在众多的FTP服务器中PROFTPD由于它的配置灵活安装简便近年来一直受到人们的喜爱通常情况下FTP包括认证过程传输是明文传输的在传输一些敏感数据时总是不能让人放心今天我在网上找了一些零散的资料结合自己的实作写了个帖子贡献给大家
下载最新的软件版本
#wgetftp:///distrib/source/proftpdrctargz
首先创建ROFTPD运行的用户和组
#groupaddnogroup
#useradd?Cgnogroup?Cd/dev/null?Cs/sbin/nologinnobody
首先创建上传下载的用户和组
#groupaddftp
#useradd?Cgftp?Cd/home/down?Cs/sbin/nologindown
#useradd?Cgftp?Cd/home/upload?Cs/sbin/nologinupload
用户密码设置略
编译安装PROFRPD:
#tar?Czxvfproftpdrctargz
#cdproftpdrc
#/configure
prefix=/usr/local/proftpd
sysconfdir=/etc
enableautoshadow
localstatedir=/var/run
enablectrls
withmodules=mod_tls
#make
#makeinstall
配置PROFTPD服务器
#vi/etc/nf
================+================+=================
#ThisisabasicProFTPDconfigurationfile(renameitto
#&#;nf&#;foractualuseItestablishesasingleserver
#andasingleanonymousloginItassumesthatyouhaveauser/group
#nobodyandftpfornormaloperationandanon
ServerNamellzqq
ServerTypestandalone
DefaultServeron
AllowRetrieveRestarton
AllowStoreRestarton
ServerTypestandalone
ServerIdenton
SystemLog/var/log/proftpdlog
UseReverseDNSoff
IdentLookupsoff
RequireValidShelloff
#PortisthestandardFTPport
Port
#Umaskisagoodstandardumasktopreventnewdirsandfiles
#frombeinggroupandworldwritable
Umask
MaxInstances
#Settheuserandgroupunderwhichtheserverwillrun
Usernobody
Groupnogroup
#TocauseeveryFTPusertobejailed(chrooted)intotheirhome
#directoryuncommentthisline
DefaultRoot~
#Normallywewantfilestobeoverwriteable
AllowOverwriteon
#Wewant&#;welcomemsg&#;displayedatloginand&#ssage&#;displayed
#ineachnewlychdireddirectory
DisplayLoginwelcome
Dssage
#LimitUserofbeingenbledloginftpserver
AllowGroupftp
DenyAll
#########################ssl/tls############################
#MOD_TLSSETTING
TLSEngineon
TLSLog/var/log/proftpdtlslog
TLSProtocolSSLv
#AreclientsrequiredtouseFTPoverTLSwhentalkingtothisserver?
TLSRequiredctrl
#Server&#;scertificate
TLSRSACertificateFile/etc/proftpdcrt
TLSRSACertificateKeyFile/etc/proftpdkey
#AuthenticateclientsthatwanttouseFTPoverTLS
TLSVerifyClientoff
#########################ssl/tls############################
DenyGroupftp
TransferRateRETRgroupftp
DenyGroupftp
TransferRateSTORgroupftp
MaxClientsPerHost
PassivePorts
================+================+=================
创建PROFTPD的日志文件
#touch/var/log/proftpdlog
#touch/var/log/proftpdtlslog
#chownnobody:nogroup/var/log/proftpdlog/var/log/proftpdtlslog
创建SSL传输的证书和密匙
#cp/usr/share/ssl/f/
#opensslreqnewxnodfoutproftpdcrt?Ckeyoutproftpdkey
这里安装提示需要输入证书信息略
把证书和密匙复制到指定目录
#cpproftpdcrtproftpdkey/etc/
最后创建PROFTPD启动教本
#vi/etc/initd/proftpd
================+================+=================
#!/bin/sh
#StartupscriptforProFTPD
#chkconfig:
#description:ProFTPDisanenhancedFTPserver
#processname:proftpd
#config:/etc/nf
#Sourcefunctionlibrary
/etc/rcd/initd/functions
if;then
/etc/sysconfig/proftpd
fi
PATH=$PATH:/usr/local/proftpd/sbin
#Seehowwewerecalled
case$in
start)
echonStartingproftpd:
daemonproftpd$OPTIONS
echo
touch/var/lock/subsys/proftpd
;;
stop)
echonShuttingdownproftpd:
killprocproftpd
echo
rmf/var/lock/subsys/proftpd
;;
status)
statusproftpd
;;
restart)
$stop
$start
;;
reread)
echonRereadingproftpdconfig:
killprocproftpdHUP
echo
;;
suspend)
hashftpshut>/dev/null>&
if;then
if;then
shift
echonSuspendingwith&#;$*&#;
ftpshut$*
else
echonSuspendingNOW
ftpshutnowMaintananceinprogress
fi
else
echonNowaytosuspend
fi
echo
;;
resume)
if;then
echonAllowingsessionsagain
rmf/etc/shutmsg
else
echonWasnotsuspended
fi
echo
;;
*)
echonUsage:${start|stop|restart|status|reread|resume
hashftpshut
if;then
echo&#;}&#;
else
echo&#;|suspend}&#;
echo&#;suspendacceptsadditionalargumentswhicharepassedtoftpshut()&#;
fi
exit
esac
if;then
shift
$$*
fi
exit
================+================+=================
#chomd/etc/initd/proftpd
#chkconfig–addproftpd
#chkconfigproftpdon
到这里ftp服务器端安装设置完毕登陆服务器的客户端我用了完全免费的FileZilla(前两天网上看到说FileZilla支持SSL不错)FileZilla的设置也比较简单本服务器支持两种客户端加密连接方式
FTPoverssl(显示加密)方式连接
FTPovertls(显示加密)方式连接
如下图所示
alt= src=http://imgeducitycn/img_///jpg >
FTP over tls (显示加密)
alt= src=http://imgeducitycn/img_///jpg >
FTP over ssl (显示加密)
