proftpd是一个Linux下的多功能ftp服务器软件。官网见:http://www.proftpd.org/

而FTPS是一个有安全机制的FTP协议,有相应的标准(RFC 4217 http://www.faqs.org/rfcs/rfc4217.html )。

使用源代码安装proftpd

# cd /usr/src

# wget ftp://ftp.proftpd.org/distrib/source/proftpd-1.2.10.tar.gz

# tar -xvzf proftpd-1.2.10.tar.gz

# cd proftpd-1.2.10

编译之前要确定自己装了以下两个包:

# apt-get install build-essential

# apt-get install libssl-dev

编译的时候加上mod_tls这个模块:

# ./configure --with-modules=mod_tls

# make

# make install

安装成功后查看proftpd是否已经安装好了这个模块:

# proftpd -l

Compiled-in modules:

    mod_core.c

    mod_xfer.c

    mod_auth_unix.c

    mod_auth_file.c

    mod_auth.c

    mod_ls.c

    mod_log.c

    mod_site.c

    mod_tls.c

    mod_cap.c

告诉proftpd应该使用哪个配置文件:

# /usr/local/sbin/proftpd -c /usr/local/etc/proftpd.conf

启动了proftp之后可以做以下简单测试:

# ftp localhost

Connected to localhost.localdomain.

220 ProFTPD 1.2.10 Server (ProFTPD Default Installation) [127.0.0.1]

Name (localhost:troublenow): troublenow

331 Password required for troublenow.

Password:

230 User troublenow logged in.

Remote system type is UNIX.

Using binary mode to transfer files.

ftp> ls

200 PORT command successful

150 Opening ASCII mode data connection for file list

226 Transfer complete.

ftp> quit

221 Goodbye.

测试好了之后把proftpd的进程杀死,进行SSL/TLS的配置:

Create SSL Keys

Now lets create a self signed certificate and put that in /usr/local/etc/ftpcert/.

# cd /usr/local/etc/

# mkdir ftpcert

# cd ftpcert/

# openssl genrsa 1024 > host.key

# chmod 400 host.key

# openssl req -new -x509 -nodes -sha1 -days 365 -key host.key > host.cert

下面会出现一些提示,用来加密证书,但是都可以按照默认,一路回车:
-----
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:
Email Address []:
Configure Proftpd

I will log everything in /var/log/ftpd so first we will need to create that directory,设置日志目录:

# mkdir /var/log/ftpd

关键:把配置文件/usr/local/etc/proftpd.conf中的内容更换为下面的内容:

ServerName                      "test FTP server"
ServerType                      standalone
DefaultServer                   on

Port                            21

Umask                           022

AllowStoreRestart               on
AllowRetrieveRestart            on
AllowForeignAddress             on

LogFormat                       default "%h %l %u %t \"%r\" %s %b"
LogFormat                       auth    "%v [%P] %h %t \"%r\" %s"
LogFormat                       write   "%h %l %u %t \"%r\" %s %b"

DefaultTransferMode             binary
UseFtpUsers                     on

MaxInstances                    30

User                            nobody
Group                           nogroup

DefaultRoot                     ~

AllowOverwrite                  on
PassivePorts                    59000 59999
DefaultRoot                     ~
AllowOverwrite                  on

TransferLog                     /var/log/ftpd/xferlog
ExtendedLog                     /var/log/ftpd/access.log WRITE,READ write
ExtendedLog                     /var/log/ftpd/auth.log AUTH auth
ExtendedLog                     /var/log/ftpd/paranoid.log ALL default

TLSEngine on
TLSLog /var/log/ftpd/tls.log
TLSProtocol SSLv23
TLSRequired on
TLSVerifyClient off
TLSRSACertificateFile /usr/local/etc/ftpcert/host.cert
TLSRSACertificateKeyFile /usr/local/etc/ftpcert/host.key

至于这些参数具体是什么意思,可以去在线的文章(http://proftpd.mirror.facebook.com/docs/contrib/mod_tls.html)看。

然后启动proftpd

在windows平台下使用flashfxp/filezilla连接(使用显式的ftps)。连接后会弹出一个证书,询问你是否信任这个站点,接受即可。

在linux下,可以用lftp这个客户端登陆ftps,我会在下篇文章中写出如何使用。

posted on 2011-05-12 01:02  微型葡萄  阅读(2247)  评论(0编辑  收藏  举报