Hello,
can you help me, how do I configure ftp via ssl in implicit mode. /не могли бы помочь сконфигурировать фтп по ссл/
1.
In /etc/proftp.conf I have added on end of file /добавил в конец файла/
<IfModule mod_tls.c>
TLSEngine on
## TLSOptions UseImplicitSSL
# The "standard" implicit FTPS port is 990
## Port 990
TLSLog /var/log/tls.log
TLSProtocol SSLv23
# Are clients required to use FTP over TLS?
TLSRequired off
# Server's certificate
TLSRSACertificateFile /usr/local/psa/admin/conf/httpsd.pem
TLSRSACertificateKeyFile /usr/local/psa/admin/conf/httpsd.pem
# Authenticate clients that want to use FTP over TLS?
TLSVerifyClient off
# Allow SSL/TLS renegotiations when the client requests them, but
# do not force the renegotations. Some clients do not support
# SSL/TLS renegotiations; when mod_tls forces a renegotiation, these
# clients will close the data connection, or there will be a timeout
# on an idle data connection.
TLSRenegotiate required off
</IfModule>
2.
In FileZilla (client) I have changed settings to "implicit over TLS". But receive error "Не удалось установить соединение с "ECONNREFUSED - Connection refused by server".
I tried with explicit too: in this case I do not get a directory listing
But since setting "implicit over TLS" safer, I have configured it to.
/Я пробовал с настройками explicit, но в этом случае не получаю списка директорий. Но поскольку настройки "implicit over TLS" более безопасные, я бы сконфигурировал именно их./
3.
in ip-tables I have added a rules and after /sbin/iptables -L, I see:
ACCEPT tcp -- anywhere my-sever-name tcp spts:1024:65535 dpt:ftps state NEW,ESTABLISHED
What could be the problem and how do I configure sftp?
/в чём может быть проблема и как мне сконфигурировать sftp/
In log I see:
if I use explicit:
Apr 04 16:14:09 mod_tls/2.4.3[7647]: using default OpenSSL verification locations (see $SSL_CERT_DIR environment variable)
Apr 04 16:14:09 mod_tls/2.4.3[7647]: TLS/TLS-C requested, starting TLS handshake
Apr 04 16:14:09 mod_tls/2.4.3[7647]: client supports secure renegotiations
Apr 04 16:14:09 mod_tls/2.4.3[7647]: TLSv1/SSLv3 connection accepted, using cipher DHE-RSA-AES256-SHA (256 bits)
Apr 04 16:14:10 mod_tls/2.4.3[7647]: Protection set to Private
if I use implicit is nothing logged
Thanks /Спасибо/
can you help me, how do I configure ftp via ssl in implicit mode. /не могли бы помочь сконфигурировать фтп по ссл/
1.
In /etc/proftp.conf I have added on end of file /добавил в конец файла/
<IfModule mod_tls.c>
TLSEngine on
## TLSOptions UseImplicitSSL
# The "standard" implicit FTPS port is 990
## Port 990
TLSLog /var/log/tls.log
TLSProtocol SSLv23
# Are clients required to use FTP over TLS?
TLSRequired off
# Server's certificate
TLSRSACertificateFile /usr/local/psa/admin/conf/httpsd.pem
TLSRSACertificateKeyFile /usr/local/psa/admin/conf/httpsd.pem
# Authenticate clients that want to use FTP over TLS?
TLSVerifyClient off
# Allow SSL/TLS renegotiations when the client requests them, but
# do not force the renegotations. Some clients do not support
# SSL/TLS renegotiations; when mod_tls forces a renegotiation, these
# clients will close the data connection, or there will be a timeout
# on an idle data connection.
TLSRenegotiate required off
</IfModule>
2.
In FileZilla (client) I have changed settings to "implicit over TLS". But receive error "Не удалось установить соединение с "ECONNREFUSED - Connection refused by server".
I tried with explicit too: in this case I do not get a directory listing
But since setting "implicit over TLS" safer, I have configured it to.
/Я пробовал с настройками explicit, но в этом случае не получаю списка директорий. Но поскольку настройки "implicit over TLS" более безопасные, я бы сконфигурировал именно их./
3.
in ip-tables I have added a rules and after /sbin/iptables -L, I see:
ACCEPT tcp -- anywhere my-sever-name tcp spts:1024:65535 dpt:ftps state NEW,ESTABLISHED
What could be the problem and how do I configure sftp?
/в чём может быть проблема и как мне сконфигурировать sftp/
In log I see:
if I use explicit:
Apr 04 16:14:09 mod_tls/2.4.3[7647]: using default OpenSSL verification locations (see $SSL_CERT_DIR environment variable)
Apr 04 16:14:09 mod_tls/2.4.3[7647]: TLS/TLS-C requested, starting TLS handshake
Apr 04 16:14:09 mod_tls/2.4.3[7647]: client supports secure renegotiations
Apr 04 16:14:09 mod_tls/2.4.3[7647]: TLSv1/SSLv3 connection accepted, using cipher DHE-RSA-AES256-SHA (256 bits)
Apr 04 16:14:10 mod_tls/2.4.3[7647]: Protection set to Private
if I use implicit is nothing logged
Thanks /Спасибо/