Certificat SSL proFTPD
Résolu
Utilisateur anonyme
-
zipe31 Messages postés 34620 Date d'inscription Statut Contributeur Dernière intervention -
zipe31 Messages postés 34620 Date d'inscription Statut Contributeur Dernière intervention -
Bonjour !
J'ai un serveur ftp avec proFTPD sur une machine Debian.
J'aimerais savoir comment créer et ajouter un certificat SSL/TLS pour sécuriser la connexion entre client et serveur.
J'ai fait quelques recherche sur l'outil internet pour avoir réponse à ma question, mais ça a bien foirer.
J'ai un serveur ftp avec proFTPD sur une machine Debian.
J'aimerais savoir comment créer et ajouter un certificat SSL/TLS pour sécuriser la connexion entre client et serveur.
J'ai fait quelques recherche sur l'outil internet pour avoir réponse à ma question, mais ça a bien foirer.
1 réponse
-
-
J'ai fait quelques recherche sur l'outil internet pour avoir réponse à ma question, mais ça a bien foirer.
J'ai déjà regardé sur plusieurs sites, et c'est toujours la même chose, j'ai une erreur.
Et je ne trouve pas la solution..
log:
07:35:01 Statut : Connexion à 192.168.**.**:21...
07:35:01 Statut : Connexion établie, attente du message d'accueil...
07:35:01 Statut : Initialisation de TLS...
07:35:01 Erreur : Réception d'une alerte TLS à partir du serveur : Handshake failed (40)
07:35:01 Statut : Échec de la tentative de connexion avec "ECONNABORTED - Connexion annulée".
07:35:01 Erreur : Impossible d'établir une connexion au serveur
07:35:01 Statut : Attente avant nouvel essai...
07:35:06 Statut : Connexion à 192.168.**.**:21...
07:35:06 Statut : Connexion établie, attente du message d'accueil...
07:35:06 Réponse : 220 ProFTPD Server (***** ****** *****) [192.168.**.**]
07:35:06 Commande : AUTH TLS
07:35:06 Réponse : 234 AUTH TLS successful
07:35:06 Statut : Initialisation de TLS...
07:35:06 Erreur : Réception d'une alerte TLS à partir du serveur : Handshake failed (40)
07:35:06 Statut : Échec de la tentative de connexion avec "ECONNABORTED - Connexion annulée". -
-
Oui déso..
J'ai suivi des tutos sur ces sites (malgré qu'ils se ressemblent un peu):
https://doc.ubuntu-fr.org/proftpd_et_tls_ssl
https://www.howtoforge.com/tutorial/install-proftpd-with-tls-on-ubuntu-16-04/#-enable-tls-in-proftpd
https://websiteforstudents.com/configure-proftpd-use-ssltls-certificates-ubuntu-17-04-17-10/
https://www.barrekevin.com/2018/05/23/installation-serveur-ftp-proftpd-ssl/
Et oui, les tentatives de connexion se font en local, avec FileZilla. -
-
Je ne sais pas quelle version je dois t'envoyer.
-Soit la version avec les options pour le SSL
-Soit la version sans SSL.
Comme je veux accèder à mon serv (même sans sécu (pour l'instant)) j'ai remis le fichier sans SSL, ce qui donne:
# # /etc/proftpd/proftpd.conf -- This is a basic ProFTPD configuration file. # To really apply changes, reload proftpd after modifications, if # it runs in daemon mode. It is not required in inetd/xinetd mode. # # Includes DSO modules Include /etc/proftpd/modules.conf # Set off to disable IPv6 support which is annoying on IPv4 only boxes. UseIPv6 off # If set on you can experience a longer connection delay in many cases. IdentLookups off ServerName "Le Nom Du Serveur" # Set to inetd only if you would run proftpd by inetd/xinetd. # Read README.Debian for more information on proper configuration. ServerType standalone DeferWelcome off MultilineRFC2228 on DefaultServer on ShowSymlinks on TimeoutNoTransfer 5000 TimeoutStalled 1200 TimeoutIdle 5000 DisplayLogin welcome.msg DisplayChdir .message true ListOptions "-l" DenyFilter \*.*/ # Use this to jail all users in their homes DefaultRoot ~ # Users require a valid shell listed in /etc/shells to login. # Use this directive to release that constrain. # RequireValidShell off # Port 21 is the standard FTP port. Port 21 # In some cases you have to specify passive ports range to by-pass # firewall limitations. Ephemeral ports can be used for that, but # feel free to use a more narrow range. # PassivePorts 49152 65534 # If your host was NATted, this option is useful in order to # allow passive tranfers to work. You have to use your public # address and opening the passive ports used on your firewall as well. # MasqueradeAddress 1.2.3.4 # This is useful for masquerading address with dynamic IPs: # refresh any configured MasqueradeAddress directives every 8 hours <IfModule mod_dynmasq.c> # DynMasqRefresh 28800 </IfModule> # To prevent DoS attacks, set the maximum number of child processes # to 30. If you need to allow more than 30 concurrent connections # at once, simply increase this value. Note that this ONLY works # in standalone mode, in inetd mode you should use an inetd server # that allows you to limit maximum number of processes per service # (such as xinetd) MaxInstances 30 # Set the user and group that the server normally runs at. User proftpd Group nogroup # Umask 022 is a good standard umask to prevent new files and dirs # (second parm) from being group and world writable. Umask 022 022 # Normally, we want files to be overwriteable. AllowOverwrite on # Uncomment this if you are using NIS or LDAP via NSS to retrieve passwords: # PersistentPasswd off # This is required to use both PAM-based authentication and local passwords # AuthOrder mod_auth_pam.c* mod_auth_unix.c # Be warned: use of this directive impacts CPU average load! # Uncomment this if you like to see progress and transfer rate with ftpwho # in downloads. That is not needed for uploads rates. # # UseSendFile off TransferLog /var/log/proftpd/xferlog SystemLog /var/log/proftpd/proftpd.log # Logging onto /var/log/lastlog is enabled but set to off by default #UseLastlog on # In order to keep log file dates consistent after chroot, use timezone info # from /etc/localtime. If this is not set, and proftpd is configured to # chroot (e.g. DefaultRoot or <Anonymous>), it will use the non-daylight # savings timezone regardless of whether DST is in effect. #SetEnv TZ :/etc/localtime <IfModule mod_quotatab.c> QuotaEngine off </IfModule> <IfModule mod_ratio.c> Ratios off </IfModule> # Delay engine reduces impact of the so-called Timing Attack described in # http://www.securityfocus.com/bid/11430/discuss # It is on by default. <IfModule mod_delay.c> DelayEngine on </IfModule> <IfModule mod_ctrls.c> ControlsEngine off ControlsMaxClients 2 ControlsLog /var/log/proftpd/controls.log ControlsInterval 5 ControlsSocket /var/run/proftpd/proftpd.sock </IfModule> <IfModule mod_ctrls_admin.c> AdminControlsEngine off </IfModule> # # Alternative authentication frameworks # #Include /etc/proftpd/ldap.conf #Include /etc/proftpd/sql.conf # # This is used for FTPS connections # #Include /etc/proftpd/tls.conf # # Useful to keep VirtualHost/VirtualRoot directives separated # #Include /etc/proftpd/virtuals.conf # A basic anonymous configuration, no upload directories. # <Anonymous ~[/contents/519-le-protocole-ftp-file-transfer-protocol ftp]> # User ftp # Group nogroup # # We want clients to be able to login with "anonymous" as well as "ftp" # UserAlias anonymous ftp # # Cosmetic changes, all files belongs to ftp user # DirFakeUser on ftp # DirFakeGroup on ftp # # RequireValidShell off # # # Limit the maximum number of anonymous logins # MaxClients 10 # # # We want 'welcome.msg' displayed at login, and '.message' displayed # # in each newly chdired directory. # DisplayLogin welcome.msg # DisplayChdir .message # # # Limit WRITE everywhere in the anonymous chroot # <Directory *> # <Limit WRITE> # DenyAll # </Limit> # </Directory> # # # Uncomment this if you're brave. # # <Directory incoming> # # # Umask 022 is a good standard umask to prevent new files and dirs # # # (second parm) from being group and world writable. # # Umask 022 022 # # <Limit READ WRITE> # # DenyAll # # </Limit> # # <Limit STOR> # # AllowAll # # </Limit> # # </Directory> # # </Anonymous> # Include other custom configuration files # Allow Transfer Resume AllowStoreRestart on AllowRetrieveRestart on
-