17th January 2006, 22:50
|
|
Member
|
|
Join Date: Jan 2006
Location: Chicago, IL
Posts: 62
Thanks: 0
Thanked 0 Times in 0 Posts
|
|
How do you properly enable TLS for proftpd?
Um, see subject. 
TLSEngine is "on" in "/etc/proftpd.conf"
|
18th January 2006, 12:38
|
|
Super Moderator
|
|
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 32,071
Thanks: 697
Thanked 4,249 Times in 3,261 Posts
|
|
Hvae you created the SSL Certs for proftpd? Did you get any errors when you restart proftpd or try to connect with TLS?
|
18th January 2006, 19:34
|
|
Member
|
|
Join Date: Jan 2006
Location: Chicago, IL
Posts: 62
Thanks: 0
Thanked 0 Times in 0 Posts
|
|
Quote:
|
Originally Posted by till
Hvae you created the SSL Certs for proftpd? Did you get any errors when you restart proftpd or try to connect with TLS?
|
I thought the certs were already created. No errs on restarting proftpd, but when trying to FTP using TLS I get the following error:
Code:
AUTH TLS
500 AUTH not understood
SER user
331 Password required for user.
PASS **********
230 User user logged in.
|
18th January 2006, 19:38
|
|
Member
|
|
Join Date: Jan 2006
Location: Chicago, IL
Posts: 62
Thanks: 0
Thanked 0 Times in 0 Posts
|
|
Well, I can finally connect. I had the wrong setting in my FTP client (changed from "AUTH TLS" to "SSH/FTPS".
However, the user is not in a '~' jail. How do I fix this?
EDIT: Ah, it's just like an ssh session. Whoops! So I still need TLS to work, which it doesn't currently.
Last edited by heftigrat; 18th January 2006 at 19:44.
|
18th January 2006, 20:10
|
|
Super Moderator
|
|
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,685
Thanks: 1,899
Thanked 2,600 Times in 2,449 Posts
|
|
Quote:
|
Originally Posted by heftigrat
However, the user is not in a '~' jail. How do I fix this?
|
Put into /etc/proftpd.conf and restart ProFTPD.
|
18th January 2006, 23:48
|
|
Member
|
|
Join Date: Jan 2006
Location: Chicago, IL
Posts: 62
Thanks: 0
Thanked 0 Times in 0 Posts
|
|
Quote:
|
Originally Posted by falko
Put into /etc/proftpd.conf and restart ProFTPD. |
Well, that would do it, but I figured out I was connecting over an SSH tunnel. "DefaultRoot ~" is in "/etc/proftpd_ispconfig.conf", which is included in "/etc/proftpd.conf". I still can't connect with TLS though.
|
19th January 2006, 10:13
|
|
Super Moderator
|
|
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 32,071
Thanks: 697
Thanked 4,249 Times in 3,261 Posts
|
|
Does you proftpd.conf contain these liens:
Code:
TLSEngine on
TLSLog /var/log/tls.log
TLSProtocol SSLv23
TLSOptions NoCertRequest
TLSRSACertificateFile /etc/ssl/certs/proftpd.cert.pem
TLSRSACertificateKeyFile /etc/ssl/certs/proftpd.key.pem
TLSVerifyClient off
The lines may vary a bit, depending on your linux distribution.
|
20th January 2006, 16:31
|
|
Member
|
|
Join Date: Jan 2006
Location: Chicago, IL
Posts: 62
Thanks: 0
Thanked 0 Times in 0 Posts
|
|
Nope, it certainly did not. I added those lines but I need to create the ".pem" files (I already did a "locate *.pem" and got nothing). Is there a method I should follow? Thanks!!!
|
20th January 2006, 16:46
|
|
Super Moderator
|
|
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 32,071
Thanks: 697
Thanked 4,249 Times in 3,261 Posts
|
|
Quote:
|
Originally Posted by heftigrat
Nope, it certainly did not. I added those lines but I need to create the ".pem" files (I already did a "locate *.pem" and got nothing). Is there a method I should follow? Thanks!!!
|
please use this command to generate the SSL certificates.
Code:
openssl req -new -x509 -days 365 -nodes -out /etc/ssl/certs/proftpd.cert.pem -keyout /etc/ssl/certs/proftpd.key.pem
|
20th January 2006, 17:28
|
|
Member
|
|
Join Date: Jan 2006
Location: Chicago, IL
Posts: 62
Thanks: 0
Thanked 0 Times in 0 Posts
|
|
Thanks. Did that, but I'm still getting this error:
Code:
AUTH TLS
500 AUTH not understood
SER user
331 Password required for user.
I'm using CoreFTP with the attached as connection settings.
EDIT: I did also restart the proftp daemon.
Code:
/etc/init.d/proftpd restart
Last edited by heftigrat; 20th January 2006 at 17:32.
|
| Thread Tools |
|
|
| Display Modes |
 Linear Mode
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT +2. The time now is 04:44.
|
English | 
Deutsch
Recent comments
12 hours 18 min ago
13 hours 18 min ago
17 hours 5 min ago
18 hours 19 min ago
21 hours 55 min ago
1 day 5 hours ago
1 day 14 hours ago
1 day 15 hours ago
2 days 6 hours ago
2 days 9 hours ago