在众多的FTP服务器中PROFTPD由于它的配置灵活,安装简便。近年来一直受到人们的喜爱。通常情况下FTP包括认证过程,传输是明文传输的,在传输一些敏感数据时总是不能让人放心。今天我在网上找了一些零散的资料结合自己的实作写了个帖子贡献给大家。
下载最新的软件版本:
#wgetftp://ftp.proftpd.org/distrib/source/proftpd-1.3.0rc3.tar.gz
首先创建ROFTPD运行的用户和组:
#groupaddnogroup
#useradd–gnogroup–d/dev/null–s/sbin/nologinnobody
首先创建上传下载的用户和组:
#groupaddftp
#useradd–gftp–d/home/down–s/sbin/nologindown
#useradd–gftp–d/home/upload–s/sbin/nologinupload
用户密码设置略
编译安装PROFRPD:
#tar–zxvfproftpd-1.3.0rc3.tar.gz
#cdproftpd-1.3.0rc3
#./configure
--prefix=/usr/local/proftpd
--sysconfdir=/etc
--enable-autoshadow
--localstatedir=/var/run
--enable-ctrls
--with-modules=mod_tls
#make
#makeinstall
配置PROFTPD服务器:
#vi/etc/proftpd.conf
================+================+=================
#ThisisabasicProFTPDconfigurationfile(renameitto
#'proftpd.conf'foractualuse.Itestablishesasingleserver
#andasingleanonymouslogin.Itassumesthatyouhaveauser/group
#"nobody"and"ftp"fornormaloperationandanon.
ServerName"llzqq"
ServerTypestandalone
DefaultServeron
AllowRetrieveRestarton
AllowStoreRestarton
ServerTypestandalone
ServerIdenton
SystemLog/var/log/proftpd.log
UseReverseDNSoff
IdentLookupsoff
RequireValidShelloff
#Port21isthestandardFTPport.
Port21
#Umask022isagoodstandardumasktopreventnewdirsandfiles
#frombeinggroupandworldwritable.
Umask022
MaxInstances100
#Settheuserandgroupunderwhichtheserverwillrun.
Usernobody
Groupnogroup
#TocauseeveryFTPusertobe"jailed"(chrooted)intotheirhome
#directory,uncommentthisline.
DefaultRoot~
#Normally,wewantfilestobeoverwriteable.
AllowOverwriteon
#Wewant'welcome.msg'displayedatlogin,and'.message'displayed
#ineachnewlychdireddirectory.
DisplayLogin.welcome
DisplayFirstChdir.message
#LimitUserofbeingenbledloginftpserver
AllowGroupftp
DenyAll
#########################ssl/tls############################
#MOD_TLSSETTING
TLSEngineon
TLSLog/var/log/proftpd-tls.log
TLSProtocolSSLv23
#AreclientsrequiredtouseFTPoverTLSwhentalkingtothisserver?
TLSRequiredctrl
#Server'scertificate
TLSRSACertificateFile/etc/proftpd.crt
TLSRSACertificateKeyFile/etc/proftpd.key
#AuthenticateclientsthatwanttouseFTPoverTLS
TLSVerifyClientoff
#########################ssl/tls############################
DenyGroupftp
TransferRateRETR150groupftp
DenyGroupftp
TransferRateSTOR150groupftp
MaxClientsPerHost200
PassivePorts5500056000
================+================+=================
创建PROFTPD的日志文件:
#touch/var/log/proftpd.log
#touch/var/log/proftpd-tls.log
#chownnobody:nogroup/var/log/proftpd.log/var/log/proftpd-tls.log
创建SSL传输的证书和密匙:
#cp/usr/share/ssl/openssl.cnf./
#opensslreq-new-x509-nodes-configopenssl.cnf-outproftpd.crt–keyoutproftpd.key
这里安装提示需要输入证书信息略
把证书和密匙复制到指定目录:
#cpproftpd.crtproftpd.key/etc/
#p#分页标题#e#
最后创建PROFTPD启动教本:
#vi/etc/init.d/proftpd
================+================+=================
#!/bin/sh
#StartupscriptforProFTPD
#chkconfig:3458515
#description:ProFTPDisanenhancedFTPserver
#processname:proftpd
#config:/etc/proftpd.conf
#Sourcefunctionlibrary.
./etc/rc.d/init.d/functions
if[-f/etc/sysconfig/proftpd];then
./etc/sysconfig/proftpd
fi
PATH="$PATH:/usr/local/proftpd/sbin"
#Seehowwewerecalled.
case"$1"in
start)
echo-n"Startingproftpd:"
daemonproftpd$OPTIONS
echo
touch/var/lock/subsys/proftpd
;;
stop)
echo-n"Shuttingdownproftpd:"
killprocproftpd
echo
rm-f/var/lock/subsys/proftpd
;;
status)
statusproftpd
;;
restart)
$0stop
$0start
;;
reread)
echo-n"Re-readingproftpdconfig:"
killprocproftpd-HUP
echo
;;
suspend)
hashftpshut>/dev/null2>&1
if[$?=0];then
if[$#-gt1];then
shift
echo-n"Suspendingwith'$*'"
ftpshut$*
else
echo-n"SuspendingNOW"
ftpshutnow"Maintananceinprogress"
fi
else
echo-n"Nowaytosuspend"
fi
echo
;;
resume)
if[-f/etc/shutmsg];then
echo-n"Allowingsessionsagain"
rm-f/etc/shutmsg
else
echo-n"Wasnotsuspended"
fi
echo
;;
*)
echo-n"Usage:$0{start|stop|restart|status|reread|resume"
hashftpshut
if[$?=1];then
echo'}'
else
echo'|suspend}'
echo'suspendacceptsadditionalargumentswhicharepassedtoftpshut(8)'
fi
exit1
esac
if[$#-gt1];then
shift
$0$*
fi
exit0
================+================+=================
#chomd755/etc/init.d/proftpd
#chkconfig–-addproftpd
#chkconfigproftpdon
到这里ftp服务器端安装设置完毕,登陆服务器的客户端我用了完全免费的FileZilla(前两天网上看到说FileZilla支持SSL不错)。FileZilla的设置也比较简单。本服务器支持两种客户端加密连接方式:
1.FTPoverssl(显示加密)方式连接。
2.FTPovertls(显示加密)方式连接
如下图所示:
[本帖最后由llzqq于2005-12-307:42编辑]2.FTPovertls(显示加密)
2.FTPoverssl(显示加密)上一页[1][2]