|
ProFTPD Over SSL/TLS
2015/01/17 |
|
Enable SSL/TLS on ProFTPD.
|
|
| [1] | Configure for SSL/TLS. |
|
[root@www ~]# cd /etc/pki/tls/certs [root@www certs]# openssl req -x509 -nodes -newkey rsa:1024 -keyout /etc/pki/tls/certs/proftpd.pem -out /etc/pki/tls/certs/proftpd.pem Generating a 1024 bit RSA private key ......++++++ .......++++++ writing new private key to '/etc/pki/tls/certs/proftpd.pem' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]: JP # country State or Province Name (full name) [Some-State]: Hiroshima # state Locality Name (eg, city) []: Hiroshima # city Organization Name (eg, company) [Internet Widgits Pty Ltd]: GTS # company Organizational Unit Name (eg, section) []: Server World # department Common Name (eg, YOUR name) []: www.srv.world # server's FQDN
Email Address []:
[root@www certs]# xxx@srv.world # email address chmod 600 proftpd.pem
[root@www certs]#
vi /etc/proftpd.conf # line 176: change like follows # <IfDefine TLS>TLSEngine on TLSRequired on TLSRSACertificateFile /etc/pki/tls/certs/proftpd.pem TLSRSACertificateKeyFile /etc/pki/tls/certs/proftpd.pem TLSCipherSuite ALL:!ADH:!DES TLSOptions NoCertRequest TLSVerifyClient off TLSRenegotiate ctrl 3600 data 512000 required off timeout 33 00 TLSLog /var/log/proftpd/tls.log # <IfModule mod_tls_shmcache.c> # TLSSessionCache shm:/file=/var/run/proftpd/sesscache # </IfModule> # </IfDefine>
/etc/rc.d/init.d/proftpd restart Shutting down proftpd: [ OK ] Starting proftpd: [ OK ] |
| [2] | For ClientPCs' settings, start WinSCP and input login info like follows, then, select "explicit TLS" in "encryption" section. |
|
| [3] | Input the password for the connect user. |
|
| [4] | Just logined. |
|