Hi
I played aroung with securing proftpd today. It works now on my Debian Sarge installation.
Here what I have done so far:
First create the needed certificates:
Code:
openssl req -new -x509 -days 3650 -nodes -out /etc/ssl/certs/proftpd.cert.pem \
-keyout /etc/ssl/certs/proftpd.key.pem
Next edit /etc/proftpd.conf:
Code:
TLSEngine on
TLSLog /var/log/proftpd/tls.log
TLSProtocol SSLv3
TLSOptions NoCertRequest
TLSRSACertificateFile /etc/ssl/certs/proftpd.cert.pem
TLSRSACertificateKeyFile /etc/ssl/certs/proftpd.key.pem
TLSVerifyClient off
Now you should be able to connect to your server from himself (for testing install ftp-ssl and try out ftp -z secure localhost).
Next we have to edit /etc/proftpd_ispconfig. Add the following lines within the VirtualHost part.
Code:
TLSEngine on
TLSRSACertificateFile /etc/ssl/certs/proftpd.cert.pem
TLSRSACertificateKeyFile /etc/ssl/certs/proftpd.key.pem
/etc/proftpd_ispconfig should look like this:
Code:
###################################
#
# ISPConfig proftpd Configuration File
# Version 1.0
#
###################################
DefaultAddress 127.0.0.1
<VirtualHost your_ip>
DefaultRoot ~
AllowOverwrite on
Umask 002
TLSEngine on
TLSRSACertificateFile /etc/ssl/certs/proftpd.cert.pem
TLSRSACertificateKeyFile /etc/ssl/certs/proftpd.key.pem
</VirtualHost>
Hope it works for you too.
Bernd