js333 > 计算机互联网 > Proftpd环境下设定虚拟主机金沙js333娱乐场

原标题:Proftpd环境下设定虚拟主机金沙js333娱乐场

浏览次数:172 时间:2019-11-05

主机环境:Gentoo 11.2

proftpd配置ftp over TLS实录

ProFTPD设计目标是实现一个安全且易于设定的FTP Server。本文介绍下虚拟主机如何在Proftpd环境下实现。

内核版本:Linux Kernel 3.2.1

 

可以通过指令:VirtualHost来实现,一个最简单的例子:

这里选择proftpd作为FTP服务器

先安装proftpd,然后找到proftpd.conf文件并添加以下几行

ServerName "virtual FTP server"

1、安装proftpd

 

若你仅仅希望通过匿名访问某个虚拟主机,则使用如下! 的指令:

emerge -av proftpd

TLSEngine on

Serv erName "virtual FTP server"

2、配置proftpd

TLSRequired on

DenyAll

首先复制/etc/proftpd/proftpd.conf.sample

TLSRSACertificateFile      /usr/local/etc/proftpd.pem

User private

cp /etc/proftpd/proftpd.conf.sample /etc/proftpd/proftpd.conf

TLSRSACertificateKeyFile   /usr/local/etc/proftpd.pem

Group private

打开该文件进行适当的修改

TLSCipherSuite ALL:!ADH:!DES

AllowAll

下面是我的文件

TLSOptions NoCertReques

这样192.168.2.35的这台主机则仅仅允许匿名登录。

  1. ServerName "yan's ftp server!"  
  2. ServerType standalone  
  3. DefaultServer on  
  4. RequireValidShell off  
  5. AuthPAM on  
  6. AuthPAMConfig ftp  
  7. RequireValidShell off  
  8.   
  9. # Listen on the standard FTP port 21.  
  10. Port 21  
  11.   
  12. # New directories and files should not be group or world writable.  
  13. Umask 022  
  14.   
  15. # To prevent DoS attacks set the maximum number of child processes  
  16. # to 30. If you need to allow more than 30 concurrent connections  
  17. # at once simply increase this value.  
  18. MaxInstances 30  
  19.   
  20. # The server will run under ftp/ftp.  
  21. User ftp  
  22. Group ftp  
  23.   
  24. # Every FTP sessions is "jailed" into the user's home directory.  
  25. DefaultRoot ~  
  26.   
  27. # Generally files are overwritable.  
  28. AllowOverwrite on  
  29.   
  30. # Disallow the use of the SITE CHMOD command.  
  31. <Limit SITE_CHMOD>  
  32.   DenyAll  
  33. </Limit>  
  34. SystemLog                       /var/log/proftpd.syslog  
  35. TransferLog                     /var/log/proftpd.transferlog  
  36.   
  37. # A basic anonymous FTP account without an upload directory.  
  38. <Anonymous /home/ftp>  
  39.   User ftp  
  40. Group ftp  
  41.   
  42. # Every FTP sessions is "jailed" into the user's home directory.  
  43. DefaultRoot ~  
  44.   
  45. # Generally files are overwritable.  
  46. AllowOverwrite on  
  47.   
  48. # Disallow the use of the SITE CHMOD command.  
  49. <Limit SITE_CHMOD>  
  50.   DenyAll  
  51. </Limit>  
  52. SystemLog                       /var/log/proftpd.syslog  
  53. TransferLog                     /var/log/proftpd.transferlog  
  54.   
  55. # A basic anonymous FTP account without an upload directory.  
  56. <Anonymous /home/ftp>  
  57.   User ftp  
  58.   Group ftp  
  59.   
  60.   # Clients can login with the username "anonymous" and "ftp".  
  61.   UserAlias anonymous ftp  
  62.   
  63.   # Limit the maximum number of parallel anonymous logins to 10.  
  64.   MaxClients 10  
  65.   
  66.   # Prohibit the WRITE command for the anonymous users.  
  67.   <Limit WRITE>  
  68.     DenyAll  
  69.   </Limit>  
  70.   <Limit LOGIN>  
  71.     Order               deny,allow  
  72.     Allow               from all  
  73.   </Limit>  
  74. </Anonymous>  

TLSVerifyClient off

笔者的proftpd.conf配置文件内容为:

3、启动服务

TLSRenegotiate ctrl 3600 data 512000 required off timeout 300

# This is a basic ProFTPD configuration file (rename it to   # 'proftpd.conf' for actual use. It establishes a single server   # and a single anonymous login. It assumes that you have a user/group   # "nobody" and "ftp" for normal operation and anon.  

/etc/proftpd/proftpd start

TLSLog /var/log/proftpd/tls.log

ServerName &! quot;test.com.cn FTP Server"

如果正常这样默认的FTP配置的服务器就搭建好了。

 

ServerType standalone

本人遇到了一个问题,就是ftp用户登录的时候总是登录失败,看了下日志

再生成证书文件

DefaultServer on

Mar 16 12:05:46 yan-laptop proftpd[15868] yan-laptop: ProFTPD 1.3.3g (maint) (built Fri Mar 16 2012 10:36:06 CST) standalone mode STARTUP
Mar 16 12:05:46 yan-laptop proftpd[15819] yan-laptop (yan-laptop[::ffff:127.0.0.1]): FTP session closed.
Mar 16 12:05:52 yan-laptop proftpd[15877] yan-laptop (yan-laptop[::ffff:127.0.0.1]): FTP session opened.
Mar 16 12:05:57 yan-laptop proftpd[15877] yan-laptop (yan-laptop[::ffff:127.0.0.1]): ftp: Directory /home/ftp/ is not accessible.
Mar 16 12:07:39 yan-laptop proftpd[15877] yan-laptop (yan-laptop[::ffff:127.0.0.1]): FTP session closed.
Mar 16 12:11:00 yan-laptop proftpd[15868] yan-laptop: ProFTPD killed (signal 15)
Mar 16 12:11:00 yan-laptop proftpd[15868] yan-laptop: ProFTPD 1.3.3g standalone mode SHUTDOWN

cd /usr/local/etc

# Port 21 is the standard FTP port.

解决方法:

openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout /usr/local/etc/proftpd.pem -out /usr/local/etc/proftpd.pem

Port 21

去掉aclUSE标记,重新编译proftpd安装

 

# Umask 022 is a good standard umask to prevent new dirs and files

USE="-acl" emerge proftpd

再次修改proftpd.conf文件

# from being group and world writable.

重启服务后问题解决。

# 'proftpd.conf' for actual use.  It establishes a single server

Umask 022

金沙js333娱乐场 1

# and a single anonymous login.  It assumes that you have a user/group

# To prevent DoS attacks, set the maximum number of child processes   # to 30. If you need to allow more than 30 concurrent connections   # at once, simply increase this value. Note that this ONLY works   # in standalone mode, in inetd mode you should use an inetd server   # that allows you to&! nbsp;limit maximum number of processes per&nb sp;service   # (such as xinetd)  

# "nobody" and "ftp" for normal operation and anon.

MaxInstances 30

 

RequireValidShell off

ServerName                      "ProFTPD Default Installation"

金沙js333娱乐场,ServerIdent off

ServerType                      standalone

# Set the user and group that the server normally runs at.

DefaultServer                   on

User nobody

 

Group nobody

# Port 21 is the standard FTP port.

# Normally, we want files to be overwriteable.

Port       990                         修改监听端口

AllowOverwrite on

 

# A basic anonymous configuration, no upload directories.

# Don't use IPv6 support by default.

User ftp

UseIPv6                         off

Group ftp

 

# We want clients to be able to login with "anonymous" as well as "ftp"

# Umask 022 is a good standard umask to prevent new dirs and files

UserAlias anonymous ftp

# from being group and world writable.

# Limit the maximum number of anonymous logins

Umask                           022

MaxClients 10

 

# We ! ;want 'welcome.msg' displayed at login, and '.message' displayed

# To prevent DoS attacks, set the maximum number of child processes

# in each newly chdired directory.

# to 30.  If you need to allow more than 30 concurrent connections

DisplayLogin welcome.msg

# at once, simply increase this value.  Note that this ONLY works

DisplayFirstChdir .message

# in standalone mode, in inetd mode you should use an inetd server

# Limit WRITE everywhere in the anonymous chroot

# that allows you to limit maximum number of processes per service

DenyAll

# (such as xinetd).

DefaultRoot ~ ftpusers

MaxInstances                    30

ServerName "virtual FTP server"

 

DenyAll

# Set the user and group under which the server will run.

User private

User                   ftp            配置启动proftpd的用户

Group private

Group                   users   

AllowAll

 

通过本文的描述,希望你们能懂得Proftpd设置虚拟主机的过程!

# To cause every FTP user to be "jailed" (chrooted) into their home

  • Proftpd不显示ftp服务器版本信息以增强安全性
  • 实现Proftpf将其以后的访问限定在某个目录下
  • FTP服务器中的君子兰 ProFTPD
  • ProFTPD 的特点
  • ProFTPD 主要特色
  • ProFTPD 操作过程
  • Proftpd 简单介绍

# directory, uncomment this line.

设计目标是实现一个安全且易于设定的FTP Server。本文介绍下虚拟主机如何在Proftpd环境下实现。 可以通过指令:VirtualHost来实现,一个...

DefaultRoot /data/test                指定ftp登录进来后的根目录

 

# Normally, we want files to be overwriteable.

AllowOverwrite          on

 

TLSEngine  on           开启TLS

TLSRequired  on        连接必须用TLS

TLSRSACertificateFile      /usr/local/etc/proftpd.pem             指定证书文件

TLSRSACertificateKeyFile   /usr/local/etc/proftpd.pem           指定证书key文件

TLSCipherSuite  ALL:!ADH:!DES

TLSOptions  NoCertRequest

TLSVerifyClient  off

TLSRenegotiate  ctrl 3600 data 512000 required off timeout 300

TLSLog  /var/log/proftpd/tls.log

 

# Bar use of SITE CHMOD by default

<Limit SITE_CHMOD>

  DenyAll

</Limit>

 

# A basic anonymous configuration, no upload directories.  If you do not

# want anonymous users, simply delete this entire <Anonymous> section.

<Anonymous ~ftp>

  User                          ftp

  Group                         ftp

 

  # We want clients to be able to login with "anonymous" as well as "ftp"

  UserAlias                     anonymous ftp

 

  # Limit the maximum number of anonymous logins

  MaxClients                    10

 

  # We want 'welcome.msg' displayed at login, and '.message' displayed

  # in each newly chdired directory.

  DisplayLogin                  welcome.msg

  DisplayChdir                  .message

 

  # Limit WRITE everywhere in the anonymous chroot

  <Limit WRITE>

    DenyAll

  </Limit>

</Anonymous>

 

  <Limit LOGIN>

   DenyUser !ftp        禁止除ftp以外的用户登录ftp server

  </Limit>

 

PassivePorts 9900 9930         指定passive模式所用端口

ExtendedLog /var/log/proftpd/access.log WRITE,READ default         

ExtendedLog /var/log/proftpd/auth.log AUTH auth

 

 

创建启动脚本

cd /sbin/init.d

vi proftpd

 

#!/bin/sh  

 

FTPD_BIN=/usr/local/proftpd/sbin/proftpd  

 

FTPD_CONF=/usr/local/proftpd/etc/proftpd.conf  

 

PIDFILE=/usr/local/proftpd/var/proftpd.pid  

 

if [ -f $PIDFILE ]; then  

 

pid=`cat $PIDFILE`  

 

fi  

 

if [ ! -x $FTPD_BIN ]; then  

 

echo "$0: $FTPD_BIN: cannot execute"  

 

exit 1  

 

fi  

 

case $1 in  

 

start)  

 

if [ -n "$pid" ]; then  

 

echo "$0: proftpd [PID $pid] already running"  

 

exit  

 

fi  

 

if [ -r $FTPD_CONF ]; then  

 

echo "Starting proftpd..."  

 

$FTPD_BIN -c $FTPD_CONF  

 

else  

 

echo "$0: cannot start proftpd -- $FTPD_CONF missing"  

 

fi  

 

;;  

 

stop)  

 

if [ -n "$pid" ]; then  

 

echo "Stopping proftpd..."  

 

kill -TERM $pid  

 

else  

 

echo "$0: proftpd not running"  

 

exit 1  

 

fi  

 

;;  

 

restart)  

 

if [ -n "$pid" ]; then  

 

echo "Rehashing proftpd configuration"  

 

kill -HUP $pid  

 

else  

 

echo "$0: proftpd not running"  

 

exit 1  

 

fi  

 

;;  

 

*)  

 

echo "usage: $0 {start|stop|restart}"  

 

exit 1  

 

;;  

 

esac  

 

exit 0  

 

保存文件后chmod 600 proftpd

现在可以通过脚本启动、停止、重启proftpd

./proftpd start |stop |restart

 

使用ftp客户端软件通过显示的ftp over TLS连接到proftpd

 

over TLS实录 先安装proftpd,然后找到proftpd.conf文件并添加以下几行 TLSEngine on TLSRequired on TLSRSACertificateFile /usr/local/etc/proftpd.pem...

本文由js333发布于计算机互联网,转载请注明出处:Proftpd环境下设定虚拟主机金沙js333娱乐场

关键词:

上一篇:没有了

下一篇:没有了