proftp server question

craptakular

craptakular

craptakular

Soldato
Joined
7 Jan 2007
Posts
10,607
Location
Sussex, UK
I followed this guide to get proftp working:

http://www.debian-administration.org/article/Setting_up_an_FTP_server_on_Debian

It told me to add this to proftp.conf:

Code: 
<IfModule mod_tls.c>
   TLSEngine on
   TLSLog /var/log/proftpd-tls.log
   TLSProtocol TLSv1

   # Are clients required to use FTP over TLS when talking to this server?
   TLSRequired off

   TLSRSACertificateFile    /etc/proftpd/ftpd-rsa.pem
   TLSRSACertificateKeyFile /etc/proftpd/ftpd-rsa-key.pem
    
   # Authenticate clients that want to use FTP over TLS?
   TLSVerifyClient off
</IfModule>

I added that and started the daemon back up, now in filezilla I can successfully connect to the FTP server via ftp, SFTP & FTPES over explicit TLS/SSL.

Have I successfully setup ssl encryption, if I use the SFTP or FTPES option in filezilla?

I'm a little confused as to what I have done, if I had linked my LAN ip to my ISP IP people could still try to guess my password and login?

My windows PC just imported the key with my user/pass, how do I limit access to my internal PC's only?

Is ssl/TLS only there to stop people "tapping into" my ftp when I am connected to it?
 
I haven't forwarded any ports, except to get static ip's on my home lan.

All my server does is run the following:

NFS, SAMBA, mediatomb (upnp), proftp, transmission-cli and sabnzbd (usenet)

They don't need me to set my lan ip to my ISP one so in theory no one can get at it? Unless they rape my wireless connection?
 
None of my internal lan ip's are linked to my internet IP.

So should I be ok with TLS? I may need to create a stronger user and root password. How would I go about changing them?

I have setup sudo while I install my new server, then I'mm take off sudo once it's all installed.

Additionally I will stop the ftp daemon from launching when server starts up. I will not need to use it often, mostly when Samba goes wrong.



That sound sensible?
 
ok, I'll stick with TLS and shut down FTP when I don't need it.

I am using debian Lenny with the testing repo activated, maybe it's me but it seems to setup the init.d scripts better than when I setup my old server 2 years ago. Mediatomb and transmission daemon scripts work perfectly on this one without having to trawl through google!
 
You must log in or register to reply here.
Back
Top Bottom