proftpd zkracuje soubory pri ssl
Jan Jirasko - konference
jj-k na alpy.cz
Neděle Leden 4 19:50:24 CET 2004
Dobry vecer,
mam proftpd s mod_tls, mod_sql_mysql a stava se mi nasledujici vec:
pri zabezpecenem spojeni na datovem kanalu obcas dochazi ke zkracovani prenasenych souboru.
Pokud neni datovy kanal zabezpeceny, tak jsou vsechny prenosy vporadku.
Z logu vypada vse ok.
Verze: proftpd-1.2.9, openssl-0.9.7c
>>> proftpd.conf
ServerName "ftp"
ServerType standalone
DefaultServer on
DeferWelcome off
Bind x.x.x.x
Port 21
Umask 137 027
TimeoutLogin 120
TimeoutIdle 600
TimeoutNoTransfer 900
TimeoutStalled 3600
MaxInstances 30
User ftp
Group www
DefaultRoot ~
UseReverseDNS off
ScoreboardFile /var/run/proftpd.score
TransferLog /var/log/proftpd/xferlog
LogFormat default "%h %l %u %t \"%r\" %s %b"
LogFormat auth "%v [%P] %h %t \"%r\" %s"
LogFormat write "%h %l %u %t \"%r\" %s %b"
ServerAdmin admin na xxx.cz
MaxLoginAttempts 2
RequireValidShell no
MaxClients 50
# Global settings
<Global>
DisplayLogin welcome.msg
DisplayFirstChdir readme
AllowOverwrite yes
IdentLookups off
ExtendedLog /var/log/proftpd/access.log WRITE,READ write
ExtendedLog /var/log/proftpd/auth.log AUTH auth
SQLConnectInfo ftpdb na localhost:3306 user pass
SQLAuthTypes Backend Plaintext
SQLUserInfo user userid passwd uid gid homedir shell
SQLUserWhereClause "LoginAllowed = 1"
RequireValidShell off
SQLAuthenticate users groups usersetfast groupsetfast
SQLGroupInfo groupt groupname gid members
SQLNamedQuery getcount SELECT "count,userid from user where userid='%u'"
SQLNamedQuery updatecount UPDATE "count=count+1 WHERE userid='%u'" user
SQLNamedQuery insertfileinfo INSERT "'%f', %b, '%u@%v', now()" filehistory
SQLShowInfo PASS "230" "You've logged on %{getcount} times, %u"
SQLLog PASS updatecount
SQLLog RETR, STOR insertfileinfo
SQLRatios on
SQLRatioStats on
</Global>
# SSL
<IfModule mod_tls.c>
TLSEngine on
TLSRequired ctrl
TLSLog /var/log/proftpd/tls.log
TLSProtocol TLSv1
TLSRSACertificateFile /usr/share/ssl/certs/cert.crt
TLSRSACertificateKeyFile /usr/share/ssl/private/cert.key
TLSCipherSuite "RSA"
TLSProtocol SSLv23
TLSVerifyClient off
</IfModule>
<VirtualHost x.x.x.x>
ServerName "Secure ftp"
Port 990
TLSEngine on
TLSRequired on
TLSRSACertificateFile /usr/share/ssl/certs/cert.crt
TLSRSACertificateKeyFile /usr/share/ssl/private/cert.key
Umask 137 027
DefaultRoot ~
TransferLog /var/log/proftpd/xferlog.ssl
TLSCipherSuite "RSA"
TLSVerifyClient off
</VirtualHost>
<<< proftpd.conf
Bohuzel FileZilla nepodporuje nesifrovany prenos na datovem kanale pri sifrovani na prikazovem kanale a kuli bezpecnosti by bylo dobre, aby hesla byla sifrovana.
Ma nekdo nejaky napad jak vyresit ono zkracovani souboru?
Dekuji
Jan Jirasko
Další informace o konferenci Linux