Chinaunix首页 | 论坛 | 博客
  • 博客访问: 435694
  • 博文数量: 56
  • 博客积分: 842
  • 博客等级: 准尉
  • 技术积分: 761
  • 用 户 组: 普通用户
  • 注册时间: 2009-04-22 21:20
文章分类

全部博文(56)

文章存档

2018年(2)

2017年(3)

2016年(8)

2015年(1)

2014年(8)

2013年(7)

2012年(9)

2011年(5)

2010年(2)

2009年(11)

我的朋友

分类: 系统运维

2013-03-28 16:48:37

先安装proftpd,然后找到proftpd.conf文件并添加以下几行

TLSEngine on
TLSRequired on
TLSRSACertificateFile      /usr/local/etc/proftpd.pem
TLSRSACertificateKeyFile   /usr/local/etc/proftpd.pem
TLSCipherSuite ALL:!ADH:!DES
TLSOptions NoCertReques
TLSVerifyClient off
TLSRenegotiate ctrl 3600 data 512000 required off timeout 300
TLSLog /var/log/proftpd/tls.log

RequireValidShell off     #只使用虚拟用户
AuthOrder mod_auth_file.c    #使用文件认证

AuthUserFile      /usr/local/etc/ftpd.passwd  #指定认证文件

再生成证书文件
cd /usr/local/etc
openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout /usr/local/etc/proftpd.pem -out /usr/local/etc/proftpd.pem



再次修改proftpd.conf文件
# 'proftpd.conf' for actual use.  It establishes a single server
# and a single anonymous login.  It assumes that you have a user/group
# "nobody" and "ftp" for normal operation and anon.

ServerName                      "ProFTPD Default Installation"
ServerType                      standalone
DefaultServer                   on

# Port 21 is the standard FTP port.
Port       990                         修改监听端口

# Don't use IPv6 support by default.
UseIPv6                         off

# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask                           022

# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd).
MaxInstances                    30

# Set the user and group under which the server will run.
#User                   ftp            配置启动proftpd的用户
#Group                   users   

# To cause every FTP user to be "jailed" (chrooted) into their home
# directory, uncomment this line.
DefaultRoot /data/test                指定ftp登录进来后的根目录

# Normally, we want files to be overwriteable.
AllowOverwrite          on

TLSEngine  on           开启TLS
TLSRequired  on        连接必须用TLS
TLSRSACertificateFile      /usr/local/etc/proftpd.pem             指定证书文件
TLSRSACertificateKeyFile   /usr/local/etc/proftpd.pem           指定证书key文件
TLSCipherSuite  ALL:!ADH:!DES
TLSOptions  NoCertRequest
TLSVerifyClient  off
TLSRenegotiate  ctrl 3600 data 512000 required off timeout 300
TLSLog  /var/log/proftpd/tls.log

# Bar use of SITE CHMOD by default

  DenyAll


# A basic anonymous configuration, no upload directories.  If you do not
# want anonymous users, simply delete this entire section.

  User                          ftp
  Group                         ftp

  # We want clients to be able to login with "anonymous" as well as "ftp"
  UserAlias                     anonymous ftp

  # Limit the maximum number of anonymous logins
  MaxClients                    10

  # We want 'welcome.msg' displayed at login, and '.message' displayed
  # in each newly chdired directory.
  DisplayLogin                  welcome.msg
  DisplayChdir                  .message

  # Limit WRITE everywhere in the anonymous chroot
 
    DenyAll
 


 
   DenyUser !ftp        禁止除ftp以外的用户登录ftp server
 

PassivePorts 9900 9930         指定passive模式所用端口
ExtendedLog /var/log/proftpd/access.log WRITE,READ default        
ExtendedLog /var/log/proftpd/auth.log AUTH auth


添加虚拟用户


/usr/local/bin/./ftpasswd --file=/etc/proftpd/ftpd.passwd --home=/home/xxxx --shell=/bin/false --name=xxxx --uid=1111 --gid=1111 --passwd

会要求输入登录密码,连续输入两次即可。–home 指定 ftp 用户登录后的根目录,–name 指定 ftp 用户名。而 uid 和 gid 则指定这个 ftp 用户对应哪一个系统用户和组。



创建启动脚本
cd /sbin/init.d
vi proftpd

#!/bin/sh  
 
FTPD_BIN=/usr/local/proftpd/sbin/proftpd  
 
FTPD_CONF=/usr/local/proftpd/etc/proftpd.conf  
 
PIDFILE=/usr/local/proftpd/var/proftpd.pid  
 
if [ -f $PIDFILE ]; then  
 
pid=`cat $PIDFILE`  
 
fi  
 
if [ ! -x $FTPD_BIN ]; then  
 
echo "$0: $FTPD_BIN: cannot execute"  
 
exit 1  
 
fi  
 
case $1 in  
 
start)  
 
if [ -n "$pid" ]; then  
 
echo "$0: proftpd [PID $pid] already running"  
 
exit  
 
fi  
 
if [ -r $FTPD_CONF ]; then  
 
echo "Starting proftpd..."  
 
$FTPD_BIN -c $FTPD_CONF  
 
else  
 
echo "$0: cannot start proftpd -- $FTPD_CONF missing"  
 
fi  
 
;;  
 
stop)  
 
if [ -n "$pid" ]; then  
 
echo "Stopping proftpd..."  
 
kill -TERM $pid  
 
else  
 
echo "$0: proftpd not running"  
 
exit 1  
 
fi  
 
;;  
 
restart)  
 
if [ -n "$pid" ]; then  
 
echo "Rehashing proftpd configuration"  
 
kill -HUP $pid  
 
else  
 
echo "$0: proftpd not running"  
 
exit 1  
 
fi  
 
;;  
 
*)  
 
echo "usage: $0 {start|stop|restart}"  
 
exit 1  
 
;;  
 
esac  
 
exit 0 

保存文件后chmod 600 proftpd
现在可以通过脚本启动、停止、重启proftpd
./proftpd start |stop |restart
 


使用ftp客户端软件通过显示的ftp over TLS连接到proftpd


阅读(2743) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~