #用户文件属性AllowOverwrite             on                                      #能重写, cover transferlog /var/log/proftpd/xferlog                            #日志SystemLog    /var/log/proftpd/proftpd.log                       #日志6, modify/etc/ Shell config file increased/bin/falseecho  "/bin/false"  >> /ETC/SHELLS7,/etc/proftpd/ Modules.conf also needs to comment out 1 modulessed -i  "s/loadmodule mod_tls_memcache.c/#LoadModule  mod_tls_ Memcache.c/g " /etc/proftpd/modules.conf8, configuration/etc/ftpusers enable only fileftp user login FTP1) cp /etc/ftpusers / ETC/FTPUSERS.BAK2) cat /etc/passwd|grep -v  "fileftp" |awk -f:  ' {print $1} '   > /ETC/FTPUSERS9, restart PROFTPD service/etc/init.d/proftpd restart[ ok ] stopping ftp  server: proftpd. [ ok ] starting ftp server: proftpd.10, viewing Port netstat -tupnl |grep 21tcp         0      0 10.1.10.117:21           0.0.0.0:*                LISTEN      7441/proftpd:  (ACCE11, View Process ps -ef |grep proftpdproftpd    7441       1  0 15:03 ?        00:00:00 proftpd:  ( Accepting connections)    Third, client test 10.1.10.1601, first install LFTPAPT-GET -Y INSTALL LFTP2, Create FILEFTP User FTP transfer directory mkdir /opt/ftpdata/fileftp -p && cd /opt/ftpdata/  Test lftp fileftp with lftp command under && CHOWN FILEFTP.FILEFTP FILEFTP3, Linux: ' Redhat ' @ 10.1.10.117lftp jimmy: ' Redhat ' @10.1.10.117lftp root: ' Redhat ' @10.1.10.117lftp 10.1.10.1174, view log can see only fileftp users can log in aug 05 15:54:14  debian proftpd[7660] 10.1.10.117: ProFTPD killed  (signal 15) aug 05  15:54:14 debian proftpd[7660] 10.1.10.117: ProFTPD 1.3.4a standalone  Mode shutdownaug 05 15:54:16 debian proftpd[7733] 10.1.10.117: proftpd  1.3.4a  (maint)   (BUILT THU SEP 4 2014 14:41:08 UTC)   standalone mode startupaug 05 15:54:20 debian proftpd[7751] 10.1.10.117   (10.1.10.160[10.1.10.160]):  ftp session opened. aug 05 15:54:20 debian proftpd[7751] 10.1.10.117  (10.1.10.160[10.1.10.160]):  user anonymous: no such user found from 10.1.10.160 [10.1.10.160 ] to 10.1.10.117:21aug 05 15:54:23 debian proftpd[7751] 10.1.10.117  (10.1.10.160[10.1.10.160]):  ftp session closed. aug 05 15:54:30 debian proftpd[7752] 10.1.10.117  (10.1.10.160[10.1.10.160]):  ftp session opened. aug 05 15:54:30 debian proftpd[7752] 10.1.10.117  (10.1.10.160[10.1.10.160]):  security violation: root login attempted. aug 05 15:54:33 debian proftpd[7752] 10.1.10.117  (10.1.10.160[10.1.10.160]):  ftp session closed. aug 05 15:54:38 debian proftpd[7753] 10.1.10.117  (10.1.10.160[10.1.10.160]):  ftp session opened. aug 05 15:54:40 debian proftpd[7753] 10.1.10.117  (10.1.10.160[10.1.10.160]):  USER jimmy  (login failed):  user in /etc/ftpusersaug 05 15:54:40  debian proftpd[7753] 10.1.10.117  (10.1.10.160[10.1.10.160]):  ftp seSsion closed. aug 05 15:54:47 debian proftpd[7754] 10.1.10.117  (10.1.10.160[10.1.10.160]):  ftp session opened. aug 05 07:54:47 debian proftpd[7754] 10.1.10.117  (10.1.10.160[10.1.10.160]):  Preparing to chroot to directory  '/opt/ftpdata ' aug 05 07:54:47  debian proftpd[7754] 10.1.10.117  (10.1.10.160[10.1.10.160]):  user fileftp: login  SUCCESSFUL.5, tool testing (FlashFXP)

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/71/01/wKioL1XDWkXRD36zAAJnZSzXKH0425.jpg "title=" Aaa.jpg "alt=" wkiol1xdwkxrd36zaajnzszxkh0425.jpg "/>

Four, the server configuration ssl1, install package APT-GET -Y INSTALL OPENSSL2, create a certificate (time 365 days) and fill in some relevant information openssl req -x509  -nodes -days 365 -newkey rsa:2048 -out /etc/ssl/certs/proftpd.pem - Keyout /etc/ssl/certs/proftpd.pemgenerating a 2048 bit rsa private key ......................................................................................................................... ...+++...................+++writing new private key to  '/etc/ssl/certs/proftpd.pem '-- ---You are about to be asked to enter information that will  be incorporatedinto your certificate request. what you are about to enter is what is called a  Distinguished name or a dn. there are quite a few fields but you can leave some  Blankfor some fields there will be a default value,if you enter  '. ' ,  the field will be left blank.-----country name  (2 letter  Code)  [AU]:CNState or Province Name  (Full name)  [some-state]: shanghailocality name  (eg, city)  []:shangahiOrganization Name  (Eg, company)  [Internet Widgits Pty Ltd]:aaaOrganizational Unit Name  (eg, section)  []:aaaCommon Name  (E.g. server fqdn or your name)  []:aaaemail  address []:3, modify Permissions chmod 0400 /etc/ssl/certs/proftpd.pem4, modify/etc/proftpd/proftpd.conf support TLS   added in the last tlsengine ontlsrequired ontlsprotocol tlsv1 sslv23tlslog /var/log/proftpd/ tls.logtlsrsacertificatefile /etc/ssl/certs/proftpd.pemtlsrsacertificatekeyfile /etc/ssl/certs/ PROFTPD.PEM5, restart service/etc/init.d/proftPd restart[ ok ] stopping ftp server: proftpd. [ ok ] starting ftp server: proftpd.6, Tool Test (FlashFXP)

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/71/05/wKiom1XDWKTSuTOqAAGGixSVGpw844.jpg "title=" Ddd.png "alt=" Wkiom1xdwktsutoqaaggixsvgpw844.jpg "/>

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/71/01/wKioL1XDWrCzp2d_AAGFae0ht1Y761.jpg "title=" Bbb.jpg "alt=" Wkiol1xdwrczp2d_aagfae0ht1y761.jpg "/>

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/71/05/wKiom1XDWMDyVmi0AAKglAkHstU753.jpg "title=" Ccc.jpg "alt=" Wkiom1xdwmdyvmi0aakglakhstu753.jpg "/>

7. View Log aug 05 16:11:30 mod_tls/2.4.3[8577]: using default openssl  verification locations  (see  $SSL _cert_dir environment variable) Aug 05  16:11:30 mod_tls/2.4.3[8577]: tls/tls-c requested, starting tls handshakeaug  05 16:11:30 mod_tls/2.4.3[8577]: tlsv1/sslv3 connection accepted, using  cipher DHE-RSA-AES128-SHA  (128 bits) aug 05 08:11:31 mod_tls/2.4.3[8577]:  Protection set to PrivateAug 05 08:11:31 mod_tls/2.4.3[8577]:  starting tls negotiation on data connectionaug 05 08:11:31 mod_tls/ 2.4.3[8577]: tlsv1/sslv3 renegotiation accepted, using cipher dhe-rsa-aes128-sha   (128 bits) Aug 05 08:11:31 mod_tls/2.4.3[8577]: client reused ssl  session for data connectionaUg 05 08:11:31 mod_tls/2.4.3[8577]: tlsv1/sslv3 data connection accepted,  using cipher DHE-RSA-AES128-SHA  (128 bits) aug 05 16:33:45 mod_tls/ 2.4.3[8609]: using default openssl verification locations  (see  $SSL _cert_ dir environment variable) aug 05 16:33:45 mod_tls/2.4.3[8609]: ssl/tls  required but absent for authentication, denying user commandaug 05  16:33:45 mod_tls/2.4.3[8610]: using default openssl verification locations   (see  $SSL _cert_dir environment variable) aug 05 16:34:48 mod_tls/2.4.3[8611 ]: using default openssl verification locations  (see  $SSL _cert_dir  environment variable) aug 05 16:34:48 mod_tls/2.4.3[8611]: tls/tls-c requested,  starting tls handshakeaug 05 16:34:48 mod_tls/2.4.3[8611]: client supports secure  renegotiationsaug 05 16:34:48 mod_tls/2.4.3[8611]: tlsv1/sslv3 connection  accepted, using cipher dhe-rsa-aes256-gcm-sha384  (256 bits) Aug 05 08:35:11  mod_tls/2.4.3[8611]: protection set to privateaug 05 08:35:11 mod_tls /2.4.3[8611]: starting tls negotiation on data connectionaug 05  08:35:11 mod_tls/2.4.3[8611]: tlsv1/sslv3 renegotiation accepted, using cipher  DHE-RSA-AES256-GCM-SHA384  (256 bits) aug 05 08:35:11 mod_tls/2.4.3[8611]:  Client reused ssl session for data connectionaug 05 08:35:11 mod_ tls/2.4.3[8611]: tlsv1/sslv3 data connection accepted, using cipher  dhe-rsa-aes256-gcm-sha384  (256 Bits 

This article is from the "7928217" blog, please be sure to keep this source http://7938217.blog.51cto.com/7928217/1682397

PROFTPD+SSL Installation and use