如何配置proftpd使用FTPS(FTP over SSL/TLS)
proftpd是一个Linux下的多功能ftp服务器软件。官网见:http://www.proftpd.org/而FTPS是一个有安全机制的FTP协议,有相应的标准(RFC 4217 http://www.faqs.org/rfcs/rfc4217.html )。
使用源代码安装proftpd
# cd /usr/src
# wget ftp://ftp.proftpd.org/distrib/source/proftpd-1.2.10.tar.gz
# tar -xvzf proftpd-1.2.10.tar.gz
# cd proftpd-1.2.10
编译之前要确定自己装了以下两个包:
# apt-get install build-essential
# apt-get install libssl-dev
编译的时候加上mod_tls这个模块:
# ./configure --with-modules=mod_tls
# make
# make install
安装成功后查看proftpd是否已经安装好了这个模块:
# proftpd -l
Compiled-in modules:
mod_core.c
mod_xfer.c
mod_auth_unix.c
mod_auth_file.c
mod_auth.c
mod_ls.c
mod_log.c
mod_site.c
mod_tls.c
mod_cap.c
告诉proftpd应该使用哪个配置文件:
# /usr/local/sbin/proftpd -c /usr/local/etc/proftpd.conf
启动了proftp之后可以做以下简单测试:
# ftp localhost
Connected to localhost.localdomain.
220 ProFTPD 1.2.10 Server (ProFTPD Default Installation)
Name (localhost:troublenow): troublenow
331 Password required for troublenow.
Password:
230 User troublenow logged in.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
200 PORT command successful
150 Opening ASCII mode data connection for file list
226 Transfer complete.
ftp> quit
221 Goodbye.
测试好了之后把proftpd的进程杀死,进行SSL/TLS的配置:
Create SSL Keys
Now lets create a self signed certificate and put that in /usr/local/etc/ftpcert/.
# cd /usr/local/etc/
# mkdir ftpcert
# cd ftpcert/
# openssl genrsa 1024 > host.key
# chmod 400 host.key
# openssl req -new -x509 -nodes -sha1 -days 365 -key host.key > host.cert
下面会出现一些提示,用来加密证书,但是都可以按照默认,一路回车:
-----
Country Name (2 letter code) :
State or Province Name (full name) :
Locality Name (eg, city) []:
Organization Name (eg, company) :
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:
Email Address []:
Configure Proftpd
I will log everything in /var/log/ftpd so first we will need to create that directory,设置日志目录:
# mkdir /var/log/ftpd
关键:把配置文件/usr/local/etc/proftpd.conf中的内容更换为下面的内容:
ServerName "test FTP server"
ServerType standalone
DefaultServer on
Port 21
Umask 022
AllowStoreRestart on
AllowRetrieveRestart on
AllowForeignAddress on
LogFormat default "%h %l %u %t \"%r\" %s %b"
LogFormat auth "%v [%P] %h %t \"%r\" %s"
LogFormat write "%h %l %u %t \"%r\" %s %b"
DefaultTransferMode binary
UseFtpUsers on
MaxInstances 30
User nobody
Group nogroup
DefaultRoot ~
AllowOverwrite on
PassivePorts 59000 59999
DefaultRoot ~
AllowOverwrite on
TransferLog /var/log/ftpd/xferlog
ExtendedLog /var/log/ftpd/access.log WRITE,READ write
ExtendedLog /var/log/ftpd/auth.log AUTH auth
ExtendedLog /var/log/ftpd/paranoid.log ALL default
TLSEngine on
TLSLog /var/log/ftpd/tls.log
TLSProtocol SSLv23
TLSRequired on
TLSVerifyClient off
TLSRSACertificateFile /usr/local/etc/ftpcert/host.cert
TLSRSACertificateKeyFile /usr/local/etc/ftpcert/host.key
至于这些参数具体是什么意思,可以去在线的文章(http://proftpd.mirror.facebook.com/docs/contrib/mod_tls.html)看。
然后启动proftpd
在windows平台下使用flashfxp/filezilla连接(使用显式的ftps)。连接后会弹出一个证书,询问你是否信任这个站点,接受即可。
在linux下,可以用lftp这个客户端登陆ftps,我会在下篇文章中写出如何使用。
页:
[1]