yes, tried it a few times..Originally Posted by frodon
Yes, it's easy to use and really powerful
Yes, but i won't use it
No, the GUI has to be improved
First Cup of Ubuntu
yes, tried it a few times..
Ubuntu French Roast
Then search check more thoroughly to get what is wrong in your config, it's almost impossible for me to guess what is wrong on your config in this case, the person the most able to help you on this is yourself unfortunately.
Try to explain how you tested your server and maybe give details about your home network structure.
First Cup of Ubuntu
Okay, Ive got it working, Installed it to another dir,
anywayz, now Ive installed SSL/TSL for proftpd:
<IfModule mod_tls.c>
TLSEngine on
TLSLog /var/log/proftpd/tls.log
TLSProtocol SSLv23
TLSOptions NoCertRequest
TLSRSACertificateFile /etc/proftpd/ssl/proftpd.cert.pem
TLSRSACertificateKeyFile /etc/proftpd/ssl/proftpd.key.pem
TLSVerifyClient on
TLSRequired on
</IfModule>
is there a way to check if its working? I know on IRC when you install SSL, you need to do something with the ports to logon with SSL, is it the same way on proFTPD? I just wanna allow SSL clients
Ubuntu French Roast
"TLSRequired on" directive indicates that only TLS encrypted connection will be allowed so you are sure with this setting to use encrypted connection, in addition you should also see in your FTP client log the "AUTH TLS" directive.
First Cup of Ubuntu
Hm, cant seem to find "Auth TLS" Pasting Client list:
Response: 220 you're at home
Command: USER ftpd
Response: 331 Password required for ftpd.
Command: PASS ******
Response: 230 welcome !!!
Command: SYST
Response: 215 UNIX Type: L8
Command: FEAT
Response: 211-Features:
Response: MDTM
Response: REST STREAM
Response: SIZE
Response: 211 End
Status: Connected
Status: Retrieving directory listing...
Ubuntu French Roast
I would say it is not running reading this log, are you sure you have added the "Include /etc/proftpd/modules.conf" line in your proftpd.conf file and that mod_tlc module is well listed in /etc/proftpd/modules.conf file ?
If not then your mod_tls module is not loaded and then not used.
First Cup of Ubuntu
modules.conf:
LoadModule mod_tls.c
proftpd.conf:
Include /etc/proftpd/modules.conf
quite strange huh? Ive tried to restart it but its still now working somehow hm..
Ubuntu French Roast
Sorry i didn't see you did not used the instruction from the first post, I don't know for the instructions you use, i know mine are working and i support them however other instructions are not supported by me in this tutorial.
Don't know where you got these instructions but you should ask for support where you got them, not here.
A Carafe of Ubuntu
I checked the Upload and Download directories. Needed to change permissions on the Upload directory, but still having problems. Tried accessing from Windows Explorer and get following msg:
Windows Cannot access this folder. Make sure you typed the file name correctly and that you have permission to access the folder.
Details
220 ProFTPD 1.3.0 Server (basement) [192.168.0.101]
550 SSL/TLS required on the control channel
Been searching through posts. Not sure what to do next.
A Carafe of Ubuntu
proftpd.conf
#
# /etc/proftpd/proftpd.conf -- This is a basic ProFTPD configuration file.
# To really apply changes reload proftpd after modifications.
#
# Includes DSO modules
Include /etc/proftpd/modules.conf
# Set off to disable IPv6 support which is annoying on IPv4 only boxes.
UseIPv6 off
# Choose here the user alias you want!!!!
UserAlias rob userftp
ServerName "basement"
ServerType standalone
DeferWelcome off
MultilineRFC2228 on
DefaultServer on
ShowSymlinks off
TimeoutNoTransfer 600
TimeoutStalled 100
TimeoutIdle 2200
DisplayLogin welcome.msg
DisplayFirstChdir .message
ListOptions "-l"
DenyFilter \*.*/
# Use this to jail all users in their homes
# DefaultRoot ~
# Users require a valid shell listed in /etc/shells to login.
# Use this directive to release that constrain.
RequireValidShell off
TimeoutLogin 20
RootLogin off
# Port 21 is the standard FTP port.
Port 1980
# In some cases you have to specify passive ports range to by-pass
# firewall limitations. Ephemeral ports can be used for that, but
# feel free to use a more narrow range.
# PassivePorts 6000 65534
# If your host was NATted, this option is useful in order to
# allow passive tranfers to work. You have to use your public
# address and opening the passive ports used on your firewall as well.
# MasqueradeAddress 192.168.0.101
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 30
# Set the user and group that the server normally runs at.
User nobody
Group nogroup
# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022
# Normally, we want files to be overwriteable.
AllowOverwrite on
# Uncomment this if you are using NIS or LDAP to retrieve passwords:
# PersistentPasswd off
# Be warned: use of this directive impacts CPU average load!
# Uncomment this if you like to see progress and transfer rate with ftpwho
# in downloads. That is not needed for uploads rates.
#
# UseSendFile off
# Choose a SQL backend among MySQL or PostgreSQL.
# Both modules are loaded in default configuration, so you have to specify the backend
# or comment out the unused module in /etc/proftpd/modules.conf.
# Use 'mysql' or 'postgres' as possible values.
#
#<IfModule mod_sql.c>
# SQLBackend mysql
#</IfModule>
TransferLog /var/log/proftpd/xferlog
SystemLog /var/log/proftpd/proftpd.log
<IfModule mod_tls.c>
TLSEngine on
TLSLog /var/ftpd/tls.log
TLSProtocol TLSv1
# Are clients required to use FTP over TLS when talking to this server?
TLSRequired on
# Server's certificate
TLSRSACertificateFile /etc/ftpcert/server.crt
TLSrsaCertificateKeyFile /etc/ftpcert/server.key
# CA the server trusts
TLSCACertificateFile /etc/ftpcert/ca.crt
# Authenticate clients that want to use FTP over TLS?
TLSVerifyClient off
</IfModule>
<IfModule mod_quota.c>
QuotaEngine on
</IfModule>
<IfModule mod_ratio.c>
Ratios on
</IfModule>
# Delay engine reduces impact of the so-called Timing Attack described in
# http://security.lss.hr/index.php?pag...LSS-2004-10-02
# It is on by default.
<IfModule mod_delay.c>
DelayEngine on
</IfModule>
<IfModule mod_ctrls.c>
ControlsEngine on
ControlsMaxClients 2
ControlsLog /var/log/proftpd/controls.log
ControlsInterval 5
ControlsSocket /var/run/proftpd/proftpd.sock
</IfModule>
<IfModule mod_ctrls_admin.c>
AdminControlsEngine on
</IfModule>
# A basic anonymous configuration, no upload directories.
# <Anonymous ~ftp>
# User ftp
# Group nogroup
# # We want clients to be able to login with "anonymous" as well as "ftp"
# UserAlias anonymous ftp
# # Cosmetic changes, all files belongs to ftp user
# DirFakeUser on ftp
# DirFakeGroup on ftp
#
# RequireValidShell off
#
# # Limit the maximum number of anonymous logins
# MaxClients 10
#
# # We want 'welcome.msg' displayed at login, and '.message' displayed
# # in each newly chdired directory.
# DisplayLogin welcome.msg
# DisplayFirstChdir .message
#
# # Limit WRITE everywhere in the anonymous chroot
# <Directory *>
# <Limit WRITE>
# DenyAll
# </Limit>
# </Directory>
#
# # Uncomment this if you're brave.
# # <Directory incoming>
# # # Umask 022 is a good standard umask to prevent new files and dirs
# # # (second parm) from being group and world writable.
# # Umask 022 022
# # <Limit READ WRITE>
# # DenyAll
# # </Limit>
# # <Limit STOR>
# # AllowAll
# # </Limit>
# # </Directory>
#
# </Anonymous>
Posting Permissions
Adv Reply
Bookmarks