FreeBSD(9.2) - PureFTPd

By -
Installing from binary package:

If you don't need to use SSL, you can install it from binary package:
root@freebsd:~ # pkg install pure-ftpd

If you need to use SSL, you have to install it from ports, because the package is not compiled with SSL support:
root@freebsd:~ # /usr/local/sbin/pure-ftpd -g/var/run/pure-ftpd.pid -A -c50 -B -C8 -D -E -fftp -H -I15 -lpuredb:/usr/local/etc/pureftpd.pdb -L10000:8 -m4 -p30000:50000 -s -U113:002 -u100 -k99 -Z -Y2 -4
pure-ftpd: invalid option -- Y
pure-ftpd: invalid option -- 2
root@freebsd:~ # ldd /usr/local/sbin/pure-ftpd
/usr/local/sbin/pure-ftpd:
        libcrypt.so.5 => /lib/libcrypt.so.5 (0x801239000)
        libpam.so.5 => /usr/lib/libpam.so.5 (0x801458000)
        libc.so.7 => /lib/libc.so.7 (0x80081b000)

Installing from ports:

 Go to the pure-ftpd directory from the ports tree and tun "make install". Don't forget to check the SSL/TLS box:
root@freebsd:~ # cd /usr/ports/ftp/pure-ftpd/
root@freebsd:/usr/ports/ftp/pure-ftpd # make install
Generating SSL certificate:
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem
Testing with lftp: 

If you need to connect using lftp to a ftp server that requires SSL, you have to set a few lftp parameters:
root@freeBSD92:~ # cat ~/.lftprc
set ftp:ssl-allow true
set ftp:ssl-force true
set ftp:ssl-protect-data true
set ftp:ssl-protect-list true
set ssl:verify-certificate no
If you do not set these parameters, you will get a error like "[Delaying before reconnect: XX]" or "Fatal error: SSL_connect: self signed certificate", if you are using a self signed certificate.



Comments

Post a Comment

Popular posts from this blog

JunOS - mount USB stick

By -
There are times when you have to use a USB stick to copy to or from it files to a Juniper router/switch. Fortunetly it will not be to very frequently, but there will be a time when you will need it. JunOS being a UNIX( FreeBSD ) based OS, you have to identify and mount the device attached. First, you have to check the device name, so you can identify it on /dev: smocanu@j2350> show log messages | match mass May 16 15:25:45  j2350 /kernel: umass0: Kingston DataTraveler SE9, rev 2.00/1.00, addr 2 May 16 15:25:46  j2350 /kernel: da0 at umass-sim0 bus 0 target 0 lun 0 Then you have to verify the partition number, usually it is the first one: smocanu@j2350> start shell % ls -las /dev/da0 /dev/da0 /dev/da0s1 Now you can mount your USB stick: % mkdir /var/tmp/usb % mount_msdosfs /dev/da0s1 /var/tmp/usb Once your USB stick is mounted, you can copy to/from it files, using /var/tmp/usb path. Do not forget that you have to umount the USB storage, before remov...
Read more

SSH: Generating and using SSH keys

By -
Image
One of the preferred method of authentication on network devices is using SSH with a SSH public key. In order to be able to authenticate yourself, you have to generate a SSH key pair. A SSH key is composed of two parts, one private key (which should remain "private" and also should be password protected ) and one public key which should be installed on the SSH server in order to authenticate you. SSH client on Linux: In order to generate a SSH key pair on Linux, you will need to use "ssh-keygen" tool, which is a part of the "openssh-client" package on Debian-like operating systems: smocanu@debian7:~$ dpkg -S $(which ssh-keygen) openssh-client: /usr/bin/ssh-keygen or a part of "openssh" package on RedHat-like operating systems: smocanu@centos6 ~$ rpm -qf $(which ssh-keygen) openssh-5.3p1-94.el6.x86_64 The generating process is quite simple, just run the "ssh-keygen" command, and it will ask you the location of the new key ...
Read more

JunOS - loging on secondary node of a cluster and copying file between nodes

By -
First at all you have to know that you should be able to login to a secondary node of a J/SRX cluster using OOB( out of band management interface - fxp0 ), but, if this is not possible you can do it from the primary node. In my case there is a cluster of SRX240H2. You have to login into the cluster and check the status of it: smocanu@srx240h2# run show chassis cluster status Cluster ID: 1 Node                  Priority          Status    Preempt  Manual failover Redundancy group: 0 , Failover count: 1     node0                   100         primary        no       no     node1     ...
Read more