本文共 3448 字，大约阅读时间需要 11 分钟。

ProFTPD is a written for use on and Unix-a-like operating systems, there is no support for native use under Microsoft Windows.

The TLS protocol allows applications to communicate across a

in a way designed to prevent eavesdropping, tampering, and message forgery. TLS provides endpoint authentication and privacy over the Internet using cryptography. Typically, only the server is authenticated (i.e., its identity is ensured) while the client remains unauthenticated.

FTP is a very insecure protocol because all passwords and all data are transferred in clear text. By using TLS, the whole communication can be encrypted, thus making FTP much more secure. This article explains how to set up ProFTPd with TLS on a Debian Etch server.

Install ProFTPd And OpenSSL

#apt-get install proftpd openssl

You will be asked a question:

Run proftpd from inetd or standalone? <-- standalone

This will complete the installation.

Configuring proftpd

Now you need to open /etc/proftpd/proftpd.conf and change UseIPv6 from on to off; otherwise you’ll get a warning like this when you start ProFTPd

#vi /etc/proftpd/proftpd.conf

UseIPv6 off

For security reasons you can add the following lines to /etc/proftpd.conf

DefaultRoot ~

IdentLookups offServerIdent on “”

and restart Proftpd using the following command

#/etc/init.d/proftpd restart

Creating The SSL Certificate For TLS

In order to use TLS, we must create an SSL certificate. I create it in /etc/proftpd/ssl, therefore I create that directory first:

#mkdir /etc/proftpd/ssl

Afterwards, we can generate the SSL certificate as follows:

#openssl req -new -x509 -days 365 -nodes -out /etc/proftpd/ssl/proftpd.cert.pem -keyout /etc/proftpd/ssl/proftpd.key.pem

Country Name (2 letter code) [AU]: <-- Enter your Country Name (e.g., "GB").

State or Province Name (full name) [Some-State]: <-- Enter your State or Province Name.

Locality Name (eg, city) []: <-- Enter your City.

Organization Name (eg, company) [Internet Widgits Pty Ltd]: <-- Enter your Organization Name (e.g., the name of your company).

Organizational Unit Name (eg, section) []: <-- Enter your Organizational Unit Name (e.g. "IT Department").

Common Name (eg, YOUR name) []: <-- Enter the Fully Qualified Domain Name of the system (e.g. "test.example.com").

Email Address []: <-- Enter your Email Address.

Enabling TLS In ProFTPd

In order to enable TLS in ProFTPd, open /etc/proftpd/proftpd.conf and find the section beginning with

<IfModule mod_tls.c>

vi /etc/proftpd/proftpd.conf

It should look like this:

<IfModule mod_tls.c>

TLSEngine off</IfModule>

Modify it as follows

<IfModule mod_tls.c>

TLSEngine onTLSLog /var/log/proftpd/tls.logTLSProtocol SSLv23TLSOptions NoCertRequestTLSRSACertificateFile /etc/proftpd/ssl/proftpd.cert.pemTLSRSACertificateKeyFile /etc/proftpd/ssl/proftpd.key.pemTLSVerifyClient offTLSRequired on</IfModule>

If you use TLSRequired on, then only TLS connections are allowed (this locks out any users with old that don’t have TLS support); by commenting out that line or using TLSRequired off both TLS and non-TLS connections are allowed, depending on what the FTP client supports.

Restart ProFTPd using the following command

/etc/init.d/proftpd restart

That’s it. You can now try to using your FTP client; however, you should configure your FTP client to use TLS (this is a must if you use TLSRequired on).

If you’re having problems with TLS, you can take a look at the TLS log file /var/log/proftpd/tls.log.

转载地址：http://odmmb.baihongyu.com/