Solaris 11 PROFTPD with TLS

FTP service already installed on Solaris 11 is PROFTPD.
You can use this FTP server with TLS because mod_tls support is already enabled.
LoadModule mod_tls.c is important at config file /etc/proftpd.conf

 

 

root@server1:~# svcs -p ftp  

STATE          STIME    FMRI

online         Jun_22   svc:/network/ftp:default

               Jun_22       8846 proftpd

root@server1:~# ps -ef | grep 8846

  nobody  8846     1   0   Jun 22 ?           0:14 /usr/lib/inet/proftpd

root@server1:~# /usr/lib/inet/proftpd -v

ProFTPD Version 1.3.5b

root@server1:~# /usr/lib/inet/proftpd -V | grep -i tls

    configure  'CC=/ws/on11update-tools/SUNWspro/sunstudio12.1/bin/cc' 'CXX=/ws/on11update-tools/SUNWspro/sunstudio12.1/bin/CC' '--prefix=/usr' '--mandir=/usr/share/man' '--bindir=/usr/bin' '--libdir=/usr/lib' '--sbindir=/usr/sbin' 'CFLAGS=-m32 -xO4 -xtarget=ultra2 -xarch=sparcvis -xchip=ultra2 -Qoption cg -xregs=no%appl -W2,-xwrap_int  -xmemalign=8s -mt -I/usr/include/kerberosv5 -DHAVE_KRB5_H=1 -DKRB5_DLLIMP= -DHAVE__GETGRPSBYMEMBER -D_SOLARIS_DTRACE' 'LDFLAGS=-m32 -z guidance=nolazyload -z nolazyload -lbsm' 'install_user=ul' 'install_group=gk' '--sysconfdir=/etc' '--localstatedir=/var/run' '--libexecdir=/usr/lib/proftpd' '--enable-ipv6' '--enable-ctrls' '--enable-facl' '--enable-nls' '--enable-dso' '--enable-openssl' '--disable-static' '--with-modules=mod_solaris_audit:mod_solaris_priv' '--with-shared=mod_facl:mod_wrap:mod_tls:mod_auth_gss:mod_gss' '--enable-buffer-size=16384'

root@server1:~#

 

root@server1:~# tail -30 /etc/proftpd.conf

<Limit LOGIN>

Order allow,deny

Allow from 192.168.1.2,192.168.1.3

Deny from all

</Limit>

 

PassivePorts 65024 65124

TimeoutIdle 12000

SystemLog /var/adm/ftp.kutuk

SyslogLevel info

RequireValidShell off

UseFtpUsers     off

UseReverseDNS   off

IdentLookups off

 

LoadModule mod_tls.c       *** THIS LINE IS IMPORTANT FOR TLS

 

<IfModule mod_tls.c>

TLSEngine                  on

TLSLog                     /var/adm/tls.kutuk

TLSProtocol                SSLv23

TLSOptions                 NoCertRequest NoSessionReuseRequired

TLSRenegotiate             none

TLSPassPhraseProvider      /usr/bin/passphrase.ksh

TLSRSACertificateFile      /etc/proftpd/ssl/proftpd.cert.pem

TLSRSACertificateKeyFile   /etc/proftpd/ssl/proftpd.key.pem

TLSVerifyClient            off

TLSRequired                auth

</IfModule>

root@server1:~#

 

root@server1:~# cat /usr/bin/passphrase.ksh

#!/bin/ksh

echo XYz123

root@server1:~#

 

 

*** Please feel free to communicate by bulent.yucesoy@gmail.com