I. Basic Environment 1, version cat /etc/debian_version 7.82, kernel uname -r3.2.0-4-amd643, proftpd version proftpd version  1.3.4A4, IP (eth0) 10.1.10.117 Server 10.1.10.160 Client 5, PROFTPD official website HTTP://WWW.PROFTPD.ORG/6, Requirements only allow FILEFTP users to connect and log in to FTP and lock in a custom home directory Other systems (anonymous) users cannot log in to FTP, listen to the eth0 address in this machine, install the configuration proftpd server 10.1.10.1171, Apt Install APT-GET -Y INSTALL PROFTPD-BASIC2, create FTP directory MKDIR /OPT/FTPDATA -P3, create FTP account and Change password 1) USERADD -S /BIN/FALSE FILEFTP -D /OPT/FTPDATA2) Echo fileftp:redhat|chpasswd4, Modify configuration 1) under Backup configuration Cp /etc/proftpd/proftpd.conf /etc/proftpd/proftpd.conf.bak2) cat /etc/proftpd/ proftpd.confinclude /etc/proftpd/modules.confRootLogin offIdentLookups offusereversedns offserverident offAllowStoreRestart onAllowRetrieveRestart onServerName "Debian" servertype standaloneMultilineRFC2228 onDefaultServer offListOptions "-L" denyfilter \*.*/ defaultroot /opt/ftpdatarequirevalidshell offdefaultaddress 10.1.10.117socketbindtight onPort 21maxinstances 30user proftpdGroup nogroupumask 022 022allowoverwrite ontransferlog /var/log/proftpd/xferlogSystemLog            /VAR/LOG/PROFTPD/PROFTPD.LOG5, configuration instructions include /etc/proftpd/modules.confRootLogin off #禁止root登录IdentLookups  &NBsp; off #禁止DNS反查UseReverseDNS off #禁止DNS反查ServerIdent off #隐藏版本号AllowStoreRestart on #支持上传续传AllowRetrieveRestart on #支持下载续传ServerName "Debian" #服务器名称ServerType standalone #使用standaloneWay to start the service multilinerfc2228 on #FTP安全扩展DefaultServer off #关闭默认主机ListOptions "-L" #DenyFilter \*.*/ #DefaultRoot /opt/ftpdata #锁定在/opt/ftpdata directory, you can go to the next level of directory requirevalidshell off #不指定ftp用户的shellDefaultAddress 10.1.10.117 #监听地址SocketBindTight onPort 21 #监听端口MaxInstances 30 # Maximum number of threads user proftpd #以proftpd用户运行Group nogroup #以nogroup组运行Umask 022 022 #用户文件属性AllowOverwrite on #能重写, cover transferlog /var/log/proftpd/xferlog #日志SystemLog /var/log/proftpd/proftpd.log #日志6, modify/etc/ Shell config file increased/bin/falseecho "/bin/false"  >> /ETC/SHELLS7,/etc/proftpd/ Modules.conf also needs to comment out 1 modulessed -i "s/loadmodule mod_tls_memcache.c/#LoadModule mod_tls_ Memcache.c/g " /etc/proftpd/modules.conf8, configuration/etc/ftpusers enable only fileftp user login FTP1) cp /etc/ftpusers / ETC/FTPUSERS.BAK2) cat /etc/passwd|grep -v "fileftp" |awk -f: ' {print $1} ' > /ETC/FTPUSERS9, restart PROFTPD service/etc/init.d/proftpd restart[ ok ] stopping ftp server: proftpd. [ ok ] starting ftp server: proftpd.10, viewing Port netstat -tupnl |grep 21tcp 0 0 10.1.10.117:21 0.0.0.0:* LISTEN 7441/proftpd: (ACCE11, View Process ps -ef |grep proftpdproftpd 7441 1 0 15:03 ? 00:00:00 proftpd: ( Accepting connections) Third, client test 10.1.10.1601, first install LFTPAPT-GET -Y INSTALL LFTP2, Create FILEFTP User FTP transfer directory mkdir /opt/ftpdata/fileftp -p && cd /opt/ftpdata/ Test lftp fileftp with lftp command under && CHOWN FILEFTP.FILEFTP FILEFTP3, Linux: ' Redhat ' @ 10.1.10.117lftp jimmy: ' Redhat ' @10.1.10.117lftp root: ' Redhat ' @10.1.10.117lftp 10.1.10.1174, view log can see only fileftp users can log in aug 05 15:54:14 debian proftpd[7660] 10.1.10.117: ProFTPD killed (signal 15) aug 05 15:54:14 debian proftpd[7660] 10.1.10.117: ProFTPD 1.3.4a standalone Mode shutdownaug 05 15:54:16 debian proftpd[7733] 10.1.10.117: proftpd 1.3.4a (maint) (BUILT THU SEP 4 2014 14:41:08 UTC) standalone mode startupaug 05 15:54:20 debian proftpd[7751] 10.1.10.117 (10.1.10.160[10.1.10.160]): ftp session opened. aug 05 15:54:20 debian proftpd[7751] 10.1.10.117 (10.1.10.160[10.1.10.160]): user anonymous: no such user found from 10.1.10.160 [10.1.10.160 ] to 10.1.10.117:21aug 05 15:54:23 debian proftpd[7751] 10.1.10.117 (10.1.10.160[10.1.10.160]): ftp session closed. aug 05 15:54:30 debian proftpd[7752] 10.1.10.117 (10.1.10.160[10.1.10.160]): ftp session opened. aug 05 15:54:30 debian proftpd[7752] 10.1.10.117 (10.1.10.160[10.1.10.160]): security violation: root login attempted. aug 05 15:54:33 debian proftpd[7752] 10.1.10.117 (10.1.10.160[10.1.10.160]): ftp session closed. aug 05 15:54:38 debian proftpd[7753] 10.1.10.117 (10.1.10.160[10.1.10.160]): ftp session opened. aug 05 15:54:40 debian proftpd[7753] 10.1.10.117 (10.1.10.160[10.1.10.160]): USER jimmy (login failed): user in /etc/ftpusersaug 05 15:54:40 debian proftpd[7753] 10.1.10.117 (10.1.10.160[10.1.10.160]): ftp seSsion closed. aug 05 15:54:47 debian proftpd[7754] 10.1.10.117 (10.1.10.160[10.1.10.160]): ftp session opened. aug 05 07:54:47 debian proftpd[7754] 10.1.10.117 (10.1.10.160[10.1.10.160]): Preparing to chroot to directory '/opt/ftpdata ' aug 05 07:54:47 debian proftpd[7754] 10.1.10.117 (10.1.10.160[10.1.10.160]): user fileftp: login  SUCCESSFUL.5, tool testing (FlashFXP)
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/71/01/wKioL1XDWkXRD36zAAJnZSzXKH0425.jpg "title=" Aaa.jpg "alt=" wkiol1xdwkxrd36zaajnzszxkh0425.jpg "/>
Four, the server configuration ssl1, install package APT-GET -Y INSTALL OPENSSL2, create a certificate (time 365 days) and fill in some relevant information openssl req -x509 -nodes -days 365 -newkey rsa:2048 -out /etc/ssl/certs/proftpd.pem - Keyout /etc/ssl/certs/proftpd.pemgenerating a 2048 bit rsa private key ......................................................................................................................... ...+++...................+++writing new private key to '/etc/ssl/certs/proftpd.pem '-- ---You are about to be asked to enter information that will be incorporatedinto your certificate request. what you are about to enter is what is called a Distinguished name or a dn. there are quite a few fields but you can leave some Blankfor some fields there will be a default value,if you enter '. ' , the field will be left blank.-----country name (2 letter Code) [AU]:CNState or Province Name (Full name) [some-state]: shanghailocality name (eg, city) []:shangahiOrganization Name (Eg, company) [Internet Widgits Pty Ltd]:aaaOrganizational Unit Name (eg, section) []:aaaCommon Name (E.g. server fqdn or your name) []:aaaemail address []:3, modify Permissions chmod 0400 /etc/ssl/certs/proftpd.pem4, modify/etc/proftpd/proftpd.conf support TLS added in the last tlsengine ontlsrequired ontlsprotocol tlsv1 sslv23tlslog /var/log/proftpd/ tls.logtlsrsacertificatefile /etc/ssl/certs/proftpd.pemtlsrsacertificatekeyfile /etc/ssl/certs/ PROFTPD.PEM5, restart service/etc/init.d/proftPd restart[ ok ] stopping ftp server: proftpd. [ ok ] starting ftp server: proftpd.6, Tool Test (FlashFXP)
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/71/05/wKiom1XDWKTSuTOqAAGGixSVGpw844.jpg "title=" Ddd.png "alt=" Wkiom1xdwktsutoqaaggixsvgpw844.jpg "/>
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/71/01/wKioL1XDWrCzp2d_AAGFae0ht1Y761.jpg "title=" Bbb.jpg "alt=" Wkiol1xdwrczp2d_aagfae0ht1y761.jpg "/>
650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/71/05/wKiom1XDWMDyVmi0AAKglAkHstU753.jpg "title=" Ccc.jpg "alt=" Wkiom1xdwmdyvmi0aakglakhstu753.jpg "/>
7. View Log aug 05 16:11:30 mod_tls/2.4.3[8577]: using default openssl verification locations (see $SSL _cert_dir environment variable) Aug 05 16:11:30 mod_tls/2.4.3[8577]: tls/tls-c requested, starting tls handshakeaug 05 16:11:30 mod_tls/2.4.3[8577]: tlsv1/sslv3 connection accepted, using cipher DHE-RSA-AES128-SHA (128 bits) aug 05 08:11:31 mod_tls/2.4.3[8577]: Protection set to PrivateAug 05 08:11:31 mod_tls/2.4.3[8577]: starting tls negotiation on data connectionaug 05 08:11:31 mod_tls/ 2.4.3[8577]: tlsv1/sslv3 renegotiation accepted, using cipher dhe-rsa-aes128-sha (128 bits) Aug 05 08:11:31 mod_tls/2.4.3[8577]: client reused ssl session for data connectionaUg 05 08:11:31 mod_tls/2.4.3[8577]: tlsv1/sslv3 data connection accepted, using cipher DHE-RSA-AES128-SHA (128 bits) aug 05 16:33:45 mod_tls/ 2.4.3[8609]: using default openssl verification locations (see $SSL _cert_ dir environment variable) aug 05 16:33:45 mod_tls/2.4.3[8609]: ssl/tls required but absent for authentication, denying user commandaug 05 16:33:45 mod_tls/2.4.3[8610]: using default openssl verification locations (see $SSL _cert_dir environment variable) aug 05 16:34:48 mod_tls/2.4.3[8611 ]: using default openssl verification locations (see $SSL _cert_dir environment variable) aug 05 16:34:48 mod_tls/2.4.3[8611]: tls/tls-c requested, starting tls handshakeaug 05 16:34:48 mod_tls/2.4.3[8611]: client supports secure renegotiationsaug 05 16:34:48 mod_tls/2.4.3[8611]: tlsv1/sslv3 connection accepted, using cipher dhe-rsa-aes256-gcm-sha384 (256 bits) Aug 05 08:35:11 mod_tls/2.4.3[8611]: protection set to privateaug 05 08:35:11 mod_tls /2.4.3[8611]: starting tls negotiation on data connectionaug 05 08:35:11 mod_tls/2.4.3[8611]: tlsv1/sslv3 renegotiation accepted, using cipher DHE-RSA-AES256-GCM-SHA384 (256 bits) aug 05 08:35:11 mod_tls/2.4.3[8611]: Client reused ssl session for data connectionaug 05 08:35:11 mod_ tls/2.4.3[8611]: tlsv1/sslv3 data connection accepted, using cipher dhe-rsa-aes256-gcm-sha384 (256 Bits
This article is from the "7928217" blog, please be sure to keep this source http://7938217.blog.51cto.com/7928217/1682397
PROFTPD+SSL Installation and use