我已经编译了 proftpd 1.3.4d 版本,其中包含 ftp、ftps、sftp 和 mysql 身份验证。
到目前为止,我可以同时在端口210: ftp和端口ftpes上工作。 211sftp
ServerName "ProFTPD self contained package"
ServerType inetd
Port 211
UseIPv6 off
Umask 022
User nobody
Group nobody
allowOverwrite on
SystemLog none
<Limit SITE_CHMOD>
DenyAll
</Limit>
<Global>
DefaultRoot ~
</Global>
<VirtualHost 0.0.0.0>
Port 210
SQLUserWhereClause " (allowed = 'both' OR allowed = 'ftp') "
</VirtualHost>
<IfModule mod_sftp.c>
<VirtualHost 0.0.0.0>
SFTPEngine on
SFTPLog none
Port 211
SFTPHostKey /etc/ssh/ssh_host_dsa_key
SFTPHostKey /etc/ssh/ssh_host_rsa_key
SFTPAuthorizedUserKeys file:../etc/ssh/authorized_keys
SQLUserWhereClause " (allowed = 'both' OR allowed = 'sftp') "
SFTPCompression delayed
MaxLoginAttempts 6
</VirtualHost>
</IfModule>
<IfModule mod_dso.c>
LoadModule mod_tls.c
</IfModule>
<IfModule mod_tls.c>
TLSEngine on
TLSLog /usr/local/proftpd/var/log/etls.log
TLSRequired on
TLSRSACertificateFile /usr/local/proftpd/etc/proftpd.cert.pem
TLSRSACertificateKeyFile /usr/local/proftpd/etc/proftpd.key.pem
TLSVerifyClient off
TLSRenegotiate none
TLSProtocol SSLv3 TLSv1
</IfModule>
这就是我想要做的事情,无需添加这样的 VirtualHost:
<VirtualHost 0.0.0.0>
Port 214
TLSOptions UseImplicitSSL
</VirtualHost>
仅当我尝试新的虚拟主机时才让虚拟主机接受,ftps它根本不起作用,ftp ftpes并且ftps几乎可以工作,但无法完成身份验证。
我首先想问的是,您对我的配置有什么意见吗(但这是可选的)。
不,真正的问题是
我想要实现的目标可能吗?如果可能的话,如何实现?
答案1
这是可能的,这是我的配置文件:
#-----------------------------------------------------------------------
# Server Configuration: those parameters cannot be elsewhere
#-----------------------------------------------------------------------
ServerName "ftp daemon"
ServerType inetd
UseIPv6 off
# Bar use of SITE CHMOD by default
<Limit SITE_CHMOD>
DenyAll
</Limit>
SystemLog none
LogFormat authentication "%{%F %T}t %P from: %a to: %{protocol}:%H:%p user: %U msg: %S"
LogFormat transfer "%{%F %T}t %P from: %a to: %{protocol}:%H:%p user: %U file: %f cmd: %m %J"
ScoreboardFile /local/proftpd/var/proftpd.scoreboard
TLSProtocol SSLv3 TLSv1
<Global>
#-----------------------------------------------------------------------
# Generic Configuration
#-----------------------------------------------------------------------
DefaultRoot ~
Umask 022
allowOverwrite on
User nobody
Group nobody
ExtendedLog /var/log/proftpd_auth.log AUTH,EXIT,SEC authentication
ExtendedLog /var/log/proftpd_xfer.log READ,WRITE transfer
AuthOrder mod_sql.c mod_auth_unix.c mod_auth_pam.c
#-----------------------------------------------------------------------
# TLS Configuration
#-----------------------------------------------------------------------
TLSEngine off
TLSRSACertificateFile /usr/local/proftpd/etc/proftpd.cert.pem
TLSRSACertificateKeyFile /usr/local/proftpd/etc/proftpd.key.pem
TLSLog none
TLSVerifyClient off
TLSRenegotiate none
TLSRequired off
</Global>
# -----------------------------------------------------------------------------
# __ _ __ __ _ _____ _____ __
# / _| | / / / _| | | ___/ ___| / _|
# | |_| |_ _ __ / / | |_| |_ _ __ | |__ \ `--. ___ ___ _ __ | |_
# | _| __| '_ \ / / | _| __| '_ \| __| `--. \ / __/ _ \| '_ \| _|
# | | | |_| |_) | / / | | | |_| |_) | |___/\__/ / | (_| (_) | | | | |
# |_| \__| .__/ /_/ |_| \__| .__/\____/\____/ \___\___/|_| |_|_|
# | | | |
# |_| |_|
# -----------------------------------------------------------------------------
<VirtualHost 0.0.0.0>
Port 210
TLSEngine on
</VirtualHost>
# -----------------------------------------------------------------------------
# __ _ _____ __
# / _| | / ___| / _|
# | |_| |_ _ __ \ `--. ___ ___ _ __ | |_
# | _| __| '_ \ `--. \ / __/ _ \| '_ \| _|
# | | | |_| |_) /\__/ / | (_| (_) | | | | |
# |_| \__| .__/\____/ \___\___/|_| |_|_|
# | |
# |_|
# -----------------------------------------------------------------------------
<VirtualHost 0.0.0.0>
Port 214
TLSEngine on
TLSOptions UseImplicitSSL
</VirtualHost>
# -----------------------------------------------------------------------------
# _____ __ _ __
# / ___|/ _| | / _|
# \ `--.| |_| |_ _ __ ___ ___ _ __ | |_
# `--. \ _| __| '_ \ / __/ _ \| '_ \| _|
# /\__/ / | | |_| |_) | | (_| (_) | | | | |
# \____/|_| \__| .__/ \___\___/|_| |_|_|
# | |
# |_|
# -----------------------------------------------------------------------------
<IfModule mod_sftp.c>
<VirtualHost 0.0.0.0>
Port 211
SFTPEngine on
SFTPLog none
SFTPHostKey /etc/ssh/ssh_host_dsa_key
SFTPHostKey /etc/ssh/ssh_host_rsa_key
SFTPAuthorizedUserKeys file:../etc/ssh/authorized_keys
SFTPCompression delayed
MaxLoginAttempts 6
</VirtualHost>
</IfModule>