写下自己在配置 Proftpd的一些相关东西,希望能够和大家分享:
配置 ProFTPD
然后,通过修改相应配置文件配置ProFTPD。
[root@sample ~]# vi /etc/proftpd.conf ← 修改ProFTPD的配置文件
ServerType standalone ← 找到这一行,在行首添加“#”
↓
#ServerType standalone ← 变为此状态,不使用常驻模式
#ServerType inetd ← 找到这一行,去掉行首的“#”
↓
ServerType inetd ← 变为此状态,通过超级服务器来启动ProFTPD
DefaultRoot ~ !adm ← 找到这一行,将“ !adm”改为“/public_html !wheel”
↓
DefaultRoot ~/public_html !wheel ← 变为此状态,使除wheel组用户的根目录为public_html
找到TLS设置的语句群,如下:
# TLS
# Explained at http://www.castaglia.org/proftpd/modules/mod_tls.html
----------------------------------------------------------------
#TLSEngine on
#TLSRequired on
#TLSRSACertificateFile /usr/share/ssl/certs/proftpd.pem
#TLSRSACertificateKeyFile /usr/share/ssl/certs/proftpd.pem
#TLSCipherSuite ALL:!ADH:!DES
#TLSOptions NoCertRequest
#TLSVerifyClient off
##TLSRenegotiate ctrl 3600 data 512000 required off timeout 300
#TLSLog /var/log/proftpd/tls.log
----------------------------------------------------------------
↓将以上水平线间部分的语句,每行行首的“#”都去掉,变为下面水平线间的状态:
----------------------------------------------------------------
TLSEngine on
TLSRequired on ← 只允许TLS方式的连接(如果将on改为off,普通方式也被允许)
TLSRSACertificateFile /usr/share/ssl/certs/proftpd.pem
TLSRSACertificateKeyFile /usr/share/ssl/certs/proftpd.pem
TLSCipherSuite ALL:!ADH:!DES
TLSOptions NoCertRequest
TLSVerifyClient off
#TLSRenegotiate ctrl 3600 data 512000 required off timeout 300
TLSLog /var/log/proftpd/tls.log
----------------------------------------------------------------
然后在配置文件的末尾填如下几行:
ExtendedLog /var/log/proftpd/access.log WRITE,READ default ← 记录连接日志到相应日志文件
ExtendedLog /var/log/proftpd/auth.log AUTH auth ← 记录认证日志到相应日志文件
MasqueradeAddress digeast.no-ip.info ← 定义服务器域名
PassivePorts 50000 50030 ← 为PASV模式连接时指定端口号(1024以后存在的任意端口号)
然后,为服务器建立证书。
[root@sample ~]# cd /usr/share/ssl/certs ← 进入相应的目录
[root@sample certs]# make proftpd.pem ← 建立服务器证书
umask 77 ; \
PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
/usr/bin/openssl req -newkey rsa:1024 -keyout $PEM1 -nodes -x509 -days 365 -out $PEM2 ; \
cat $PEM1 > proftpd.pem ; \
echo "" >> proftpd.pem ; \
cat $PEM2 >> proftpd.pem ; \
rm -f $PEM1 $PEM2
Generating a 1024 bit RSA private key
.........++++++
............++++++
writing new private key to '/tmp/openssl.sG3126'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:CN ← 输入国家简写
State or Province Name (full name) [Berkshire]:Hei Long Jiang ← 输入省份
Locality Name (eg, city) [Newbury]:Harbin ← 输入城市
Organization Name (eg, company) [My Company Ltd]:www.centospub.com ← 输入组织名(任意)
Organizational Unit Name (eg, section) []: ← 直接回车跳过
Common Name (eg, your name or your server's hostname) []:www.centospub.com ← FTP服务器名反馈
Email Address []:yourname@yourserver.com ← 输入E-mail地址
通过文章的详细的说明,我相信大家都知道如何配置自己的ProFTPD,希望对你们有所帮助!
【编辑推荐】
