PROFTPD+SSL Installation and use

Source: Internet
Author: User
Tags ftp transfer

I. Basic Environment 1, version cat /etc/debian_version 7.82, kernel uname -r3.2.0-4-amd643, proftpd version proftpd version  1.3.4A4, IP (eth0) 10.1.10.117 Server 10.1.10.160 Client 5, PROFTPD official website HTTP://WWW.PROFTPD.ORG/6, Requirements only allow FILEFTP users to connect and log in to FTP and lock in a custom home directory   Other systems (anonymous) users cannot log in to FTP, listen to the eth0 address in this machine, install the configuration proftpd server 10.1.10.1171, Apt Install APT-GET -Y INSTALL PROFTPD-BASIC2, create FTP directory MKDIR /OPT/FTPDATA -P3, create FTP account and Change password 1) USERADD -S /BIN/FALSE FILEFTP -D /OPT/FTPDATA2) Echo fileftp:redhat|chpasswd4, Modify configuration 1) under Backup configuration Cp /etc/proftpd/proftpd.conf /etc/proftpd/proftpd.conf.bak2) cat /etc/proftpd/ proftpd.confinclude                  /etc/proftpd/modules.confRootLogin                offIdentLookups             offusereversedns           offserverident              offAllowStoreRestart       onAllowRetrieveRestart     onServerName         "Debian" servertype         standaloneMultilineRFC2228    onDefaultServer         offListOptions                  "-L" denyfilter        \*.*/ defaultroot        /opt/ftpdatarequirevalidshell     offdefaultaddress          10.1.10.117socketbindtight          onPort             21maxinstances        30user             proftpdGroup             nogroupumask            022   022allowoverwrite        ontransferlog              /var/log/proftpd/xferlogSystemLog                /VAR/LOG/PROFTPD/PROFTPD.LOG5, configuration instructions include  /etc/proftpd/modules.confRootLogin off                                                    #禁止root登录IdentLookups  &NBsp;          off                                     #禁止DNS反查UseReverseDNS  off                                                #禁止DNS反查ServerIdent  off                                                  #隐藏版本号AllowStoreRestart  on                                            #支持上传续传AllowRetrieveRestart  on                                         #支持下载续传ServerName               "Debian"                                     #服务器名称ServerType              standalone                                  #使用standaloneWay to start the service multilinerfc2228        on                                      #FTP安全扩展DefaultServer              off                                     #关闭默认主机ListOptions                       "-L"                                 #DenyFilter              \*.*/                                      #DefaultRoot             /opt/ftpdata                                #锁定在/opt/ftpdata directory, you can go to the next level of directory requirevalidshell         off                                     #不指定ftp用户的shellDefaultAddress          10.1.10.117                              #监听地址SocketBindTight              onPort                 21                                          #监听端口MaxInstances              30                                    # Maximum number of threads user                 proftpd                                    #以proftpd用户运行Group                  nogroup                                     #以nogroup组运行Umask                  022  022                                    #用户文件属性AllowOverwrite             on                                      #能重写, cover transferlog /var/log/proftpd/xferlog                            #日志SystemLog    /var/log/proftpd/proftpd.log                       #日志6, modify/etc/ Shell config file increased/bin/falseecho  "/bin/false"  >> /ETC/SHELLS7,/etc/proftpd/ Modules.conf also needs to comment out 1 modulessed -i  "s/loadmodule mod_tls_memcache.c/#LoadModule  mod_tls_ Memcache.c/g " /etc/proftpd/modules.conf8, configuration/etc/ftpusers enable only fileftp user login FTP1) cp /etc/ftpusers / ETC/FTPUSERS.BAK2) cat /etc/passwd|grep -v  "fileftp" |awk -f:  ' {print $1} '   > /ETC/FTPUSERS9, restart PROFTPD service/etc/init.d/proftpd restart[ ok ] stopping ftp  server: proftpd. [ ok ] starting ftp server: proftpd.10, viewing Port netstat -tupnl |grep 21tcp         0      0 10.1.10.117:21           0.0.0.0:*                LISTEN      7441/proftpd:  (ACCE11, View Process ps -ef |grep proftpdproftpd    7441       1  0 15:03 ?        00:00:00 proftpd:  ( Accepting connections)    Third, client test 10.1.10.1601, first install LFTPAPT-GET -Y INSTALL LFTP2, Create FILEFTP User FTP transfer directory mkdir /opt/ftpdata/fileftp -p && cd /opt/ftpdata/  Test lftp fileftp with lftp command under && CHOWN FILEFTP.FILEFTP FILEFTP3, Linux: ' Redhat ' @ 10.1.10.117lftp jimmy: ' Redhat ' @10.1.10.117lftp root: ' Redhat ' @10.1.10.117lftp 10.1.10.1174, view log can see only fileftp users can log in aug 05 15:54:14  debian proftpd[7660] 10.1.10.117: ProFTPD killed  (signal 15) aug 05  15:54:14 debian proftpd[7660] 10.1.10.117: ProFTPD 1.3.4a standalone  Mode shutdownaug 05 15:54:16 debian proftpd[7733] 10.1.10.117: proftpd  1.3.4a  (maint)   (BUILT THU SEP 4 2014 14:41:08 UTC)   standalone mode startupaug 05 15:54:20 debian proftpd[7751] 10.1.10.117   (10.1.10.160[10.1.10.160]):  ftp session opened. aug 05 15:54:20 debian proftpd[7751] 10.1.10.117  (10.1.10.160[10.1.10.160]):  user anonymous: no such user found from 10.1.10.160 [10.1.10.160 ] to 10.1.10.117:21aug 05 15:54:23 debian proftpd[7751] 10.1.10.117  (10.1.10.160[10.1.10.160]):  ftp session closed. aug 05 15:54:30 debian proftpd[7752] 10.1.10.117  (10.1.10.160[10.1.10.160]):  ftp session opened. aug 05 15:54:30 debian proftpd[7752] 10.1.10.117  (10.1.10.160[10.1.10.160]):  security violation: root login attempted. aug 05 15:54:33 debian proftpd[7752] 10.1.10.117  (10.1.10.160[10.1.10.160]):  ftp session closed. aug 05 15:54:38 debian proftpd[7753] 10.1.10.117  (10.1.10.160[10.1.10.160]):  ftp session opened. aug 05 15:54:40 debian proftpd[7753] 10.1.10.117  (10.1.10.160[10.1.10.160]):  USER jimmy  (login failed):  user in /etc/ftpusersaug 05 15:54:40  debian proftpd[7753] 10.1.10.117  (10.1.10.160[10.1.10.160]):  ftp seSsion closed. aug 05 15:54:47 debian proftpd[7754] 10.1.10.117  (10.1.10.160[10.1.10.160]):  ftp session opened. aug 05 07:54:47 debian proftpd[7754] 10.1.10.117  (10.1.10.160[10.1.10.160]):  Preparing to chroot to directory  '/opt/ftpdata ' aug 05 07:54:47  debian proftpd[7754] 10.1.10.117  (10.1.10.160[10.1.10.160]):  user fileftp: login  SUCCESSFUL.5, tool testing (FlashFXP)

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/71/01/wKioL1XDWkXRD36zAAJnZSzXKH0425.jpg "title=" Aaa.jpg "alt=" wkiol1xdwkxrd36zaajnzszxkh0425.jpg "/>

Four, the server configuration ssl1, install package APT-GET -Y INSTALL OPENSSL2, create a certificate (time 365 days) and fill in some relevant information openssl req -x509  -nodes -days 365 -newkey rsa:2048 -out /etc/ssl/certs/proftpd.pem - Keyout /etc/ssl/certs/proftpd.pemgenerating a 2048 bit rsa private key ......................................................................................................................... ...+++...................+++writing new private key to  '/etc/ssl/certs/proftpd.pem '-- ---You are about to be asked to enter information that will  be incorporatedinto your certificate request. what you are about to enter is what is called a  Distinguished name or a dn. there are quite a few fields but you can leave some  Blankfor some fields there will be a default value,if you enter  '. ' ,  the field will be left blank.-----country name  (2 letter  Code)  [AU]:CNState or Province Name  (Full name)  [some-state]: shanghailocality name  (eg, city)  []:shangahiOrganization Name  (Eg, company)  [Internet Widgits Pty Ltd]:aaaOrganizational Unit Name  (eg, section)  []:aaaCommon Name  (E.g. server fqdn or your name)  []:aaaemail  address []:3, modify Permissions chmod 0400 /etc/ssl/certs/proftpd.pem4, modify/etc/proftpd/proftpd.conf support TLS   added in the last tlsengine ontlsrequired ontlsprotocol tlsv1 sslv23tlslog /var/log/proftpd/ tls.logtlsrsacertificatefile /etc/ssl/certs/proftpd.pemtlsrsacertificatekeyfile /etc/ssl/certs/ PROFTPD.PEM5, restart service/etc/init.d/proftPd restart[ ok ] stopping ftp server: proftpd. [ ok ] starting ftp server: proftpd.6, Tool Test (FlashFXP)

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/71/05/wKiom1XDWKTSuTOqAAGGixSVGpw844.jpg "title=" Ddd.png "alt=" Wkiom1xdwktsutoqaaggixsvgpw844.jpg "/>

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/71/01/wKioL1XDWrCzp2d_AAGFae0ht1Y761.jpg "title=" Bbb.jpg "alt=" Wkiol1xdwrczp2d_aagfae0ht1y761.jpg "/>

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/71/05/wKiom1XDWMDyVmi0AAKglAkHstU753.jpg "title=" Ccc.jpg "alt=" Wkiom1xdwmdyvmi0aakglakhstu753.jpg "/>

7. View Log aug 05 16:11:30 mod_tls/2.4.3[8577]: using default openssl  verification locations  (see  $SSL _cert_dir environment variable) Aug 05  16:11:30 mod_tls/2.4.3[8577]: tls/tls-c requested, starting tls handshakeaug  05 16:11:30 mod_tls/2.4.3[8577]: tlsv1/sslv3 connection accepted, using  cipher DHE-RSA-AES128-SHA  (128 bits) aug 05 08:11:31 mod_tls/2.4.3[8577]:  Protection set to PrivateAug 05 08:11:31 mod_tls/2.4.3[8577]:  starting tls negotiation on data connectionaug 05 08:11:31 mod_tls/ 2.4.3[8577]: tlsv1/sslv3 renegotiation accepted, using cipher dhe-rsa-aes128-sha   (128 bits) Aug 05 08:11:31 mod_tls/2.4.3[8577]: client reused ssl  session for data connectionaUg 05 08:11:31 mod_tls/2.4.3[8577]: tlsv1/sslv3 data connection accepted,  using cipher DHE-RSA-AES128-SHA  (128 bits) aug 05 16:33:45 mod_tls/ 2.4.3[8609]: using default openssl verification locations  (see  $SSL _cert_ dir environment variable) aug 05 16:33:45 mod_tls/2.4.3[8609]: ssl/tls  required but absent for authentication, denying user commandaug 05  16:33:45 mod_tls/2.4.3[8610]: using default openssl verification locations   (see  $SSL _cert_dir environment variable) aug 05 16:34:48 mod_tls/2.4.3[8611 ]: using default openssl verification locations  (see  $SSL _cert_dir  environment variable) aug 05 16:34:48 mod_tls/2.4.3[8611]: tls/tls-c requested,  starting tls handshakeaug 05 16:34:48 mod_tls/2.4.3[8611]: client supports secure  renegotiationsaug 05 16:34:48 mod_tls/2.4.3[8611]: tlsv1/sslv3 connection  accepted, using cipher dhe-rsa-aes256-gcm-sha384  (256 bits) Aug 05 08:35:11  mod_tls/2.4.3[8611]: protection set to privateaug 05 08:35:11 mod_tls /2.4.3[8611]: starting tls negotiation on data connectionaug 05  08:35:11 mod_tls/2.4.3[8611]: tlsv1/sslv3 renegotiation accepted, using cipher  DHE-RSA-AES256-GCM-SHA384  (256 bits) aug 05 08:35:11 mod_tls/2.4.3[8611]:  Client reused ssl session for data connectionaug 05 08:35:11 mod_ tls/2.4.3[8611]: tlsv1/sslv3 data connection accepted, using cipher  dhe-rsa-aes256-gcm-sha384  (256 Bits 


This article is from the "7928217" blog, please be sure to keep this source http://7938217.blog.51cto.com/7928217/1682397

PROFTPD+SSL Installation and use

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.