知识屋:更实用的电脑技术知识网站
知识屋 手机游戏 手机软件 电脑软件 最近更新 手机端
冒险村物语 英雄无敌3塔防 驾考家园手游
password怎么用?p 诺诺视频会议怎 网易UU网游加速
所在位置:首页 > 操作系统 > linux

proftpd配置ftp over TLS实录

发布时间:2014-09-05 14:58:15作者:知识屋

proftpd配置ftp over TLS实录
 
先安装proftpd,然后找到proftpd.conf文件并添加以下几行
 
TLSEngine on
TLSRequired on
TLSRSACertificateFile      /usr/local/etc/proftpd.pem
TLSRSACertificateKeyFile   /usr/local/etc/proftpd.pem
TLSCipherSuite ALL:!ADH:!DES
TLSOptions NoCertReques
TLSVerifyClient off
TLSRenegotiate ctrl 3600 data 512000 required off timeout 300
TLSLog /var/log/proftpd/tls.log
 
再生成证书文件
cd /usr/local/etc
openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout /usr/local/etc/proftpd.pem -out /usr/local/etc/proftpd.pem
 
再次修改proftpd.conf文件
# 'proftpd.conf' for actual use.  It establishes a single server
# and a single anonymous login.  It assumes that you have a user/group
# "nobody" and "ftp" for normal operation and anon.
 
ServerName                      "ProFTPD Default Installation"
ServerType                      standalone
DefaultServer                   on
 
# Port 21 is the standard FTP port.
Port       990                         修改监听端口
 
# Don't use IPv6 support by default.
UseIPv6                         off
 
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask                           022
 
# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd).
MaxInstances                    30
 
# Set the user and group under which the server will run.
User                   ftp            配置启动proftpd的用户
Group                   users   
 
# To cause every FTP user to be "jailed" (chrooted) into their home
# directory, uncomment this line.
DefaultRoot /data/test                指定ftp登录进来后的根目录
 
# Normally, we want files to be overwriteable.
AllowOverwrite          on
 
TLSEngine  on           开启TLS
TLSRequired  on        连接必须用TLS
TLSRSACertificateFile      /usr/local/etc/proftpd.pem             指定证书文件
TLSRSACertificateKeyFile   /usr/local/etc/proftpd.pem           指定证书key文件
TLSCipherSuite  ALL:!ADH:!DES
TLSOptions  NoCertRequest
TLSVerifyClient  off
TLSRenegotiate  ctrl 3600 data 512000 required off timeout 300
TLSLog  /var/log/proftpd/tls.log
 
# Bar use of SITE CHMOD by default
<Limit SITE_CHMOD>
  DenyAll
</Limit>
 
# A basic anonymous configuration, no upload directories.  If you do not
# want anonymous users, simply delete this entire <Anonymous> section.
<Anonymous ~ftp>
  User                          ftp
  Group                         ftp
 
  # We want clients to be able to login with "anonymous" as well as "ftp"
  UserAlias                     anonymous ftp
 
  # Limit the maximum number of anonymous logins
  MaxClients                    10
 
  # We want 'welcome.msg' displayed at login, and '.message' displayed
  # in each newly chdired directory.
  DisplayLogin                  welcome.msg
  DisplayChdir                  .message
 
  # Limit WRITE everywhere in the anonymous chroot
  <Limit WRITE>
    DenyAll
  </Limit>
</Anonymous>
 
  <Limit LOGIN>
   DenyUser !ftp        禁止除ftp以外的用户登录ftp server
  </Limit>
 
PassivePorts 9900 9930         指定passive模式所用端口
ExtendedLog /var/log/proftpd/access.log WRITE,READ default         
ExtendedLog /var/log/proftpd/auth.log AUTH auth
 
 
创建启动脚本
cd /sbin/init.d
vi proftpd
 
#!/bin/sh  
 
FTPD_BIN=/usr/local/proftpd/sbin/proftpd  
 
FTPD_CONF=/usr/local/proftpd/etc/proftpd.conf  
 
PIDFILE=/usr/local/proftpd/var/proftpd.pid  
 
if [ -f $PIDFILE ]; then  
 
pid=`cat $PIDFILE`  
 
fi  
 
if [ ! -x $FTPD_BIN ]; then  
 
echo "$0: $FTPD_BIN: cannot execute"  
 
exit 1  
 
fi  
 
case $1 in  
 
start)  
 
if [ -n "$pid" ]; then  
 
echo "$0: proftpd [PID $pid] already running"  
 
exit  
 
fi  
 
if [ -r $FTPD_CONF ]; then  
 
echo "Starting proftpd..."  
 
$FTPD_BIN -c $FTPD_CONF  
 
else  
 
echo "$0: cannot start proftpd -- $FTPD_CONF missing"  
 
fi  
 
;;  
 
stop)  
 
if [ -n "$pid" ]; then  
 
echo "Stopping proftpd..."  
 
kill -TERM $pid  
 
else  
 
echo "$0: proftpd not running"  
 
exit 1  
 
fi  
 
;;  
 
restart)  
 
if [ -n "$pid" ]; then  
 
echo "Rehashing proftpd configuration"  
 
kill -HUP $pid  
 
else  
 
echo "$0: proftpd not running"  
 
exit 1  
 
fi  
 
;;  
 
*)  
 
echo "usage: $0 {start|stop|restart}"  
 
exit 1  
 
;;  
 
esac  
 
exit 0  
 
保存文件后chmod 600 proftpd
现在可以通过脚本启动、停止、重启proftpd
./proftpd start |stop |restart
 
使用ftp客户端软件通过显示的ftp over TLS连接到proftpd
 
(免责声明:文章内容如涉及作品内容、版权和其它问题,请及时与我们联系,我们将在第一时间删除内容,文章内容仅供参考)
收藏

上一篇:Ubuntu11.10无法打开softer center(软件中心)和language support的解决

下一篇:Linux shell变量数学运算

相关知识

软件推荐

更多 >

游戏推荐

更多 >

精选栏目

热门推荐

  • 人气文章
  • 最新文章
  • 下载排行榜
  • 热门排行榜

手机游戏

手机软件

电脑软件

猜你喜欢

通讯 低息 角色扮演 招聘 竞技 战国 养成 沙盒 手机赚钱 个人借贷 购物 模拟 节奏 系统 回合 WIFI 恋爱 魔幻 母婴 传奇 三国 二次元 视频 策略 街机 财经 网贷借钱 辅助 角色 抢红包 放置 趣味 唱歌 挂机 摄像 区块链 医疗 学习 武侠 360 闯关 吃鸡 影音 宫斗 冒险 摄影 导航 旅游 儿童 投屏

本站所有软件来自互联网,版权归原著所有。如有侵权,敬请来信告知,我们将及时撤销。

知识屋 www.zhishiwu.com 更实用的电脑技术知识网站

苏ICP备14019037号-7