OVH Community, your new community space.

proftpd with TLS on an EG-09 Max: possible?


sandygws
21-12-2009, 21:53
Thanks Myatu,

I finally got it working by adding 'LoadModule mod_tls.c' to the top of proftpd.conf.

Myatu
21-12-2009, 20:57
Hmm, mod_tls is loaded, but it's not doing anything? I'd say to have a look at the log file first ("/var/log/proftpd/tls.log"). You did restart proftpd after making the modifications, right (noticed "EG-09 Max" instead of "Secure FTP Server")

sandygws
21-12-2009, 20:22
I can install, configure and successfully connect to proftpd using standard FTP, but I can't get TLS/SSL to work:

Response: 220 EG-09 Max
Command: AUTH TLS
Response: 500 AUTH not understood
Command: AUTH SSL
Response: 500 AUTH not understood
Error: Critical error
Error: Could not connect to server
AFAIK, the usual bits and bobs are fine:

# proftpd -l
Compiled-in modules:
mod_core.c
mod_xfer.c
mod_auth_unix.c
mod_auth_file.c
mod_auth.c
mod_ls.c
mod_log.c
mod_site.c
mod_delay.c
mod_facts.c
mod_ident.c
mod_tls.c
mod_cap.c
proftpd -vv
ProFTPD Version: 1.3.2c (maint)
Scoreboard Version: 01040002
Built: Mon Dec 21 19:20:23 CET 2009

Loaded modules:
mod_cap/1.0
mod_tls/2.2.2
mod_ident/1.0
mod_facts/0.1
mod_delay/0.6
mod_site.c
mod_log.c
mod_ls.c
mod_auth.c
mod_auth_file/0.8.3
mod_auth_unix.c
mod_xfer.c
mod_core.c

The key was installed with:

openssl req -new -x509 -days 365 -nodes -out /etc/proftpd/ssl/proftpd.cert.pem -keyout /etc/proftpd/ssl/proftpd.key.pem

/etc/proftpd/proftpd.conf:

ServerType standalone
DefaultServer on
Umask 002
ServerName "xx.xxx.xxx.xx"
ServerIdent on "xxx"
ServerAdmin email@example.org
IdentLookups off
UseReverseDNS off
Port xxxxx
PassivePorts 49152 xxxxx
#MasqueradeAddress None
TimesGMT off
MaxInstances 5
MaxLoginAttempts 3
TimeoutLogin 300
TimeoutNoTransfer 120
TimeoutIdle 120
DisplayLogin welcome.msg
DisplayChdir .message
User xxxxx
Group admin
DirFakeUser on xxxxx
DirFakeGroup on admin
DefaultTransferMode binary
AllowForeignAddress on
AllowRetrieveRestart on
AllowStoreRestart on
DeleteAbortedStores off
TransferRate RETR 0
TransferRate STOR 0
TransferRate STOU 0
TransferRate APPE 0
SystemLog /var/log/secure
RequireValidShell off



DenyALL
AllowUser xxxxx


DefaultRoot ~
IdentLookups off
ServerIdent on "Secure FTP Server"


TLSEngine on
TLSLog /var/log/proftpd/tls.log
TLSProtocol SSLv23
TLSOptions NoCertRequest
TLSRSACertificateFile /etc/proftpd/ssl/proftpd.cert.pem
TLSRSACertificateKeyFile /etc/proftpd/ssl/proftpd.key.pem
TLSVerifyClient off
TLSRequired on
TLSRenegotiate required off

I'm guessing this is likely a Firewall problem, but hope you folks might have some suggestions ...