[TriLUG] Ftp with SSL
jason at cerient.net
Sun Feb 5 16:25:28 EST 2006
as a follow-up, i got this working for mark using vsftpd. you have to
add ssl_enable to the vsftpd.conf file along with the path to the cert
.pem file. you can then connect using the ftp-ssl client with the -z
furthermore, since this particular server is running behind a openbsd
nat firewall, it was necessary to specify the passive ip address (read:
nat public ip address) in vsftpd.conf so that it could be sent to the
client, otherwise the private ip is sent which naturally fails. then
the min and max port range was specified and the corresponding ports
opened with a rdr pass statement in the firewall's pf.conf. there were
also several changes needed to restrict ftp logons and chroot them to
the users homedir.
in short, it was a helluva lot more complex than using regular sftp
(which requires mothing more than forwarding port 22) but that's how it
had to be. the one benefit is that this approach does provide a way to
chroot the user to a particular directory and doesn't require a logon shell.
Mark Freeze wrote:
> Does anyone have Proftpd running with the SSL/TLS mods installed?
> If not, is anyone running sftp with ssl vs. ssh?
More information about the TriLUG