Ftp

Proftpd 配置在不同埠上同時執行 ftp/ftes ftps 和 sftp

  • September 13, 2017

我已經編譯了帶有 ftp、ftps、sftp 和 mysql 身份驗證的 proftpd 1.3.4d 版本。

到目前為止,我可以同時在埠210ftpftpes211上工作sftp

ServerName                      "ProFTPD self contained package"
ServerType                      inetd
Port                            211
UseIPv6                         off
Umask                           022
User                    nobody
Group                   nobody
allowOverwrite          on
SystemLog                       none

<Limit SITE_CHMOD>
 DenyAll
</Limit>

<Global>
DefaultRoot ~
</Global>

<VirtualHost 0.0.0.0>
      Port 210
      SQLUserWhereClause              " (allowed = 'both' OR allowed = 'ftp') "
</VirtualHost>

<IfModule mod_sftp.c>
 <VirtualHost 0.0.0.0>
       SFTPEngine on
       SFTPLog  none
       Port 211
       SFTPHostKey /etc/ssh/ssh_host_dsa_key
       SFTPHostKey /etc/ssh/ssh_host_rsa_key
       SFTPAuthorizedUserKeys file:../etc/ssh/authorized_keys
       SQLUserWhereClause              " (allowed = 'both' OR allowed = 'sftp') "
       SFTPCompression delayed
       MaxLoginAttempts 6
 </VirtualHost>
</IfModule>

<IfModule mod_dso.c>
   LoadModule mod_tls.c
</IfModule>

<IfModule mod_tls.c>    
   TLSEngine on
   TLSLog /usr/local/proftpd/var/log/etls.log
   TLSRequired on
   TLSRSACertificateFile /usr/local/proftpd/etc/proftpd.cert.pem
   TLSRSACertificateKeyFile /usr/local/proftpd/etc/proftpd.key.pem
   TLSVerifyClient off
   TLSRenegotiate none
   TLSProtocol SSLv3 TLSv1
</IfModule>

這是我想做的事情,我不想像這樣添加一個 VirtualHost:

<VirtualHost 0.0.0.0>
      Port 214
      TLSOptions UseImplicitSSL
</VirtualHost>

只有ftps當我嘗試新的虛擬主機時才能讓虛擬主機接受它根本不工作,ftp ftpes並且ftps幾乎可以工作但無法完成身份驗證。

我的問題首先是您是否對我的配置發表評論(但這是可選的)。

不,真正的問題是

我想要實現的目標是否可行,如果可能的話如何實現?

這是可能的,這是我的配置文件:

#-----------------------------------------------------------------------
# Server Configuration: those parameters cannot be elsewhere
#-----------------------------------------------------------------------
ServerName                          "ftp daemon"
ServerType                          inetd
UseIPv6                             off

# Bar use of SITE CHMOD by default
<Limit SITE_CHMOD>
       DenyAll
</Limit>

SystemLog                           none
LogFormat                           authentication "%{%F %T}t %P  from: %a to: %{protocol}:%H:%p  user: %U       msg: %S"
LogFormat                           transfer       "%{%F %T}t %P  from: %a to: %{protocol}:%H:%p  user: %U       file: %f        cmd: %m %J"

ScoreboardFile                      /local/proftpd/var/proftpd.scoreboard


TLSProtocol                         SSLv3 TLSv1

<Global>
   #-----------------------------------------------------------------------
   # Generic Configuration
   #-----------------------------------------------------------------------
   DefaultRoot                         ~
   Umask                               022
   allowOverwrite                      on
   User                                nobody
   Group                               nobody
   ExtendedLog                         /var/log/proftpd_auth.log AUTH,EXIT,SEC authentication
   ExtendedLog                         /var/log/proftpd_xfer.log READ,WRITE transfer
   AuthOrder                           mod_sql.c mod_auth_unix.c mod_auth_pam.c

   #-----------------------------------------------------------------------
   # TLS Configuration
   #-----------------------------------------------------------------------
   TLSEngine                                               off
   TLSRSACertificateFile           /usr/local/proftpd/etc/proftpd.cert.pem
   TLSRSACertificateKeyFile        /usr/local/proftpd/etc/proftpd.key.pem
   TLSLog                                                  none
   TLSVerifyClient                                 off
   TLSRenegotiate                                  none
   TLSRequired                                     off
</Global>

# -----------------------------------------------------------------------------
#    __ _              __   __ _         _____ _____                    __
#   / _| |            / /  / _| |       |  ___/  ___|                  / _|
#  | |_| |_ _ __     / /  | |_| |_ _ __ | |__ \ `--.    ___ ___  _ __ | |_
#  |  _| __| '_ \   / /   |  _| __| '_ \|  __| `--. \  / __/ _ \| '_ \|  _|
#  | | | |_| |_) | / /    | | | |_| |_) | |___/\__/ / | (_| (_) | | | | |
#  |_|  \__| .__/ /_/     |_|  \__| .__/\____/\____/   \___\___/|_| |_|_|
#          | |                    | |
#          |_|                    |_|
# -----------------------------------------------------------------------------
<VirtualHost 0.0.0.0>
   Port                                    210
   TLSEngine                               on
</VirtualHost>

# -----------------------------------------------------------------------------
#    __ _         _____                    __
#   / _| |       /  ___|                  / _|
#  | |_| |_ _ __ \ `--.    ___ ___  _ __ | |_
#  |  _| __| '_ \ `--. \  / __/ _ \| '_ \|  _|
#  | | | |_| |_) /\__/ / | (_| (_) | | | | |
#  |_|  \__| .__/\____/   \___\___/|_| |_|_|
#          | |
#          |_|
# -----------------------------------------------------------------------------
<VirtualHost 0.0.0.0>
   Port                                    214
   TLSEngine                               on
   TLSOptions                              UseImplicitSSL
</VirtualHost>

# -----------------------------------------------------------------------------
#   _____  __ _                            __
#  /  ___|/ _| |                          / _|
#  \ `--.| |_| |_ _ __     ___ ___  _ __ | |_
#   `--. \  _| __| '_ \   / __/ _ \| '_ \|  _|
#  /\__/ / | | |_| |_) | | (_| (_) | | | | |
#  \____/|_|  \__| .__/   \___\___/|_| |_|_|
#                | |
#                |_|
# -----------------------------------------------------------------------------
<IfModule mod_sftp.c>
   <VirtualHost 0.0.0.0>
       Port                                    211
       SFTPEngine                              on
       SFTPLog                                 none
       SFTPHostKey                     /etc/ssh/ssh_host_dsa_key
       SFTPHostKey                     /etc/ssh/ssh_host_rsa_key
       SFTPAuthorizedUserKeys  file:../etc/ssh/authorized_keys
       SFTPCompression                 delayed
       MaxLoginAttempts                6
   </VirtualHost>
</IfModule>  

引用自:https://serverfault.com/questions/570961