Bonjour, Je tente veinement de configurer vsftpd pour faire du ftps (il est vrai qu'il existe sftp mais c'est pour un autre moment).
j'ai créé un certificat avec les commandes suivantes : /usr/bin/openssl genrsa -des3 4096 > /etc/vsftpd/ssl.key /usr/bin/openssl req -new -key ./ssl.key -x509 -out ./server.crt Dans la config de vsftpd.conf j'ai initialisé les valeurs suivantes : ssl_enable=YES # Only applies if ssl_enable is activated. If enabled, this option will permit SSL v2 protocol # connections. TLS v1 connections are preferred. ssl_sslv2=YES # Only applies if ssl_enable is activated. If enabled, this option will permit SSL v3 protocol # connections. TLS v1 connections are preferred. ssl_sslv3=YES # Only applies if ssl_enable is activated. If enabled, this option will permit TLS v1 protocol # connections. TLS v1 connections are preferred. ssl_tlsv1=YES # This option specifies the location of the RSA certificate to use for SSL encrypted connections. # Default: /usr/share/ssl/certs/vsftpd.pem #rsa_cert_file=/etc/vsftpd/server.crt rsa_cert_file=/etc/vsftpd/ssl.key # This option can be used to select which SSL ciphers vsftpd will allow for encrpyted SSL # connections. See the ciphers man page for further details. Note that restricting ciphers # can be a useful security precaution as it prevents malicious remote parties forcing a # cipher which they have found problems with. ssl_ciphers=des3 # Only applies if ssl_enable is activated. If activated, all non-anonymous # logins are forced to use a secure SSL connection in order to send the password. force_local_logins_ssl=NO # Only applies if ssl_enable is activated. If activated, all non-anonymous # logins are forced to use a secure SSL connection in order to send and # receive data on data connections. force_local_data_ssl=NO Le résultat est le suivant quand je démarre le daemon vsftp : # /usr/sbin/vsftpd 500 OOPS: SSL: cannot load RSA key résultat du strace ci-dessous : Je n'ai point trouvé d'info sur ce genre de config. Y a-t-il quelqu'un qui aurais déjà fait la manip. D'avance merci Martial ############################################### résultat du strace ############################################### stat64("/etc/vsftpd.conf", {st_mode=S_IFREG|0644, st_size=24483, ...}) = 0 open("/etc/vsftpd.conf", O_RDONLY|O_NONBLOCK|O_LARGEFILE) = 3 fstat64(3, {st_mode=S_IFREG|0644, st_size=24483, ...}) = 0 mmap2(NULL, 32768, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x402c9000 mprotect(0x402d0000, 4096, PROT_NONE) = 0 mprotect(0x402c9000, 4096, PROT_NONE) = 0 read(3, "##################\n## Section Se"..., 24483) = 24483 mprotect(0x402c9000, 4096, PROT_READ) = 0 munmap(0x402c9000, 32768) = 0 close(3) = 0 getuid32() = 0 open("/etc/vsftpd/ssl.key", O_RDONLY) = 3 fstat64(3, {st_mode=S_IFREG|0644, st_size=3311, ...}) = 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x402c9000 read(3, "-----BEGIN RSA PRIVATE KEY-----\n"..., 4096) = 3311 read(3, "", 4096) = 0 getpid() = 26731 getpid() = 26731 getpid() = 26731 getpid() = 26731 close(3) = 0 munmap(0x402c9000, 4096) = 0 fcntl64(0, F_GETFL) = 0x8002 (flags O_RDWR| O_LARGEFILE) fcntl64(0, F_SETFL, O_RDWR|O_NONBLOCK|O_LARGEFILE) = 0 write(0, "500 OOPS: ", 10500 OOPS: ) = 10 write(0, "SSL: cannot load RSA key", 24SSL: cannot load RSA key) = 24 write(0, "\r\n", 2 ) = 2 exit_group(1) = ? ############################################### résultat du ldd ############################################### # ldd /usr/sbin/vsftpd libwrap.so.0 => /lib/libwrap.so.0 (0x4001b000) libnsl.so.1 => /lib/tls/libnsl.so.1 (0x40024000) libpam.so.0 => /lib/libpam.so.0 (0x4003a000) libdl.so.2 => /lib/tls/libdl.so.2 (0x40042000) libresolv.so.2 => /lib/tls/libresolv.so.2 (0x40045000) libutil.so.1 => /lib/tls/libutil.so.1 (0x40057000) libcap.so.1 => /lib/libcap.so.1 (0x4005a000) libssl.so.0.9.7 => /usr/lib/i686/cmov/libssl.so.0.9.7 (0x4005e000) libcrypto.so.0.9.7 => /usr/lib/i686/cmov/libcrypto.so.0.9.7 (0x40090000) libc.so.6 => /lib/tls/libc.so.6 (0x4018d000) /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000) -- Martial Paupe IT Department Kudelski Group | Tel direct : +41 21 732 04 55 1033 Cheseaux | E-mail : martial.paupe<AT>nagra.com Switzerland