Comments on Setting Up ProFTPd + TLS On Debian Lenny
Setting Up ProFTPd + TLS On Debian Lenny FTP is a very insecure protocol because all passwords and all data are transferred in clear text. By using TLS, the whole communication can be encrypted, thus making FTP much more secure. This article explains how to set up ProFTPd with TLS on a Debian Lenny server.
3 Comment(s)
Comments
An update. I was getting this error message whenever I tried to connect from the internet. I could connect via lan fine.
"Server sent passive reply with unroutable address. Using server address instead."
You have to set the PassivePorts directive in proftpd.conf, forward the same ports on your router and also configure to use the same ports in your ftp program.
Example (add this to proftpd.conf):
PassivePorts 6000 7000
Forward ports 6000-7000 in your router to your server.
Configure your ftp client to use passive ports 6000-7000.
Josh
Great article! Followed your instructions and had TLS up and running in 10 minutes! Configured on Fedora 10 and worked great.
Josh
Rocky Mountain Computer
http://www.rockymountaincomputers.com
Hi
I follow the tutorial, and it works fine. However when I try to use a certificate from GoDaddy, it doesn't work properly, still didn't recognize the certificate.
I use this setting:
<IfModule mod_tls.c>
TLSEngine on
TLSLog /var/log/proftpd/tls.log
TLSProtocol SSLv23
TLSOptions NoCertRequest
# Are clients required to use FTP over TLS when talking to this server?
TLSRequired on
# Server's certificate
TLSRSACertificateFile /etc/proftpd/ssl/server.crt
TLSRSACertificateKeyFile /etc/proftpd/ssl/server.key
TLSCACertificatePath /etc/proftpd/ca/
# Authenticate clients that want to use FTP over TLS?
TLSVerifyClient off
</IfModule>
Could some body tell me what I made wrong.
The cerfiticate is signed by GoDaddy.