use sftp

2017-06-13 15:36:25 +02:00 · 2017-06-13 15:36:25 +02:00 · bd7346b842
commit bd7346b842
parent 23e6d54867
6 changed files with 30 additions and 51 deletions
--- a/rootfs/etc/confd/templates/proftpd.conf.tmpl
+++ b/rootfs/etc/confd/templates/proftpd.conf.tmpl
@ -1,7 +1,7 @@
 ServerName "{{getenv "SERVER_NAME"}}"
 ServerType standalone
 DefaultServer on
-Port 21
+Port 22
 UseIPv6 off
 Umask 006 007
 MaxInstances 30
@ -12,31 +12,22 @@ DefaultChdir /var/lib/proftp/data
 AllowOverwrite on
 RequireValidShell off

-PassivePorts {{getenv "PASSIVE_LOWER_BOUND"}} {{getenv "PASSIVE_UPPER_BOUND"}}
-
 <Limit SITE_CHMOD>
  DenyAll
 </Limit>

-<IfModule mod_tls.c>
-    TLSEngine on
-    TLSProtocol {{getenv "TLS_PROTOCOL" "TLSv1.2"}}
-    TLSRequired on
-
-    TLSRSACertificateFile /etc/ssl/proftp/{{getenv "CERT_NAME" "fullchain.pem"}}
-    TLSRSACertificateKeyFile /etc/ssl/proftp/{{getenv "KEY_NAME" "privkey.pem"}}
-
-    TLSVerifyClient off
-    TLSServerCipherPreference on
-    TLSSessionCache internal: 1800
-    TLSCipherSuite {{getenv "TLS_CIPHERS" "AES128+EECDH:AES128+EDH"}}
+<IfModule mod_sftp.c>
+    SFTPEngine on
+    SFTPAuthMethods password
+    SFTPDHParamFile /var/lib/proftp/keys/dhparams.pem
+    SFTPHostKey /var/lib/proftp/keys/ssh_rsa_key
 </IfModule>

 <IfModule mod_ldap.c>
    AuthOrder mod_ldap.c
-    
+
    LDAPAttr uid cn
-    
+
    LDAPServer {{getenv "LDAP_URI"}}
    LDAPUseTLS {{getenv "LDAP_USE_TLS" "on"}}
    LDAPAuthBinds {{getenv "LDAP_USE_AUTH_BIND" "on"}}
--- a/rootfs/etc/cont-init.d/02-dhparam
+++ b/rootfs/etc/cont-init.d/02-dhparam
@ -0,0 +1,5 @@
+#!/usr/bin/with-contenv sh
+
+if [ ! -f /var/lib/proftp/keys/dhparams.pem ]; then
+    openssl dhparam -outform PEM -5 nbits >> /var/lib/proftp/keys/dhparams.pem
+fi
--- a/rootfs/etc/cont-init.d/03-ssh-keys
+++ b/rootfs/etc/cont-init.d/03-ssh-keys
@ -0,0 +1,5 @@
+#!/usr/bin/with-contenv sh
+
+if [ ! -f /var/lib/proftp/keys/ssh_rsa_key ]; then
+    ssh-keygen -b 2048 -t rsa -f /var/lib/proftp/keys/ssh_rsa_key -q -N ""
+fi