Bryan

  BlogJava :: 首页 :: 联系 :: 聚合  :: 管理
  37 Posts :: 3 Stories :: 24 Comments :: 0 Trackbacks

 

 1.进入openssl-1.0.0b目录,按照下面的命令安装openssl 文件。可以查阅http://www.cgicentral.net/400CS/Docs/openssl/INSTALL.openssl.html
这个过程需要点时间 
  $ ./config --prefix=/usr/local --openssldir=/usr/local/openssl
  $ make
  $ make test
  $ make install

2. 
进入srp2.1.2 目录
./configure --with-openssl=../openssl-1.0.0b/ --with-pam

3  make ; make install
这样srpopenssl就安装成功了。

如果第一步安装openssl不先运行,在make make install的时候出现下面的错误。原因是t_client.h 引用了t_sha.h,接着又引用了openssl-1.0.0b/inlcude/openssl下面的库文件,但是却没有找到。继续运行下去,还会遇到cannot find -lcrypto的错误。错误信息如下:
ot@localhost srp-2.1.2]# make;
Making all in libsrp
make[1]: Entering directory `/home/bryan/srp-2.1.2/libsrp'
gcc -DHAVE_CONFIG_H -I. -I. -I.   -I../openssl-1.0.0b//include  -fPIC -O -c
t_client.c
In file included from t_client.h:33,
                 from t_client.c:33:
t_sha.h:37:25: openssl/sha.h: No such file or directory
In file included from t_client.h:33,
                 from t_client.c:33:
t_sha.h:39: parse error before "SHA1_CTX"
t_sha.h:39: warning: data definition has no type or storage class
In file included from t_client.c:33:
t_client.h:52: parse error before "SHA1_CTX"
t_client.h:52: warning: no semicolon at end of struct or union
t_client.h:61: parse error before '}' token
t_client.c: In function `t_clientopen':
t_client.c:48: parse error before "ctxt"
t_client.c:91: sizeof applied to an incomplete type

诸如cannot find -lcrypto 这样的错误,查阅相关资料后,需要先安装openssl。。

ot@localhost srp-2.1.2]# make ; make install
Making all in libsrp
make[1]: Entering directory `/home/bryan/srp-2.1.2/libsrp'
gcc -fPIC -O  -o tconf  tconf.o libsrp.a -L../openssl-1.0.0b//lib -L../openssl-1.0.0b/ -lcrypto -ldl -lnsl
/usr/bin/ld: cannot find -lcrypto
collect2: ld returned 1 exit status
make[1]: *** [tconf] Error 1
make[1]: Leaving directory `/home/bryan/srp-2.1.2/libsrp'
make: *** [all-recursive] Error 1
Making install in libsrp
make[1]: Entering directory `/home/bryan/srp-2.1.2/libsrp'
gcc -fPIC -O  -o tconf  tconf.o libsrp.a -L../openssl-1.0.0b//lib -L../openssl-1.0.0b/ -lcrypto -ldl -lnsl
/usr/bin/ld: cannot find -lcrypto
collect2: ld returned 1 exit status
make[1]: *** [tconf] Error 1
make[1]: Leaving directory `/home/bryan/srp-2.1.2/libsrp'
make: *** [install-recursive] Error 1

4.
安装好opensslsrp 后,就可以配置srp ftp server了。首先需要拷贝pam模块到Linux /lib/security :

 cd srp-2.1.2/base/pam_eps

install -m 644 pam_eps_auth.so pam_eps_passwd.so /lib/security

 使用命令:“/usr/local/bin/tconf”创建/etc/tpasswd.conf文件。

5.进入/etc/pam.d,备份system-auth文件,并且修改内容如下:

auth required /lib/security/pam_Unix.so likeauth nullok md5 shadow
auth sufficIEnt /lib/security/pam_eps_auth.so
auth required /lib/security/pam_deny.so
account sufficient /lib/security/pam_unix.so
account required /lib/security/pam_deny.so
password required /lib/security/pam_cracklib.so retry=3
password required /lib/security/pam_eps_passwd.so
password sufficient /lib/security/pam_unix.so nullok use_authtok md5 shadow
password required /lib/security/pam_deny.so
session required /lib/security/pam_limits.so
session required /lib/security/pam_unix.so

6.修改/etc/pam.d/passwd文件如下形式:

auth required /lib/security/pam_stack.so service=system-auth
account required /lib/security/pam_stack.so service=system-auth
password required /lib/security/pam_stack.so service=system-auth

7.建立Ftp客户端和服务器端文件,

cd /srp-2.1.2/ftp
make
make install

建立/etc/xinedd.d/srp-ftp service

service ftp         {
socket_type = stream
wait = no
user = root
server = /usr/local/sbin/ftpd
log_on_success = DURATION USERID
log_on_failure = USERID
nice = 10
disable = no         }

重起xinetd服务

killall -kill xinetd

service xinetd start

8.建立/etc/pam.d/telnet,内容如下:

#%PAM-1.0
auth required /lib/security/pam_listfile.so item=user \
sense=deny file=/etc/ftpusers onerr=succeed
auth required /lib/security/pam_stack.so service=srp-ftp
auth required /lib/security/pam_shells.so
account required /lib/security/pam_stack.so service=srp-ftp
session required /lib/security/pam_stack.so service=srp-ftp

9.修改/etc/pam.d/system-auth文件,之前的用户名和密码将不能用于登陆系统,

需要使用passwd <<username>>来重置密码,将字符串更新到/etc/tpasswd/etc/shadow中。在运行这个命令的时候得保证system-auth文件中每一行最后不能有空格,不然会出现 passwd: error in service module的错误,还有因为Linuxwindow处理回车的方式不同,如果出现错误module is unknown,需要将system-auth每一行最后的回车进行转换,运行下面的命令;

vi system-auth
命令模式下输入
:set fileformat=unix
:w

然后运行passwd更新密码字符串就没有问题了。在我们安装运行命令的时候,可以用tail -f /var/log/message 来捕捉相关的错误信息,做出正确的更正。

现在就可以使用ftp host来使用SRP FTP了。自己这个过程按照网上的配置,但是却遇到很多问题。现在做个记录,以备后用。

ftp 192.168.0.101
Connected to 192.168.0.101.
220 localhost FTP server (SRPftp 1.3) ready.
User (192.168.0.101:(none)): btong
331 Password required for btong.
Password:
230 User btong logged in.
ftp>

参考资料

http://www.ithov.com/Linux/Network/Ftp/83349_3.shtml

http://www.tekbar.net/network-construction/with---srp-to-establish-a-secure-linux-telnet-server.html

posted on 2010-11-18 21:51 Life is no respector of any genius. 阅读(511) 评论(0)  编辑  收藏

只有注册用户登录后才能发表评论。


网站导航: