淋浴房厂家
免费服务热线

Free service

hotline

010-00000000
淋浴房厂家
热门搜索:
技术资讯
当前位置:首页 > 技术资讯

在LINUX系统上建立FTP加密传输

发布时间:2020-07-21 18:43:51 阅读: 来源:淋浴房厂家

作者:llzqq 联系:llzqq@ 来自: 在众多的FTP服务器中PROFTPD由于它的配置灵活,安装简便。近年来一直受到人们的喜爱。通常情况下FTP包括认证过程,传输是明文传输的,在传输一些敏感数据时总是不能让人放心。今天我在网上找了一些零散的资料结合自己的实作写了个帖子贡献给大家。 下载最新的软件版本: # wget 首先创建ROFTPD运行的用户和组: # groupadd nogroup # useradd –g nogroup –d /dev/null –s /sbin/nologin nobody 首先创建上传下载的用户和组: # groupadd ftp # useradd –g ftp –d /home/down –s /sbin/nologin down # useradd –g ftp –d /home/upload –s /sbin/nologin upload 用户密码设置略 编译安装PROFRPD: # tar –zxvf # cd proftpd-1.3.0rc3 # ./configure --prefix=/usr/local/proftpd --sysconfdir=/etc --enable-autoshadow --localstatedir=/var/run --enable-ctrls --with-modules=mod_tls # make # make install 配置PROFTPD服务器: # vi /etc/nf ================+================+================= # This is a basic ProFTPD configuration file (rename it to # 'nf' for actual use. It establishes a single server # and a single anonymous login. It assumes that you have a user/group # nobody and ftp for normal operation and anon. ServerName llzqq ServerType standalone DefaultServer on AllowRetrieveRestart on AllowStoreRestart on ServerType standalone ServerIdent on SystemLog /var/log/g UseReverseDNS off IdentLookups off RequireValidShell off # Port 21 is the standard FTP port. Port 21 # Umask 022 is a good standard umask to prevent new dirs and files # from being group and world writable. Umask 022 MaxInstances 100 # Set the user and group under which the server will run. User nobody Group nogroup # To cause every FTP user to be jailed (chrooted) into their home # directory, uncomment this line. DefaultRoot ~ # Normally, we want files to be overwriteable. Directory /> AllowOverwrite on /Directory> # We want 'g' displayed at login, and '.message' displayed # in each newly chdired directory. DisplayLogin .welcome DisplayFirstChdir .message # Limit User of being enbled login ftp server Limit LOGIN> AllowGroup ftp DenyAll /Limit> #########################ssl/tls############################ # MOD_TLS SETTING IfModule mod_tls.c> TLSEngine on TLSLog /var/log/g TLSProtocol SSLv23 # Are clients required to use FTP over TLS when talking to this server? TLSRequired ctrl # Server's certificate TLSRSACertificateFile /etc/t TLSRSACertificateKeyFile /etc/y # Authenticate clients that want to use FTP over TLS TLSVerifyClient off #########################ssl/tls############################ Directory /home/down> Limit WRITE> DenyGroup ftp /Limit> TransferRate RETR 150 group ftp /Directory> Directory /home/upload> Limit RMD RNFR DELE RETR> DenyGroup ftp /Limit> TransferRate STOR 150 group ftp /Directory> MaxClientsPerHost 200 PassivePorts 55000 56000 ================+================+================= 创建PROFTPD的日志文件: # touch /var/log/g # touch /var/log/g # chown nobody:nogroup /var/log/g /var/log/g 创建SSL传输的证书和密匙: # cp /usr/share/ssl/f ./ # openssl req -new -x509 -nodes -config f -out t –keyout y 这里安装提示需要输入证书信息略 把证书和密匙复制到指定目录: # cp t y /etc/ 最后创建PROFTPD启动教本: # vi /etc/init.d/proftpd ================+================+================= #!/bin/sh # Startup script for ProFTPD # chkconfig: 345 85 15 # description: ProFTPD is an enhanced FTP server # processname: proftpd # config: /etc/nf # Source function library. . /etc/rc.d/init.d/functions if [ -f /etc/sysconfig/proftpd ]; then . /etc/sysconfig/proftpd fi PATH=$PATH:/usr/local/proftpd/sbin # See how we were called. case $1 in start) echo -n Starting proftpd: daemon proftpd $OPTIONS echo touch /var/lock/subsys/proftpd ;; stop) echo -n Shutting down proftpd: killproc proftpd echo rm -f /var/lock/subsys/proftpd ;; status) status proftpd ;; restart) $0 stop $0 start ;; reread) echo -n Re-reading proftpd config: killproc proftpd -HUP echo ;; suspend) hash ftpshut >/dev/null 2>1 if [ $? = 0 ]; then if [ $# -gt 1 ]; then shift echo -n Suspending with '$*' ftpshut $* else echo -n Suspending NOW ftpshut now Maintanance in progress fi else echo -n No way to suspend fi echo ;; resume) if [ -f /etc/shutmsg ]; then echo -n Allowing sessions again rm -f /etc/shutmsg else echo -n Was not suspended fi echo ;; *) echo -n Usage: $0 {start|stop|restart|status|reread|resume hash ftpshut if [ $? = 1 ]; then echo '}' else echo '|suspend}' echo 'suspend accepts additional arguments which are passed to ftpshut(8)' fi exit 1 esac if [ $# -gt 1 ]; then shift $0 $* fi exit 0 ================+================+================= # chomd 755 /etc/init.d/proftpd # chkconfig –-add proftpd # chkconfig proftpd on 到这里ftp服务器端安装设置完毕,登陆服务器的客户端我用了完全免费的FileZilla(前两天网上看到说FileZilla支持SSL不错)。FileZilla的设置也比较简单。本服务器支持两种客户端加密连接方式: 1. FTP over ssl (显示加密)方式连接。 2. FTP over tls (显示加密) 方式连接

10 Django 中传递参数给视图函数

Android 工程解析及使用

TypeScript 命名空间

相关阅读