知识屋:更实用的电脑技术知识网站
所在位置:首页 > 操作系统 > linux

proftpd配置ftp over TLS实录

发布时间:2014-09-05 14:58:15作者:知识屋

proftpd配置ftp over TLS实录
 
先安装proftpd,然后找到proftpd.conf文件并添加以下几行
 
TLSEngine on
TLSRequired on
TLSRSACertificateFile      /usr/local/etc/proftpd.pem
TLSRSACertificateKeyFile   /usr/local/etc/proftpd.pem
TLSCipherSuite ALL:!ADH:!DES
TLSOptions NoCertReques
TLSVerifyClient off
TLSRenegotiate ctrl 3600 data 512000 required off timeout 300
TLSLog /var/log/proftpd/tls.log
 
再生成证书文件
cd /usr/local/etc
openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout /usr/local/etc/proftpd.pem -out /usr/local/etc/proftpd.pem
 
再次修改proftpd.conf文件
# 'proftpd.conf' for actual use.  It establishes a single server
# and a single anonymous login.  It assumes that you have a user/group
# "nobody" and "ftp" for normal operation and anon.
 
ServerName                      "ProFTPD Default Installation"
ServerType                      standalone
DefaultServer                   on
 
# Port 21 is the standard FTP port.
Port       990                         修改监听端口
 
# Don't use IPv6 support by default.
UseIPv6                         off
 
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask                           022
 
# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd).
MaxInstances                    30
 
# Set the user and group under which the server will run.
User                   ftp            配置启动proftpd的用户
Group                   users   
 
# To cause every FTP user to be "jailed" (chrooted) into their home
# directory, uncomment this line.
DefaultRoot /data/test                指定ftp登录进来后的根目录
 
# Normally, we want files to be overwriteable.
AllowOverwrite          on
 
TLSEngine  on           开启TLS
TLSRequired  on        连接必须用TLS
TLSRSACertificateFile      /usr/local/etc/proftpd.pem             指定证书文件
TLSRSACertificateKeyFile   /usr/local/etc/proftpd.pem           指定证书key文件
TLSCipherSuite  ALL:!ADH:!DES
TLSOptions  NoCertRequest
TLSVerifyClient  off
TLSRenegotiate  ctrl 3600 data 512000 required off timeout 300
TLSLog  /var/log/proftpd/tls.log
 
# Bar use of SITE CHMOD by default
<Limit SITE_CHMOD>
  DenyAll
</Limit>
 
# A basic anonymous configuration, no upload directories.  If you do not
# want anonymous users, simply delete this entire <Anonymous> section.
<Anonymous ~ftp>
  User                          ftp
  Group                         ftp
 
  # We want clients to be able to login with "anonymous" as well as "ftp"
  UserAlias                     anonymous ftp
 
  # Limit the maximum number of anonymous logins
  MaxClients                    10
 
  # We want 'welcome.msg' displayed at login, and '.message' displayed
  # in each newly chdired directory.
  DisplayLogin                  welcome.msg
  DisplayChdir                  .message
 
  # Limit WRITE everywhere in the anonymous chroot
  <Limit WRITE>
    DenyAll
  </Limit>
</Anonymous>
 
  <Limit LOGIN>
   DenyUser !ftp        禁止除ftp以外的用户登录ftp server
  </Limit>
 
PassivePorts 9900 9930         指定passive模式所用端口
ExtendedLog /var/log/proftpd/access.log WRITE,READ default         
ExtendedLog /var/log/proftpd/auth.log AUTH auth
 
 
创建启动脚本
cd /sbin/init.d
vi proftpd
 
#!/bin/sh  
 
FTPD_BIN=/usr/local/proftpd/sbin/proftpd  
 
FTPD_CONF=/usr/local/proftpd/etc/proftpd.conf  
 
PIDFILE=/usr/local/proftpd/var/proftpd.pid  
 
if [ -f $PIDFILE ]; then  
 
pid=`cat $PIDFILE`  
 
fi  
 
if [ ! -x $FTPD_BIN ]; then  
 
echo "$0: $FTPD_BIN: cannot execute"  
 
exit 1  
 
fi  
 
case $1 in  
 
start)  
 
if [ -n "$pid" ]; then  
 
echo "$0: proftpd [PID $pid] already running"  
 
exit  
 
fi  
 
if [ -r $FTPD_CONF ]; then  
 
echo "Starting proftpd..."  
 
$FTPD_BIN -c $FTPD_CONF  
 
else  
 
echo "$0: cannot start proftpd -- $FTPD_CONF missing"  
 
fi  
 
;;  
 
stop)  
 
if [ -n "$pid" ]; then  
 
echo "Stopping proftpd..."  
 
kill -TERM $pid  
 
else  
 
echo "$0: proftpd not running"  
 
exit 1  
 
fi  
 
;;  
 
restart)  
 
if [ -n "$pid" ]; then  
 
echo "Rehashing proftpd configuration"  
 
kill -HUP $pid  
 
else  
 
echo "$0: proftpd not running"  
 
exit 1  
 
fi  
 
;;  
 
*)  
 
echo "usage: $0 {start|stop|restart}"  
 
exit 1  
 
;;  
 
esac  
 
exit 0  
 
保存文件后chmod 600 proftpd
现在可以通过脚本启动、停止、重启proftpd
./proftpd start |stop |restart
 
使用ftp客户端软件通过显示的ftp over TLS连接到proftpd
 
(免责声明:文章内容如涉及作品内容、版权和其它问题,请及时与我们联系,我们将在第一时间删除内容,文章内容仅供参考)
收藏
  • 人气文章
  • 最新文章
  • 下载排行榜
  • 热门排行榜