Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 17th January 2006, 22:50
heftigrat heftigrat is offline
Member
 
Join Date: Jan 2006
Location: Chicago, IL
Posts: 62
Thanks: 0
Thanked 0 Times in 0 Posts
Default How do you properly enable TLS for proftpd?

Um, see subject.

TLSEngine is "on" in "/etc/proftpd.conf"
Reply With Quote
Sponsored Links
  #2  
Old 18th January 2006, 12:38
till till is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 34,586
Thanks: 792
Thanked 4,983 Times in 3,903 Posts
Default

Hvae you created the SSL Certs for proftpd? Did you get any errors when you restart proftpd or try to connect with TLS?
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 18th January 2006, 19:34
heftigrat heftigrat is offline
Member
 
Join Date: Jan 2006
Location: Chicago, IL
Posts: 62
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by till
Hvae you created the SSL Certs for proftpd? Did you get any errors when you restart proftpd or try to connect with TLS?
I thought the certs were already created. No errs on restarting proftpd, but when trying to FTP using TLS I get the following error:
Code:
AUTH TLS  
500 AUTH not understood  
SER user  
331 Password required for user.  
PASS **********  
230 User user logged in.
Reply With Quote
  #4  
Old 18th January 2006, 19:38
heftigrat heftigrat is offline
Member
 
Join Date: Jan 2006
Location: Chicago, IL
Posts: 62
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Well, I can finally connect. I had the wrong setting in my FTP client (changed from "AUTH TLS" to "SSH/FTPS".

However, the user is not in a '~' jail. How do I fix this?

EDIT: Ah, it's just like an ssh session. Whoops! So I still need TLS to work, which it doesn't currently.

Last edited by heftigrat; 18th January 2006 at 19:44.
Reply With Quote
  #5  
Old 18th January 2006, 20:10
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 41,711
Thanks: 1,899
Thanked 2,702 Times in 2,545 Posts
Default

Quote:
Originally Posted by heftigrat
However, the user is not in a '~' jail. How do I fix this?
Put
Code:
DefaultRoot ~
into /etc/proftpd.conf and restart ProFTPD.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #6  
Old 18th January 2006, 23:48
heftigrat heftigrat is offline
Member
 
Join Date: Jan 2006
Location: Chicago, IL
Posts: 62
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by falko
Put
Code:
DefaultRoot ~
into /etc/proftpd.conf and restart ProFTPD.
Well, that would do it, but I figured out I was connecting over an SSH tunnel. "DefaultRoot ~" is in "/etc/proftpd_ispconfig.conf", which is included in "/etc/proftpd.conf". I still can't connect with TLS though.
Reply With Quote
  #7  
Old 19th January 2006, 10:13
till till is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 34,586
Thanks: 792
Thanked 4,983 Times in 3,903 Posts
Default

Does you proftpd.conf contain these liens:

Code:
TLSEngine				on
TLSLog 					/var/log/tls.log
TLSProtocol				SSLv23
TLSOptions				NoCertRequest
TLSRSACertificateFile			/etc/ssl/certs/proftpd.cert.pem
TLSRSACertificateKeyFile		/etc/ssl/certs/proftpd.key.pem
TLSVerifyClient				off
The lines may vary a bit, depending on your linux distribution.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #8  
Old 20th January 2006, 16:31
heftigrat heftigrat is offline
Member
 
Join Date: Jan 2006
Location: Chicago, IL
Posts: 62
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Nope, it certainly did not. I added those lines but I need to create the ".pem" files (I already did a "locate *.pem" and got nothing). Is there a method I should follow? Thanks!!!
Reply With Quote
  #9  
Old 20th January 2006, 16:46
till till is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 34,586
Thanks: 792
Thanked 4,983 Times in 3,903 Posts
Default

Quote:
Originally Posted by heftigrat
Nope, it certainly did not. I added those lines but I need to create the ".pem" files (I already did a "locate *.pem" and got nothing). Is there a method I should follow? Thanks!!!
please use this command to generate the SSL certificates.

Code:
openssl req -new -x509 -days 365 -nodes  -out /etc/ssl/certs/proftpd.cert.pem -keyout /etc/ssl/certs/proftpd.key.pem
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #10  
Old 20th January 2006, 17:28
heftigrat heftigrat is offline
Member
 
Join Date: Jan 2006
Location: Chicago, IL
Posts: 62
Thanks: 0
Thanked 0 Times in 0 Posts
 
Default

Thanks. Did that, but I'm still getting this error:
Code:
AUTH TLS  
500 AUTH not understood  
SER user  
331 Password required for user.
I'm using CoreFTP with the attached as connection settings.

EDIT: I did also restart the proftp daemon.
Code:
/etc/init.d/proftpd restart
Attached Images
 

Last edited by heftigrat; 20th January 2006 at 17:32.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
ERROR: The PHP binary coming with ISPConfig does not work properly on your system! qvindesland Installation/Configuration 22 21st May 2007 16:05
Enable PAE on SMP kernel domino Kernel Questions 4 9th April 2007 23:10
The PHP binary coming with ISPConfig does not work properly on your system! lykos Installation/Configuration 3 1st April 2006 07:53
ERROR: The PHP binary coming with ISPConfig does not work properly on your system! max Installation/Configuration 6 13th January 2006 22:07
mysqlcheck has found corrupt tables m u r Installation/Configuration 1 18th August 2005 10:47


All times are GMT +2. The time now is 11:13.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.