Das bisschen Englisch kann ich euch wohl zumuten :-) Bin grad zu faul...
-------------------------------------------------------------------------------------------------------------------------------------
So You Want To Install Secure FTP on Proftpd in no Time, eh ?
(Mini-Howto v0.9) by Antitrack/Legend (
antitrack@x-mail.net)
Required: Running Linux installation with openssl installed.
1.) get proftpd 1.2.8
./configure --with-modules=mod_tls
make
su root
make install
2.) make local ssh keys : (as user root)
cp /usr/share/ssl/misc/CA.pl /etc/openldap
cd /etc/openldap
./CA.pl -newca # create Certificate of Authority
./CA.pl -newreq # FQDN name of server needed
openssl rsa -in newreq.pem -out ldapkey.pem # remove password and produce key
mv newcert.pem ldapcert.pem # name the key properly
# three keys were now produced, you can use them in several similar
# situations, these keys are called:
# TLS (RSA) CertificateFile /etc/openldap/ldapcert.pem
# TLS (RSA) CertificateKeyFile /etc/openldap/ldapkey.pem
# TLS (RSA) CACertificateFile /etc/openldap/demoCA/cacert.pem
# ----- <OPTIONAL>: a different way to make only two of these keys:
openssl req -new -x509 -days 365 -nodes \
-out /etc/ftpd/server.cert.pem -keyout /etc/ftpd/server.key.pem
# Note: this key will be valid for a year. You may want to chose more -days.
# ------ </OPTIONAL>
4.) edit /usr/local/etc/proftpd.conf:
<IfModule mod_tls.c>
TLSEngine on
TLSLog /var/log/tls.log
TLSProtocol SSLv23 # this selects the latest crypt version
TLSOptions NoCertRequest # this is REALLY important for WinClients
# Are clients required to use FTP over TLS when talking to this server?
TLSRequired on
# Server's certificate
TLSRSACertificateFile /etc/openldap/ldapcert.pem
TLSRSACertificateKeyFile /etc/openldap/ldapkey.pem
TLSCACertificateFile /etc/openldap/demoCA/cacert.pem
# Authenticate clients that want to use FTP over TLS?
TLSVerifyClient off
</IfModule>
5.) A good free secure ftp windows client is smartftp (
www.smartftp.com).
6.) You may balk at me that I'm not using the CA-Certificate-File properly,
but I don't care, I just want to get this Secure FTP to run.
Explanation: Leaving out the " TLSOptions NoCertRequest" line results in very strange errors, for example: "mod_tls/2.0.5[25512]: unable to accept SSL connection: error:00000001:lib(0):func(0):reason(1)" in /var/log/tls.log.
This error is popping up for connections of Windows- and Unix clients and tunnels alike, if you do not use the "NoCertRequest" option. (Smartftp/Windows, TLSwrap/Linux).
------------ (End of Document)
