LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Software (https://www.linuxquestions.org/questions/linux-software-2/)
-   -   ProfFTPd & mod_tls (https://www.linuxquestions.org/questions/linux-software-2/profftpd-and-mod_tls-97446/)

BedriddenTech 09-27-2003 06:22 AM

ProfFTPd & mod_tls
 
Hello,

I successfully compiled proftpd with mod_tls.c and am now trying to configure FTP over SSL. proftpd.org does, in their directives manual, however, not show me more than "FIXME"s, and so I am asking here:
What I want to accomplish is clear: proftpd should ONLY accept SSL connections an reject the standard ones. The directives under <Ifmodule mod_tls.c> seem no to work since I'm neither able to establish an explicit, nor an implicit connection. SFTP over SSLv2 works, but in mod_tls.c README it says, that this is no longer supportet - I'm a bit confused right now.

So how to configure proftpd to reject standard connections wich are not secured, and how to set up mod_tls...?

Osten 09-28-2003 10:02 PM

Hello, this works fine for me:

Code:

<IfModule mod_tls.c>
        TLSEngine on
        TLSLog /var/ftpd/tls.log
        TLSProtocol TLSv1
       
        # Are clients required to use FTP over TLS when talking to this server?
        TLSRequired on
       
        # Server's certificate
        TLSRSACertificateFile /etc/certs/proftpd.pem
        TLSRSACertificateKeyFile /etc/certs/proftpd.pem
       
        # Authenticate clients that want to use FTP over TLS?
        TLSVerifyClient off
</IfModule>

I connected with FlashFXP and FileZilla. Use "Auth TLS".

BedriddenTech 09-30-2003 10:06 AM

Thanks a lot, but how do I generate certificates?

Osten 09-30-2003 12:23 PM

I have made a little script that i use.. just make sure that you have openssl installed.

Code:

#!/bin/sh

echo ""
echo "Creating self-signed certificate and RSA private key"
echo "===================================================="

touch proftpd.pem
chmod 600 proftpd.pem
openssl req -new -x509 -nodes -days 365 -out proftpd.pem -keyout proftpd.pem

echo "===================================================="
echo "Output sent to [ proftpd.pem ]"
echo ""

edited:
Of course you can just enter the lines directly in the shell if you want. :)

BedriddenTech 09-30-2003 01:07 PM

My thanks :-)) -

Hm, ProFTPd keeps complaining "500 AUTH not understood":

Code:

Response:        220 ProFTPD 1.2.8 Server (HITOMI) [hitomi.veith-m.ath.cx]
Command:        AUTH SSL
Response:        500 AUTH not understood

EDIT: Upgraded to the patched version (because of the exploit) and now it works fine. Suspicios... :scratch:

Donboy 10-06-2003 10:53 PM

ProFTPd was installed on my machine from an RPM. I don't know if mod_tls was complied with it or not. Is there a way I can find out?

If I want to build the tls module into my ProFTPd installation, can I just download the source (of the same version I'm running) and do a ./configure and make to include mod_tls? Is that a good way to do it?

Osten 10-07-2003 12:28 AM

add
Code:

TLSEngine on
and if proftpd starts without complaining you should have it installed i guess.

Installation tips:
Code:

./configure --with-modules=mod_tls
make
make install

Make sure that you have installed OpenSSL with headerfiles and library files..
if you have OpenSSL installed but "make" fails, try this:
Code:

./configure --with-modules=mod_tls \
    --with-includes=/usr/local/openssl/include \
    --with-libraries=/usr/local/openssl

or wherevever you installed openssl.. :)

BedriddenTech 10-07-2003 09:14 AM

Run "proftpd -l" (an "el"), it shows you a list of build-in modules, that should answer your question, too. :)


All times are GMT -5. The time now is 05:55 AM.