Franki wrote:
Hi guys,I've been looking to replace as many un-encrypted connections to my boxes as possible, I've replaced pop3 and imap with their ssl equiv.. and allow only SSH access.[...]Is there such a thing as SSL protected FTP and is it widely supported by FTP clients? can any of the current crop of FTP servers on offer do it out of the box with only config changes? Some FTP servers allow you lock users into specific directories, so if they supported encryption, I'd have my answer.
proftpd has TLS support, you just need to make sure the config (and certificates) are created properly.
# openssl req -new -x509 -days 365 -nodes \
-out /path/to/cert -keyout /path/to/cert
# openssl gendh -rand /dev/urandom 512 >>/path/to/cert
Exert from my proftpd.conf...
<IfModule mod_tls.c>
TLSEngine on # Enable TLS
TLSLog /var/log/xfer-tls.log # Log TLS requests here
TLSProtocol TLSv1 # What SSL/TLS protocols are allowed
TLSRequired on # TLS is required
# Server's certificate/key file
TLSRSACertificateFile /etc/ssl/certs/ftpd.pem
TLSRSACertificateKeyFile /etc/ssl/certs/ftpd.pem
TLSCACertificateFile /etc/ssl/certs/ftpd.pem
# Authenticate clients that want to use FTP over TLS?
TLSVerifyClient off
</IfModule>
And that's it :)
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature