1.進入openssl-1.0.0b目錄��,按照下面的命令安裝openssl 文件���。可以查閱http://www.cgicentral.net/400CS/Docs/openssl/INSTALL.openssl.html���,
這個過程需要點時間
$ ./config --prefix=/usr/local --openssldir=/usr/local/openssl
$ make
$ make test
$ make install
2. 進入srp2.1.2 目錄
./configure --with-openssl=../openssl-1.0.0b/ --with-pam
3 make ; make install 這樣srp和openssl就安裝成功了。
如果第一步安裝openssl不先運行,在make 和 make install的時候出現下面的錯誤�。原因是t_client.h 引用了t_sha.h��,接著又引用了openssl-1.0.0b/inlcude/openssl下面的庫文件��,但是卻沒有找到。繼續(xù)運行下去�����,還會遇到cannot find -lcrypto的錯誤���。錯誤信息如下:
ot@localhost srp-2.1.2]# make;
Making all in libsrp
make[1]: Entering directory `/home/bryan/srp-2.1.2/libsrp'
gcc -DHAVE_CONFIG_H -I. -I. -I. -I../openssl-1.0.0b//include -fPIC -O -c
t_client.c
In file included from t_client.h:33,
from t_client.c:33:
t_sha.h:37:25: openssl/sha.h: No such file or directory
In file included from t_client.h:33,
from t_client.c:33:
t_sha.h:39: parse error before "SHA1_CTX"
t_sha.h:39: warning: data definition has no type or storage class
In file included from t_client.c:33:
t_client.h:52: parse error before "SHA1_CTX"
t_client.h:52: warning: no semicolon at end of struct or union
t_client.h:61: parse error before '}' token
t_client.c: In function `t_clientopen':
t_client.c:48: parse error before "ctxt"
t_client.c:91: sizeof applied to an incomplete type
諸如cannot find -lcrypto 這樣的錯誤���,查閱相關資料后��,需要先安裝openssl�����。���。
ot@localhost srp-2.1.2]# make ; make install
Making all in libsrp
make[1]: Entering directory `/home/bryan/srp-2.1.2/libsrp'
gcc -fPIC -O -o tconf tconf.o libsrp.a -L../openssl-1.0.0b//lib -L../openssl-1.0.0b/ -lcrypto -ldl -lnsl
/usr/bin/ld: cannot find -lcrypto
collect2: ld returned 1 exit status
make[1]: *** [tconf] Error 1
make[1]: Leaving directory `/home/bryan/srp-2.1.2/libsrp'
make: *** [all-recursive] Error 1
Making install in libsrp
make[1]: Entering directory `/home/bryan/srp-2.1.2/libsrp'
gcc -fPIC -O -o tconf tconf.o libsrp.a -L../openssl-1.0.0b//lib -L../openssl-1.0.0b/ -lcrypto -ldl -lnsl
/usr/bin/ld: cannot find -lcrypto
collect2: ld returned 1 exit status
make[1]: *** [tconf] Error 1
make[1]: Leaving directory `/home/bryan/srp-2.1.2/libsrp'
make: *** [install-recursive] Error 1
4.安裝好openssl和srp 后���,就可以配置srp ftp server了���。首先需要拷貝pam模塊到Linux /lib/security 中:
cd srp-2.1.2/base/pam_eps
install -m 644 pam_eps_auth.so pam_eps_passwd.so /lib/security
使用命令:“/usr/local/bin/tconf”創(chuàng)建/etc/tpasswd.conf文件�����。
5.進入/etc/pam.d�����,備份system-auth文件,并且修改內容如下:
auth required /lib/security/pam_Unix.so likeauth nullok md5 shadow
auth sufficIEnt /lib/security/pam_eps_auth.so
auth required /lib/security/pam_deny.so
account sufficient /lib/security/pam_unix.so
account required /lib/security/pam_deny.so
password required /lib/security/pam_cracklib.so retry=3
password required /lib/security/pam_eps_passwd.so
password sufficient /lib/security/pam_unix.so nullok use_authtok md5 shadow
password required /lib/security/pam_deny.so
session required /lib/security/pam_limits.so
session required /lib/security/pam_unix.so
6.修改/etc/pam.d/passwd文件如下形式:
auth required /lib/security/pam_stack.so service=system-auth
account required /lib/security/pam_stack.so service=system-auth
password required /lib/security/pam_stack.so service=system-auth
7.建立Ftp客戶端和服務器端文件,
cd /srp-2.1.2/ftp
make;make install
建立/etc/xinedd.d/srp-ftp service
service ftp {
socket_type = stream
wait = no
user = root
server = /usr/local/sbin/ftpd
log_on_success = DURATION USERID
log_on_failure = USERID
nice = 10
disable = no }
重起xinetd服務
killall -kill xinetd
service xinetd start
8.建立/etc/pam.d/telnet�,內容如下:
#%PAM-1.0
auth required /lib/security/pam_listfile.so item=user \
sense=deny file=/etc/ftpusers onerr=succeed
auth required /lib/security/pam_stack.so service=srp-ftp
auth required /lib/security/pam_shells.so
account required /lib/security/pam_stack.so service=srp-ftp
session required /lib/security/pam_stack.so service=srp-ftp
9.修改/etc/pam.d/system-auth文件�����,之前的用戶名和密碼將不能用于登陸系統(tǒng),
需要使用passwd <<username>>來重置密碼,將字符串更新到/etc/tpasswd和/etc/shadow中。在運行這個命令的時候得保證system-auth文件中每一行最后不能有空格��,不然會出現 passwd: error in service module的錯誤����,還有因為Linux和window處理回車的方式不同,如果出現錯誤module is unknown,需要將system-auth每一行最后的回車進行轉換,運行下面的命令;
vi system-auth
命令模式下輸入
:set fileformat=unix
:w
然后運行passwd更新密碼字符串就沒有問題了���。在我們安裝運行命令的時候,可以用tail -f /var/log/message 來捕捉相關的錯誤信息�,做出正確的更正�。
現在就可以使用ftp host來使用SRP FTP了�。自己這個過程按照網上的配置,但是卻遇到很多問題?����,F在做個記錄��,以備后用。
ftp 192.168.0.101
Connected to 192.168.0.101.
220 localhost FTP server (SRPftp 1.3) ready.
User (192.168.0.101:(none)): btong
331 Password required for btong.
Password:
230 User btong logged in.
ftp>
參考資料
http://www.ithov.com/Linux/Network/Ftp/83349_3.shtml
http://www.tekbar.net/network-construction/with---srp-to-establish-a-secure-linux-telnet-server.html