Yes, it's easy to use and really powerful
Yes, but i won't use it
No, the GUI has to be improved
Frodon! This is a very clear how-to! However, I have run into a few problems... First, I'm not behind a firewall or anything like that - I host a number of websites off this computer and I have no problem accessing them. I do get the IPv6 notice when I start proFTPd - can't seem to fix it, so, here's my conf file, maybe you could provide some idea on how to get my address ftp://statmajor.info (which I own) to point to this. I did all the SSL/TSL stuff too, to make it more secure. Thanks!
# To really apply changes reload proftpd after modifications.
AllowOverwrite on
AuthAliasOnly on
# Choose here the user alias you want !!!!
UserAlias sauron userftp
ServerName "ftp://statmajor.info"
ServerType standalone
DeferWelcome on
MultilineRFC2228 on
DefaultServer on
ShowSymlinks off
TimeoutNoTransfer 600
TimeoutStalled 100
TimeoutIdle 2200
DisplayFirstChdir .message
ListOptions "-l"
RequireValidShell on
TimeoutLogin 20
RootLogin off
# It's better for debug to create log files
ExtendedLog /var/log/ftp.log
TransferLog /var/log/xferlog
SystemLog /var/log/syslog.log
#DenyFilter \*.*/
# I don't choose to use /etc/ftpusers file (set inside the users you want to ban, not useful for me)
UseFtpUsers off
# Allow to restart a download
AllowStoreRestart on
# Port 21 is the standard FTP port, so you may prefer to use another port for security reasons (choose here the port you want)
Port 21
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 8
# Set the user and group that the server normally runs at.
User nobody
Group nogroup
# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022
PersistentPasswd off
MaxClients 8
MaxClientsPerHost 8
MaxClientsPerUser 8
MaxHostsPerUser 8
# Display a message after a successful login
AccessGrantMsg "Welcome Mr. Ewing"
# This message is displayed for each access good or not
ServerIdent on "you're at home"
# Set /home/FTP-shared directory as home directory
#DefaultRoot /home/mark/Documents/School
# Lock all the users in home directory, ***** really important *****
#DefaultRoot ~
MaxLoginAttempts 5
#VALID LOGINS
<Limit LOGIN>
AllowUser userftp,
AllowUser mark
</Limit>
<Directory /home/mark/Documents/School/*>
Umask 022 022
AllowOverwrite on
<Limit MKD STOR DELE XMKD RNRF RNTO RMD XRMD CWD MKD READ>
AllowAll
</Limit>
</Directory>
<IfModule mod_tls.c>
TLSEngine on
TLSLog /var/ftpd/tls.log
TLSProtocol TLSv1
# Are clients required to use FTP over TLS when talking to this server?
TLSRequired on
# Server's certificate
TLSRSACertificateFile /etc/ftpcert/server.crt
TLSRSACertificateKeyFile /etc/ftpcert/server.key
# CA the server trusts
TLSCACertificateFile /etc/ftpcert/ca.crt
# Authenticate clients that want to use FTP over TLS?
TLSVerifyClient on
</IfModule>
<Global>
DeferWelcome on
MaxClients 5
ServerIdent on "Welcome Mr. Ewing"
AllowOverwrite on
RequireValidShell on
</Global>
ASUS M2A-MVP, AMD Athlon 64 X2 4000+, 3 Gb DDR2 800Mhz, GeForce 8600GT XXX Edition, Ubuntu 8.10
Hi pofigster,
What is your problem exactly, the IPv6 error message or the access to your FTP server ?
For all you need is to make your domain name ftp://statmajor.info to point to the IP of your computer but if you already have some websites on this computer i guess it is already the case so you should already be able to access your FTP server using this domain name.
About your config file not much to say, it is not mandatory to put your domain name as server name because from my understanding the ServerName command is just to set a simple name for the server, i have another remark about your user called "mark" because you chose to allow this user to access to the server (AllowUser mark command) however like recommended in my guide the server allows only connection with alias names (AuthAliasOnly on command) so you would need to create an alias name for your user mark and login your server with this alias name.
Ok, I think the real problem is the IPv6 thing then, associating an address with my computer's name. I noticed in this thread that there's supposed to be something in the config file to edit? I couldn't find it.
Anyway, I've got ftp://statmajor.info pointing at this computer, but the login for userftp doesn't work (keeps asking for the password), I assumed the two were interconnected.
ASUS M2A-MVP, AMD Athlon 64 X2 4000+, 3 Gb DDR2 800Mhz, GeForce 8600GT XXX Edition, Ubuntu 8.10
About the IPv6 error try this :
http://ubuntuforums.org/showthread.p...68#post2295568
frodon, that last post fixed the IPv6 warnings that were showing up. Still, though, everytime I try and login I get a 530 error. I double checked, I don't require a valid shell in the conf file, and the user I created on this computer, userftp, has the right folder as home and the right /bin/false shell. Any idea on why I simply cannot login?
ASUS M2A-MVP, AMD Athlon 64 X2 4000+, 3 Gb DDR2 800Mhz, GeForce 8600GT XXX Edition, Ubuntu 8.10
Check the system rights of your /home/mark/Documents/School/ directory, it is an upload directory so the rights of this folder must be 777. Then if you still get this error try to set another password for the user several time and verify that you are using the alias name to login the server.
BTW i saw one huge security mistake in your config file, please uncomment the line "DefaultRoot /home/mark/Documents/School" it is what prevent a user from going outside your /home/mark/Documents/School directory so this is really important.
It works! Thanks for your help, I wasn't using the alias name to login...stoopid me.
ASUS M2A-MVP, AMD Athlon 64 X2 4000+, 3 Gb DDR2 800Mhz, GeForce 8600GT XXX Edition, Ubuntu 8.10
Great, enjoy your encrypted FTP server
Frodon - it's me again Ok, so the unencrypted FTP server is working great - but when I use Webmin to update the configuration file to include the TLS code (After getting it all set up like in the how-to) this is what I get:
How do I get the passphrases to match? I used the same passwords for both of the certificates, not the same as my login password though. Any help would be great! Thanks!Failed to apply FTP configuration :
Checking syntax of configuration file
Please provide passphrases for these encrypted certificate keys:
RSA key for the 127.0.1.1#21 (ftp://statmajor.info) server:
Passphrases do not match. Please try again.
RSA key for the 127.0.1.1#21 (ftp://statmajor.info) server:
Passphrases do not match. Please try again.
RSA key for the 127.0.1.1#21 (ftp://statmajor.info) server:
Passphrases do not match. Please try again.
Wrong passphrase for this key. Please try again.
RSA key for the 127.0.1.1#21 (ftp://statmajor.info) server:
Passphrases do not match. Please try again.
RSA key for the 127.0.1.1#21 (ftp://statmajor.info) server:
Passphrases do not match. Please try again.
RSA key for the 127.0.1.1#21 (ftp://statmajor.info) server:
Passphrases do not match. Please try again.
Wrong passphrase for this key. Please try again.
RSA key for the 127.0.1.1#21 (ftp://statmajor.info) server:
Passphrases do not match. Please try again.
RSA key for the 127.0.1.1#21 (ftp://statmajor.info) server:
Passphrases do not match. Please try again.
RSA key for the 127.0.1.1#21 (ftp://statmajor.info) server:
Passphrases do not match. Please try again.
Wrong passphrase for this key. Please try again.
mark-desktop - mod_tls/2.1.1: unable to use RSA certificate key in '/etc/ftpcert/server.key', exiting
ASUS M2A-MVP, AMD Athlon 64 X2 4000+, 3 Gb DDR2 800Mhz, GeForce 8600GT XXX Edition, Ubuntu 8.10
Bookmarks