Article 13109 at 08/05/29 13:23:49 From: jscott (at mark) infoconex.com Subject: [coba-e:13109] Re: FTP - TLS/SSL Support?

Index: [Article Count Order] [Thread]
Date:  Wed, 28 May 2008 21:21:51 -0700
From:  "Jim Scott" <jscott (at mark) infoconex.com>
Subject:  [coba-e:13109] Re: FTP - TLS/SSL Support? - Answer
To:  <coba-e (at mark) bluequartz.org>
Message-Id:  <01ff01c8c143$8583b4f0$0569a8c0@WORK1>
References:  <65BFD6BC-93A9-4CC1-92C7-CD1B7092C90B (at mark) mfc.bakkers.gr.jp> <00ca01c8bd3b$8064f800$0569a8c0 (at mark) WORK1> <032401c8c05c$09220d90$0569a8c0 (at mark) WORK1> <200805282157.28844.bq (at mark) solarspeed.net>
X-Mail-Count: 13109

Thanks Michael. Will be great to have direct support of this feature in the 
base BlueQuartz install. Any chance someone might create in the UI a 
checkbox to enable/disable secure FTP that would automatically make these 
changes?

Jim

----- Original Message ----- 
From: "Michael Stauber" <bq (at mark) solarspeed.net>
To: <coba-e (at mark) bluequartz.org>
Sent: Wednesday, May 28, 2008 12:57 PM
Subject: [coba-e:13108] Re: FTP - TLS/SSL Support? - Answer


> Hi Jim, hi Dan,
>
> Jim wrote:
>> Well I had no takers to help me figure this out so I played around today
>> and figured out how to add SSL/TLS support to the built in proftpd 
>> server.
>> For those interested in the instructions I created a blog which I will
>> begin to add these types of things to. You can find my first how to here.
>>
>> http://coding.infoconex.com/post/BlueQuartz-enabling-SSLTLS-Support.aspx
>>
>> Please let me know if you find anything wrong with the instructions.
>
> That's indeed pretty slick. I'll try it out on a test box and will see if 
> I
> can hack it into base-ftp as official part of BlueQuartz. Good work, Jim!
>
> Dan wrote:
>> 1) Instead of creating your own certificate why not just use the same
>> one as the GUI/sendmail/dovecot uses?  It took some hunting around for
>> the correct files but this looks like it works...
>>
>> TLSRSACertificateFile /etc/admserv/certs/certificate
>> TLSRSACertificateKeyFile /etc/admserv/certs/key
>
> That's also a good suggestion, as it cuts down on the number of certs you 
> have
> to install in various places. If FTP works with the GUI certficate (and I
> guess it does), then this is probably the way to go.
>
> Dan wrote:
>> 2) In the past I have edited proftpd.conf and my changes have been
>> overwritten.  Admittedly this was years ago so things have probably
>> changed now but can someone confirm that changes to proftpd.conf will
>> no longer be lost?
>
> There is a constructor that generates the proftpd.conf when BlueQuartz is
> initialized on first start of CCEd.init (after the install for example). 
> And
> there is also one handler that rewrites proftpd.conf when you add/remove
> sites. To be on the safe side of things here those constructors and 
> handlers
> in base-ftp need to be checked and fixed to make sure that this change
> doesn't get dropped out or causes conflicts. I'll take care of that and 
> will
> submit the updates to SVN. But as I'm a bit busy at the moment this may 
> take
> a few days.
>
> -- 
> With best regards,
>
> Michael Stauber
>
>