ftpS cu proFTPd si openSSL in Debian/Ubuntu

In Debian/Ubuntu, folosirea serverului ftpS cu proFTPd presupune urmarea pasilor de mai jos in vedea instalarii:

1. Instalam proftpd si openssl:

apt-get install proftpd openssl

2. Creem folderele unde vom face certificatele:

mkdir /etc/opt/ssl
cd /etc/opt/ssl

3. Generam certificatul SSL:

openssl req -new -x509 -days 3650 -nodes -out proftpd.cert.pem -keyout proftpd.key.pem

4. Facem enable la TLS in proftpd adaugand continutul de mai jos in /etc/proftpd/proftpd.conf:

<IfModule mod_tls.c>
 TLSEngine                  on
 TLSLog                     /var/log/proftpd/tls.log
 TLSProtocol                SSLv23
 TLSOptions                 NoCertRequest NoSessionReuseRequired AllowClientRenegotiations
 TLSRSACertificateFile      /etc/opt/ssl/proftpd.cert.pem
 TLSRSACertificateKeyFile   /etc/opt/ssl/proftpd.key.pem
 TLSVerifyClient            off
 TLSRequired                on
</IfModule>

5. Optional verificam daca modulul a fost incarcat corect:

proftpd -vv | grep tls unde trebuie sa apara: mod_tls/2.4.2

6. La final restartam proftpd:

/etc/init.d/proftpd restart

Testarea eu am facut-o din FileZilla folosind un user existent de pe sistemul pe care am instalat proftpd (NU root ca e exclus pentru conectarea prin ftp, conform /etc/ftpusers). Asadar in FileZilla conectarea ftpS se efectueaza astfel:

File-> Site Manager-> New Site.
Host: hostname
Profocol: FTP
Encryption: Require explicit FTP over TLS

Logon Type: Normal

User-> Pass-> Connect.

Leave a Reply

srv StandDuPp
Articole recente