Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > Tips/Tricks/Mods

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 6th November 2006, 22:46
tom tom is offline
Senior Member
 
Join Date: Apr 2006
Posts: 492
Thanks: 8
Thanked 8 Times in 7 Posts
Default Secure proftp by using tls

I'm wondering myself why proftp with tls is not standard in ISPconfig but I'm verry interested how to make the ftp connection secure. All password passwords are sended as plaintext. Right?

Do you now a good howto for making proftp secure by using tls?
Reply With Quote
Sponsored Links
  #2  
Old 7th November 2006, 01:01
tom tom is offline
Senior Member
 
Join Date: Apr 2006
Posts: 492
Thanks: 8
Thanked 8 Times in 7 Posts
Default

Ok, I just worked it out:

Make your proftp secure by using tls

# look for compiled moduls:
/usr/sbin/proftpd -l
Quote:
Compiled-in modules:

mod_tls.c
--
# if not --> compile proftp with tls :
Quote:
./configure --with-modules=mod_tls
make
make install
--

# create ssl-certificate
Quote:
mkdir /etc/ssl_proftp
openssl genrsa 1024 > host.key
chmod 400 host.key
openssl req -new -x509 -nodes -sha1 -days 365 -key host.key > host.cert
# change proftpd.conf tls according to
Quote:
vi /etc/proftpd.conf
...
Quote:
# TLS
<IfModule mod_tls.c>
TLSEngine on
TLSLog /var/log/proftpd/proftpd_tls.log
TLSProtocol TLSv1
TLSRequired off
TLSVerifyClient off
TLSRSACertificateFile /etc/ssl_proftp/host.cert
TLSRSACertificateKeyFile /etc/ssl_proftp/host.key
</IfModule>


# restart proftp
/etc/init.d/proftpd restart

# The ftpclient (with the abillity to use tls) should show that while connecting:
Quote:
...
211-AUTH TLS
...
## that’s all :-)
Info:
Syntax: TLSRequired on|off|ctrl|data
#Don't use a specific ssl certificate. To start you shold use that
TLSRequired off

# Require SSL/TLS on the control channel, so that passwords are not sent
# in the clear.
TLSRequired ctrl

# Require SSL/TLS on both channels.
TLSRequired on

Last edited by tom; 7th November 2006 at 20:04.
Reply With Quote
The Following User Says Thank You to tom For This Useful Post:
SupuS (4th September 2007)
  #3  
Old 7th November 2006, 11:40
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 35,486
Thanks: 813
Thanked 5,256 Times in 4,121 Posts
Default

Thanks for the Howto. I moved it to the Tips & Tricks forum.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #4  
Old 6th August 2008, 14:09
tom.1 tom.1 is offline
Junior Member
 
Join Date: Oct 2006
Posts: 1
Thanks: 0
Thanked 1 Time in 1 Post
 
Exclamation Make it work with ISPConfig

Since this post regards ISPConfig someone should mention that the
<IfModule mod_tls.c>
...
</IfModule>
should be written into /etc/proftpd_ispconfig.conf

To make it really work you should add
PassivePorts 60000 60100
(or any range you like) before <IfModule mod_tls.c> and open the respective ports in your firewall.

The background is, that the firewall can't inspect the encrypted traffic and therefore can't determine the passive ports the filetransfer will take (and hence can't open them). With the above settings you will force proftpd to take the specified ports which you opened in the firewall.

At least that's the way that finally worked for me.
Reply With Quote
The Following User Says Thank You to tom.1 For This Useful Post:
falko (7th August 2008)
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
postfix TLS problem - please help! ryanhs HOWTO-Related Questions 17 3rd March 2007 01:55
SASL and TLS problems with Postfix on Ubuntu fish HOWTO-Related Questions 13 7th October 2006 13:47
proFTP config latcarf Server Operation 18 4th October 2006 01:24
Needing to restart proftp weekly? dabro General 1 20th June 2006 13:48
SMTP TLS Problem with Mail Client dschmid Installation/Configuration 1 9th December 2005 01:56


All times are GMT +2. The time now is 05:22.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.