Ubuntu 8.04 – HowTo enable SSL over FTP with “proftpd”

by The Redneck Geek on Mar.18, 2009, under Linux Operating System, Ubuntu/Debian

Enable TLS/SSL encryption (FTPS) on Ubuntu

Here goes: Short, sweet, and to the point.

  1. Login as root (otherwise you have to use “sudo” with all commands)
  2. Paste these commands in a terminal :
    • apt-get install build-essential
    • apt-get install libssl-dev
    • mkdir /etc/ftpcert
    • cd /etc/ftpcert
    • openssl genrsa -des3 -out server.key 1024
    • openssl req -new -key server.key -out server.csr
    • openssl genrsa -des3 -out ca.key 1024
    • openssl req -new -x509 -days 365 -key ca.key -out ca.crt
    • wget http://frodubuntu.free.fr/ubuntu/sign.sh
    • chmod +x sign.sh
    • ./sign.sh server.csr
  3. Then add this section to yout proftpd.conf file :<IfModule mod_tls.c>
    TLSEngine on
    TLSLog /var/ftpd/tls.log
    TLSProtocol TLSv1# Are clients required to use FTP over TLS when talking to this server?
    TLSRequired off

    # Server’s certificate
    TLSRSACertificateFile /etc/ftpcert/server.crt
    TLSRSACertificateKeyFile /etc/ftpcert/server.key

    # CA the server trusts
    TLSCACertificateFile /etc/ftpcert/ca.crt

    # Authenticate clients that want to use FTP over TLS?
    TLSVerifyClient off
    </IfModule>

Note – Use TLSRequired ON to force the use of TLS. OFF means that the use of TLS is optional.

Optional step:

  • You will notice that you will be asked for the password you set for the server.key file each time you start/stop/restart the server, it is because the RSA private key is encrypted in the server.key file.
  • The solution is to remove the encryption of the RSA private key but it makes the key readable in the server.key file which is obviously less secure, anyway if you do that make sure that the server.key is readable only by root.
  • Once you know that it’s less secure here are the command lines to remove the encryption of the RSA private key :
    • cd /etc/ftpcert
    • cp server.key server.key.org
    • openssl rsa -in server.key.org -out server.key

Here are some links to read in case of problems or just to get more informations :

http://www.modssl.org/docs/2.7/ssl_faq.html#cert-ownca

http://www.castaglia.org/proftpd/doc/contrib/ProFTPD-mini-HOWTO-TLS.html

No tags Leave a Comment more...

openSUSE 10.2: Installing and Running VMware Workstation 6.0

by The Redneck Geek on Feb.22, 2009, under Linux Operating System, VMware

Here is a link to a very good “howto” on installing VMware Workstation 6.0 on OpenSuse 10.2:

http://mrnovell.wordpress.com/2007/04/24/opensuse-102-installing-and-running-vmware-workstation-60/

It also worked well for openSUSE 11.1

No tags Leave a Comment more...

Check us out in this commercial!!

by The Redneck Geek on Feb.13, 2009, under The Redneck Geek

No tags Leave a Comment more...

Install VMware Server 2.0 on Unbuntu 8.04 Server

by The Redneck Geek on Jan.20, 2009, under Linux Operating System, Ubuntu/Debian, VMware

Do the following while logged in as root!!

  1. Download VMware Server: http://www.vmware.com/download/server/
  2. Install some necessary packages:
    • apt-get install linux-headers-`uname -r` build-essential xinetd
  3. From the directory where you downloaded VMware Server:
    • Extract and execute the VMware Install script:
    • tar xvfz VMware-server-*.tar.gz
    • cd vmware-server-distrib
    • ./vmware-install.pl
    • Accept all defaults
  4. Access the VMware Management Interface:
    • https://servername:8333

That’s it, short and sweet!!

No tags Leave a Comment more...

Debian / Ubuntu HowTo setup NFS Drive Sharing

by The Redneck Geek on Jan.16, 2009, under Linux Operating System, Ubuntu/Debian

On the server:
(Note: this howto assumes you are logged in as “root”, and that you have a working knowledge of modifying linux from the terminal window or console)

Make sure you have the NFS Server software installed:

apt-get install nfs-kernel-server nfs-common portmap

Edit /etc/exports to add shares:

Open the file: nano /etc/exports

Add a line for each directory you wish to share:

Example #1: /files 192.168.1.1/24(rw,no_root_squash,async)

This will allow full access to the “/files” directory from any computer on the 192.168.1.0 subnet

Example #2: /files 192.168.1.2 (ro,async)

This will allow read only access to the “/files” directory from the computer at 192.168.1.2 only.

Restart NFS Server process and export new shares:

/etc/init.d/nfs-kernel-server restart

exportfs -a

On the Client:

Make sure that the NFS Client software is installed:

apt-get install portmap nfs-common

Mount a NFS Share manually:

Make sure that the target directory exists on client:

mkdir /files

Mount the share:

mount server.mydomain.com:/files /files

(Note you may need to restart above services:
/etc/init.d/portmap restart
/etc/init.d/nfs-common restart)

Mount the share permanently:

Open /etc/fstab:

nano /etc/fstab

Add a line describing the share you wish to mount:

Example: server.mydomain.com:/files /files nfs rsize=8192,wsize=8192,timeo=14,intr

(Note: It is a good idea to test this before a reboot in case a mistake was made.
type:
mount /files
in a terminal, and the mount point /files will be mounted from the server. )

Note: This information was derived from the following sources:
http://www.cyberciti.biz/tips/ubuntu…nfs-share.html (for client configuration)
http://www.redhat.com/docs/manuals/l…nfs-mount.html (for mounting using fstab)
http://czarism.com/easy-peasy-ubuntu…s-file-sharing (for server configuration)
http://www.freebsd.org/doc/en_US.ISO…twork-nfs.html (contains more info about NFS)

No tags Leave a Comment more...

ASP.NET C# Walthru – Using the Login control for site authentication.

by The Redneck Geek on Nov.04, 2008, under ASP.NET, Web Design / Programming

http://msdn.microsoft.com/en-us/library/879kf95c.aspx

No tags Leave a Comment more...

The Redneck Geek’s new toy!!

by The Redneck Geek on Aug.31, 2008, under The Redneck Geek

Lisa ( my wife ) was looking on Craig’s List Friday night and found a deal on this Kawasaki Vulcan that we could not turn down!!

My wife and Craig’s List ROCK!!!!

It is a 1996 Vulcan “Eighty Eight”, 1500cc V-Twin.

No tags 4 Comments more...

Create ISO image from files on Ubuntu

by The Redneck Geek on Aug.27, 2008, under Linux Operating System, Ubuntu/Debian

from the console applet type “apt-get install isomaster”

This will also allow you to modify existing ISO images.

No tags Leave a Comment more...

Labeling a Disk Partition in Linux

by The Redneck Geek on Aug.22, 2008, under Linux Operating System

There are 6 programs used to label a partition – the program used depends on the partition’s filesystem type:

  • For FAT16 and FAT32 partitions, use mtools.

  • For NTFS partitions, use ntfsprogs.

  • For ext2 or ext3 partitions, use e2label.

  • For JFS partitions, use jfs_tune.

  • For ReiserFS (v3) partitions, use reiserfstune.

  • For XFS partitions, use xfs_admin

No tags Leave a Comment more...

WAN Issues

by The Redneck Geek on Aug.22, 2008, under Linux Operating System, WAN (Wide Area Network), Windows Operating System

Problem #1:

One location on the WAN has it’s own external internet connection. The is a WatchGaurd FireBox x10 that protects that connection. Eleven computers at that location need internet access, but the FireBox only allows ten clients internet access.

Problem #2:

Another location needs to use the above location for internet access, instead of the default route to the internet, so that they can share access to a premium web site.

Problem #1 solved:

Solution:

  • Add Dante Server to an existing Linux workstation at the location so that other computers at that location could use it as a proxy to get to the internet therefore circumventing the “out of licenses” issue with the firewall.
  • I was unable to make Dante act as a proxy for incoming requests to an ip address (the firewall) on the same subnet. So I connected the “optional” network on the firewall to the switch with a different IP subnet than the “internal” network of the firewall. (You can have more than one IP subnet on the same network segment, but they don’t see each other.) Next, I added a second NIC to the workstation running Dante, and attached it to the same network segment, on the same IP subnet as the “optional” network of the firewall.
  • Everything works!!!Here is the working danted.conf file:********* BEGIN DANTED.CONF********************************
    logoutput: danted-server

    internal: eth1 port = 1080
    internal: 127.0.0.1 port = 1080

    external: eth0

    method: username none
    client pass { from: 192.0.0.0/8 port 1-65535 to: 0.0.0.0/0 }
    client pass { from: 127.0.0.0/8 port 1-65535 to: 0.0.0.0/0 }
    pass { from: 192.0.0.0/8 to: 0.0.0.0/0 protocol: tcp udp }
    pass { from: 127.0.0.0/8 to: 0.0.0.0/0 protocol: tcp udp }

    user.privileged: proxy
    user.notprivileged: proxy
    user.libwrap: proxy

    ********* END DANTED.CONF********************************

No tags Leave a Comment more...

  • Sponsored Links

  • Archives

  •  

    September 2010
    M T W T F S S
    « Aug    
     12345
    6789101112
    13141516171819
    20212223242526
    27282930  

  • Categories

  • Recent Posts

  • Meta

    • (c)Copyright 2007-2010, Dale Sanford
    Jarrah theme by Templates Next | Powered by WordPress
    Easy AdSense by Unreal