proftpd配置ftp over TLS實錄

proftpd配置ftp over TLS實錄 先安裝proftpd，然後找到proftpd.conf檔案並添加以下幾行 TLSEngine onTLSRequired onTLSRSACertificateFile      /usr/local/etc/proftpd.pemTLSRSACertificateKeyFile   /usr/local/etc/proftpd.pemTLSCipherSuite ALL:!ADH:!DESTLSOptions NoCertRequesTLSVerifyClient offTLSRenegotiate ctrl 3600 data 512000 required off timeout 300TLSLog /var/log/proftpd/tls.log 再產生認證檔案cd /usr/local/etcopenssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout /usr/local/etc/proftpd.pem -out /usr/local/etc/proftpd.pem 再次修改proftpd.conf檔案# 'proftpd.conf' for actual use.  It establishes a single server# and a single anonymous login.  It assumes that you have a user/group# "nobody" and "ftp" for normal operation and anon. ServerName                      "ProFTPD Default Installation"ServerType                      standaloneDefaultServer                   on # Port 21 is the standard FTP port.Port       990                         修改監聽連接埠 # Don't use IPv6 support by default.UseIPv6                         off # Umask 022 is a good standard umask to prevent new dirs and files# from being group and world writable.Umask                           022 # To prevent DoS attacks, set the maximum number of child processes# to 30.  If you need to allow more than 30 concurrent connections# at once, simply increase this value.  Note that this ONLY works# in standalone mode, in inetd mode you should use an inetd server# that allows you to limit maximum number of processes per service# (such as xinetd).MaxInstances                    30 # Set the user and group under which the server will run.User                   ftp            配置啟動proftpd的使用者Group                   users    # To cause every FTP user to be "jailed" (chrooted) into their home# directory, uncomment this line.DefaultRoot /data/test                指定ftp登入進來後的根目錄 # Normally, we want files to be overwriteable.AllowOverwrite          on TLSEngine  on           開啟TLSTLSRequired  on        串連必須用TLSTLSRSACertificateFile      /usr/local/etc/proftpd.pem             指定認證檔案TLSRSACertificateKeyFile   /usr/local/etc/proftpd.pem           指定認證key檔案TLSCipherSuite  ALL:!ADH:!DESTLSOptions  NoCertRequestTLSVerifyClient  offTLSRenegotiate  ctrl 3600 data 512000 required off timeout 300TLSLog  /var/log/proftpd/tls.log # Bar use of SITE CHMOD by default<Limit SITE_CHMOD>  DenyAll</Limit> # A basic anonymous configuration, no upload directories.  If you do not# want anonymous users, simply delete this entire <Anonymous> section.<Anonymous ~ftp>  User                          ftp  Group                         ftp   # We want clients to be able to login with "anonymous" as well as "ftp"  UserAlias                     anonymous ftp   # Limit the maximum number of anonymous logins  MaxClients                    10   # We want 'welcome.msg' displayed at login, and '.message' displayed  # in each newly chdired directory.  DisplayLogin                  welcome.msg  DisplayChdir                  .message   # Limit WRITE everywhere in the anonymous chroot  <Limit WRITE>    DenyAll  </Limit></Anonymous>   <Limit LOGIN>   DenyUser !ftp        禁止除ftp以外的使用者登入ftp server  </Limit> PassivePorts 9900 9930         指定passive模式所用連接埠ExtendedLog /var/log/proftpd/access.log WRITE,READ default         ExtendedLog /var/log/proftpd/auth.log AUTH auth  建立啟動指令碼cd /sbin/init.dvi proftpd #!/bin/sh   FTPD_BIN=/usr/local/proftpd/sbin/proftpd   FTPD_CONF=/usr/local/proftpd/etc/proftpd.conf   PIDFILE=/usr/local/proftpd/var/proftpd.pid   if [ -f $PIDFILE ]; then   pid=`cat $PIDFILE`   fi   if [ ! -x $FTPD_BIN ]; then   echo "$0: $FTPD_BIN: cannot execute"   exit 1   fi   case $1 in   start)   if [ -n "$pid" ]; then   echo "$0: proftpd [PID $pid] already running"   exit   fi   if [ -r $FTPD_CONF ]; then   echo "Starting proftpd..."   $FTPD_BIN -c $FTPD_CONF   else   echo "$0: cannot start proftpd -- $FTPD_CONF missing"   fi   ;;   stop)   if [ -n "$pid" ]; then   echo "Stopping proftpd..."   kill -TERM $pid   else   echo "$0: proftpd not running"   exit 1   fi   ;;   restart)   if [ -n "$pid" ]; then   echo "Rehashing proftpd configuration"   kill -HUP $pid   else   echo "$0: proftpd not running"   exit 1   fi   ;;   *)   echo "usage: $0 {start|stop|restart}"   exit 1   ;;   esac   exit 0   儲存檔案後chmod 600 proftpd現在可以通過指令碼啟動、停止、重啟proftpd./proftpd start |stop |restart 使用ftp用戶端軟體通過顯示的ftp over TLS串連到proftpd