jano
22.02.08, 23:22
Hallo
Ich habe mir proftpd auf meinen linux-homeserver (SuSe10.3) mit mod_tls kompiliert.
Soweit hat alles geklappt.
Ohne mod_tls läuft der Server super.
Sobald ich aber mod_tls anschalte gibts Probleme:
SmartFTP sagt:
[00:18:13] SmartFTP v2.5.1008.37
[00:18:13] Resolving host name "192.168.0.222"
[00:18:13] Connecting to 192.168.0.222 Port: 21
[00:18:13] Connected to 192.168.0.222.
[00:18:13] 220 ProFTPD 1.3.1 Server (Jan-Network-ProFTP) [192.168.0.222]
[00:18:13] AUTH TLS
[00:18:13] 234 AUTH TLS successful
[00:18:13] Connected. Exchanging encryption keys...
[00:18:13] Eine bestehende Verbindung wurde softwaregesteuert
[00:18:13] durch den Hostcomputer abgebrochen.
[00:18:13] Cannot login waiting to retry (30s)...
[00:18:13] Server closed connection
im tls log steht folgendes:
Feb 21 21:06:51 mod_tls/2.1.2[8976]: using default OpenSSL verification locations (see $SSL_CERT_DIR environment variable)
Feb 21 21:06:51 mod_tls/2.1.2[8976]: TLS/TLS-C requested, starting TLS handshake
Feb 21 21:06:51 mod_tls/2.1.2[8976]: unable to accept TLS connection:
(1) error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
Feb 21 21:06:51 mod_tls/2.1.2[8976]: TLS/TLS-C negotiation failed on control channel
Hier meine proftpd.conf:
# is a basic ProFTPD configuration file (rename it to
# 'proftpd.conf' for actual use. It establishes a single server
# and a single anonymous login. It assumes that you have a user/group
# "nobody" and "ftp" for normal operation and anon.
ServerName "Jan-Network-ProFTP"
ServerType standalone
DefaultServer on
# Port 21 is the standard FTP port.
Port 21
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask 002
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd).
MaxInstances 30
PassivePorts 63000 63999
# Set the user and group under which the server will run.
User ftp
Group ftp
# To cause every FTP user to be "jailed" (chrooted) into their home
# directory, uncomment this line.
DefaultRoot ~
# Normally, we want files to be overwriteable.
AllowOverwrite on
# Bar use of SITE CHMOD by default
<Limit SITE_CHMOD>
AllowUser ftpJan
AllowUser ftpAndy
AllowUser ftptransfer
AllowUser ftpdeuce
DenyAll
</Limit>
# A basic anonymous configuration, no upload directories. If you do not
# want anonymous users, simply delete this entire <Anonymous> section.
#<Anonymous ~ftp>
# User ftp
# Group ftp
#
# # We want clients to be able to login with "anonymous" as well as "ftp"
# UserAlias anonymous ftp
#
# # Limit the maximum number of anonymous logins
# MaxClients 10
#
# # We want 'welcome.msg' displayed at login, and '.message' displayed
# # in each newly chdired directory.
# DisplayLogin welcome.msg
# DisplayFirstChdir .message
#
# # Limit WRITE everywhere in the anonymous chroot
# <Limit WRITE>
# DenyAll
# </Limit>
#</Anonymous>
UseReverseDNS off
IdentLookups off
RequireValidShell off
TransferLog /var/log/proftpd.xferlog
PidFile /var/run/proftpd.pid
ExtendedLog /var/log/proftpd/auth.log AUTH
ExtendedLog /var/log/proftpd/access.log WRITE,READ
UseFtpUsers off
include /etc/proftpd/limit.conf
TransferRate STOR 51200
TransferRate RETR 51200
#<IfModule mod_tls.c>
TLSEngine on
TLSLog /var/log/proftpd/proftpd_tls.log
TLSProtocol TLSv1
TLSRequired on
TLSVerifyClient off
TLSRSACertificateFile /etc/proftpd/ftpcert/host.cert
TLSRSACertificateKeyFile /etc/proftpd/ftpcert/host.key
#</IfModule>
woran kann das liegen?
Gruß
Jan
Ich habe mir proftpd auf meinen linux-homeserver (SuSe10.3) mit mod_tls kompiliert.
Soweit hat alles geklappt.
Ohne mod_tls läuft der Server super.
Sobald ich aber mod_tls anschalte gibts Probleme:
SmartFTP sagt:
[00:18:13] SmartFTP v2.5.1008.37
[00:18:13] Resolving host name "192.168.0.222"
[00:18:13] Connecting to 192.168.0.222 Port: 21
[00:18:13] Connected to 192.168.0.222.
[00:18:13] 220 ProFTPD 1.3.1 Server (Jan-Network-ProFTP) [192.168.0.222]
[00:18:13] AUTH TLS
[00:18:13] 234 AUTH TLS successful
[00:18:13] Connected. Exchanging encryption keys...
[00:18:13] Eine bestehende Verbindung wurde softwaregesteuert
[00:18:13] durch den Hostcomputer abgebrochen.
[00:18:13] Cannot login waiting to retry (30s)...
[00:18:13] Server closed connection
im tls log steht folgendes:
Feb 21 21:06:51 mod_tls/2.1.2[8976]: using default OpenSSL verification locations (see $SSL_CERT_DIR environment variable)
Feb 21 21:06:51 mod_tls/2.1.2[8976]: TLS/TLS-C requested, starting TLS handshake
Feb 21 21:06:51 mod_tls/2.1.2[8976]: unable to accept TLS connection:
(1) error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
Feb 21 21:06:51 mod_tls/2.1.2[8976]: TLS/TLS-C negotiation failed on control channel
Hier meine proftpd.conf:
# is a basic ProFTPD configuration file (rename it to
# 'proftpd.conf' for actual use. It establishes a single server
# and a single anonymous login. It assumes that you have a user/group
# "nobody" and "ftp" for normal operation and anon.
ServerName "Jan-Network-ProFTP"
ServerType standalone
DefaultServer on
# Port 21 is the standard FTP port.
Port 21
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask 002
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd).
MaxInstances 30
PassivePorts 63000 63999
# Set the user and group under which the server will run.
User ftp
Group ftp
# To cause every FTP user to be "jailed" (chrooted) into their home
# directory, uncomment this line.
DefaultRoot ~
# Normally, we want files to be overwriteable.
AllowOverwrite on
# Bar use of SITE CHMOD by default
<Limit SITE_CHMOD>
AllowUser ftpJan
AllowUser ftpAndy
AllowUser ftptransfer
AllowUser ftpdeuce
DenyAll
</Limit>
# A basic anonymous configuration, no upload directories. If you do not
# want anonymous users, simply delete this entire <Anonymous> section.
#<Anonymous ~ftp>
# User ftp
# Group ftp
#
# # We want clients to be able to login with "anonymous" as well as "ftp"
# UserAlias anonymous ftp
#
# # Limit the maximum number of anonymous logins
# MaxClients 10
#
# # We want 'welcome.msg' displayed at login, and '.message' displayed
# # in each newly chdired directory.
# DisplayLogin welcome.msg
# DisplayFirstChdir .message
#
# # Limit WRITE everywhere in the anonymous chroot
# <Limit WRITE>
# DenyAll
# </Limit>
#</Anonymous>
UseReverseDNS off
IdentLookups off
RequireValidShell off
TransferLog /var/log/proftpd.xferlog
PidFile /var/run/proftpd.pid
ExtendedLog /var/log/proftpd/auth.log AUTH
ExtendedLog /var/log/proftpd/access.log WRITE,READ
UseFtpUsers off
include /etc/proftpd/limit.conf
TransferRate STOR 51200
TransferRate RETR 51200
#<IfModule mod_tls.c>
TLSEngine on
TLSLog /var/log/proftpd/proftpd_tls.log
TLSProtocol TLSv1
TLSRequired on
TLSVerifyClient off
TLSRSACertificateFile /etc/proftpd/ftpcert/host.cert
TLSRSACertificateKeyFile /etc/proftpd/ftpcert/host.key
#</IfModule>
woran kann das liegen?
Gruß
Jan