LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 09-27-2003, 06:22 AM   #1
BedriddenTech
Member
 
Registered: Aug 2003
Distribution: Slackware 9.1, 10; FreeBSD 5.2.1; Fedora Core 2; SuSE 9.1
Posts: 44

Rep: Reputation: 15
Question ProfFTPd & mod_tls


Hello,

I successfully compiled proftpd with mod_tls.c and am now trying to configure FTP over SSL. proftpd.org does, in their directives manual, however, not show me more than "FIXME"s, and so I am asking here:
What I want to accomplish is clear: proftpd should ONLY accept SSL connections an reject the standard ones. The directives under <Ifmodule mod_tls.c> seem no to work since I'm neither able to establish an explicit, nor an implicit connection. SFTP over SSLv2 works, but in mod_tls.c README it says, that this is no longer supportet - I'm a bit confused right now.

So how to configure proftpd to reject standard connections wich are not secured, and how to set up mod_tls...?
 
Old 09-28-2003, 10:02 PM   #2
Osten
Member
 
Registered: Sep 2003
Posts: 33

Rep: Reputation: 15
Smile

Hello, this works fine for me:

Code:
<IfModule mod_tls.c>
	TLSEngine on
	TLSLog /var/ftpd/tls.log
	TLSProtocol TLSv1
	
	# Are clients required to use FTP over TLS when talking to this server?
	TLSRequired on
	
	# Server's certificate
	TLSRSACertificateFile /etc/certs/proftpd.pem
	TLSRSACertificateKeyFile /etc/certs/proftpd.pem
	
	# Authenticate clients that want to use FTP over TLS?
	TLSVerifyClient off
</IfModule>
I connected with FlashFXP and FileZilla. Use "Auth TLS".
 
Old 09-30-2003, 10:06 AM   #3
BedriddenTech
Member
 
Registered: Aug 2003
Distribution: Slackware 9.1, 10; FreeBSD 5.2.1; Fedora Core 2; SuSE 9.1
Posts: 44

Original Poster
Rep: Reputation: 15
Thanks a lot, but how do I generate certificates?
 
Old 09-30-2003, 12:23 PM   #4
Osten
Member
 
Registered: Sep 2003
Posts: 33

Rep: Reputation: 15
I have made a little script that i use.. just make sure that you have openssl installed.

Code:
#!/bin/sh

echo ""
echo "Creating self-signed certificate and RSA private key"
echo "===================================================="

touch proftpd.pem
chmod 600 proftpd.pem
openssl req -new -x509 -nodes -days 365 -out proftpd.pem -keyout proftpd.pem

echo "===================================================="
echo "Output sent to [ proftpd.pem ]"
echo ""
edited:
Of course you can just enter the lines directly in the shell if you want.

Last edited by Osten; 09-30-2003 at 12:26 PM.
 
Old 09-30-2003, 01:07 PM   #5
BedriddenTech
Member
 
Registered: Aug 2003
Distribution: Slackware 9.1, 10; FreeBSD 5.2.1; Fedora Core 2; SuSE 9.1
Posts: 44

Original Poster
Rep: Reputation: 15
My thanks :-)) -

Hm, ProFTPd keeps complaining "500 AUTH not understood":

Code:
Response:	220 ProFTPD 1.2.8 Server (HITOMI) [hitomi.veith-m.ath.cx]
Command:	AUTH SSL
Response:	500 AUTH not understood
EDIT: Upgraded to the patched version (because of the exploit) and now it works fine. Suspicios...

Last edited by BedriddenTech; 09-30-2003 at 03:20 PM.
 
Old 10-06-2003, 10:53 PM   #6
Donboy
Member
 
Registered: Aug 2003
Location: Little Rock, Arkansas
Distribution: RH, Fedora, Suse, AIX
Posts: 736

Rep: Reputation: 31
ProFTPd was installed on my machine from an RPM. I don't know if mod_tls was complied with it or not. Is there a way I can find out?

If I want to build the tls module into my ProFTPd installation, can I just download the source (of the same version I'm running) and do a ./configure and make to include mod_tls? Is that a good way to do it?
 
Old 10-07-2003, 12:28 AM   #7
Osten
Member
 
Registered: Sep 2003
Posts: 33

Rep: Reputation: 15
add
Code:
TLSEngine on
and if proftpd starts without complaining you should have it installed i guess.

Installation tips:
Code:
./configure --with-modules=mod_tls
make
make install
Make sure that you have installed OpenSSL with headerfiles and library files..
if you have OpenSSL installed but "make" fails, try this:
Code:
./configure --with-modules=mod_tls \
    --with-includes=/usr/local/openssl/include \
    --with-libraries=/usr/local/openssl
or wherevever you installed openssl..

Last edited by Osten; 10-07-2003 at 12:34 AM.
 
Old 10-07-2003, 09:14 AM   #8
BedriddenTech
Member
 
Registered: Aug 2003
Distribution: Slackware 9.1, 10; FreeBSD 5.2.1; Fedora Core 2; SuSE 9.1
Posts: 44

Original Poster
Rep: Reputation: 15
Run "proftpd -l" (an "el"), it shows you a list of build-in modules, that should answer your question, too.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Building Proftp with mod_tls problem Led*Zep Linux - General 0 10-20-2005 06:19 AM
Japanese canna won't work : Warning: &#12363;&#12394;&#28450;&#23383;&#22793;&am OrganicOrange84 Debian 3 06-30-2005 02:28 PM
Ph&#7909;c h&#7891;i d&#7919; li&#7879;u b&#7883; m&#7845;t???, c&#7913; pollsite General 1 06-27-2005 12:39 PM
make problems with ProFTPD with mod_tls on RedHat 9 Osten Linux - Software 0 09-28-2003 09:51 PM
ProfFtpd bnumark Linux - Software 3 08-21-2003 09:53 PM


All times are GMT -5. The time now is 02:38 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration