View Single Post
  #2  
Old 7th November 2006, 01:01
tom tom is offline
Senior Member
 
Join Date: Apr 2006
Posts: 492
Thanks: 8
Thanked 8 Times in 7 Posts
Default

Ok, I just worked it out:

Make your proftp secure by using tls

# look for compiled moduls:
/usr/sbin/proftpd -l
Quote:
Compiled-in modules:

mod_tls.c
--
# if not --> compile proftp with tls :
Quote:
./configure --with-modules=mod_tls
make
make install
--

# create ssl-certificate
Quote:
mkdir /etc/ssl_proftp
openssl genrsa 1024 > host.key
chmod 400 host.key
openssl req -new -x509 -nodes -sha1 -days 365 -key host.key > host.cert
# change proftpd.conf tls according to
Quote:
vi /etc/proftpd.conf
...
Quote:
# TLS
<IfModule mod_tls.c>
TLSEngine on
TLSLog /var/log/proftpd/proftpd_tls.log
TLSProtocol TLSv1
TLSRequired off
TLSVerifyClient off
TLSRSACertificateFile /etc/ssl_proftp/host.cert
TLSRSACertificateKeyFile /etc/ssl_proftp/host.key
</IfModule>


# restart proftp
/etc/init.d/proftpd restart

# The ftpclient (with the abillity to use tls) should show that while connecting:
Quote:
...
211-AUTH TLS
...
## that’s all :-)
Info:
Syntax: TLSRequired on|off|ctrl|data
#Don't use a specific ssl certificate. To start you shold use that
TLSRequired off

# Require SSL/TLS on the control channel, so that passwords are not sent
# in the clear.
TLSRequired ctrl

# Require SSL/TLS on both channels.
TLSRequired on

Last edited by tom; 7th November 2006 at 20:04.
Reply With Quote