ftp over ssl/tls

[Dawn]

Hi,

I found here sever links to instructions how can it be done but they don't work for me. Can anybody give me step by step instructions how it can be done under debian sarge together with plesk 8.0.1 with the rights which I have to set and where should I store the keys.

Please don't tell me the same links which are posted here (http://forum.swsoft.com/showthread.php?s=&threadid=26191&highlight=ftp+tls) about this. And I don't want to do it via SSH because I wan't give shell access to my custom ftp users.

If anybody can help me that would be very nice.

Greets and thanks,
Dawn

 

[Dawn]

Is there really nobody who uses secured ftp on his server? Is it possible that I don't have SSL 2.3? If yes, how can I get my ssl version?

I can't find any fault, so it would be nice if anybody can tell me what else I can try.

Here my /etc/proftpd.conf:

#
# To have more informations about Proftpd configuration
# look at : [url]http://www.proftpd.org/[/url]
#

# This is a basic ProFTPD configuration file (rename it to
# 'proftpd.conf' for actual use.  It establishes a single server
# and a single anonymous login.  It assumes that you have a user/group
# "nobody" and "ftp" for normal operation and anon.

ServerName                      "ProFTPD"
ServerType      inetd
ServerType      inetd
DefaultServer                   on
<Global>
DefaultRoot     ~               psacln
AllowOverwrite          on
</Global>
DefaultTransferMode     binary
UseFtpUsers                     on

# Port 21 is the standard FTP port.
Port                            21

# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask                           022

# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances                    30

#Following part of this config file were generate by PSA automatically
#Any changes in this part will be overwritten by next manipulation
#with Anonymous FTP feature in PSA control panel.

#Include directive should point to place where FTP Virtual Hosts configurations
#preserved

ScoreboardFile /var/run/proftpd/scoreboard

# Primary log file mest be outside of system logrotate province

TransferLog /opt/psa/var/log/xferlog

#Change default group for new files and directories in vhosts dir to psacln

<Directory /var/www/vhosts>
        GroupOwner      psacln
</Directory>

# Enable PAM authentication
AuthPAM on
AuthPAMConfig proftpd

# TLS
TLSEngine on
TLSLog /var/log/tls.log
TLSProtocol SSLv23
TLSOptions NoCertRequest
TLSRSACertificateFile /etc/ssl/certs/proftpd.cert.pem
TLSRSACertificateKeyFile /etc/ssl/certs/proftpd.key.pem
TLSVerifyClient off

ExtendedLog             /var/log/ftp_auth.log AUTH auth
#oder:
ExtendedLog /var/log/ftp_paranoid.log ALL default

# delay on login off
IdentLookups off
UseReverseDNS off

AuthGroupFile   /etc/group

Include /etc/proftpd.include