Bryan

 1.进入openssl-1.0.0b目录，按照下面的命令安装openssl 文件。可以查阅http://www.cgicentral.net/400CS/Docs/openssl/INSTALL.openssl.html，
这个过程需要点时间 
  $ ./config --prefix=/usr/local --openssldir=/usr/local/openssl
  $ make
  $ make test
  $ make install

2.  进入srp2.1.2 目录
./configure --with-openssl=../openssl-1.0.0b/ --with-pam

3  make ; make install 这样srp和openssl就安装成功了。

如果第一步安装openssl不先运行，在make 和 make install的时候出现下面的错误。原因是t_client.h 引用了t_sha.h，接着又引用了openssl-1.0.0b/inlcude/openssl下面的库文件，但是却没有找到。继续运行下去，还会遇到cannot find -lcrypto的错误。错误信息如下：
ot@localhost srp-2.1.2]# make;
Making all in libsrp
make[1]: Entering directory `/home/bryan/srp-2.1.2/libsrp'
gcc -DHAVE_CONFIG_H -I. -I. -I.   -I../openssl-1.0.0b//include  -fPIC -O -c
t_client.c
In file included from t_client.h:33,
                 from t_client.c:33:
t_sha.h:37:25: openssl/sha.h: No such file or directory
In file included from t_client.h:33,
                 from t_client.c:33:
t_sha.h:39: parse error before "SHA1_CTX"
t_sha.h:39: warning: data definition has no type or storage class
In file included from t_client.c:33:
t_client.h:52: parse error before "SHA1_CTX"
t_client.h:52: warning: no semicolon at end of struct or union
t_client.h:61: parse error before '}' token
t_client.c: In function `t_clientopen':
t_client.c:48: parse error before "ctxt"
t_client.c:91: sizeof applied to an incomplete type

诸如cannot find -lcrypto 这样的错误，查阅相关资料后，需要先安装openssl。。

ot@localhost srp-2.1.2]# make ; make install
Making all in libsrp
make[1]: Entering directory `/home/bryan/srp-2.1.2/libsrp'
gcc -fPIC -O  -o tconf  tconf.o libsrp.a -L../openssl-1.0.0b//lib -L../openssl-1.0.0b/ -lcrypto -ldl -lnsl
/usr/bin/ld: cannot find -lcrypto
collect2: ld returned 1 exit status
make[1]: *** [tconf] Error 1
make[1]: Leaving directory `/home/bryan/srp-2.1.2/libsrp'
make: *** [all-recursive] Error 1
Making install in libsrp
make[1]: Entering directory `/home/bryan/srp-2.1.2/libsrp'
gcc -fPIC -O  -o tconf  tconf.o libsrp.a -L../openssl-1.0.0b//lib -L../openssl-1.0.0b/ -lcrypto -ldl -lnsl
/usr/bin/ld: cannot find -lcrypto
collect2: ld returned 1 exit status
make[1]: *** [tconf] Error 1
make[1]: Leaving directory `/home/bryan/srp-2.1.2/libsrp'
make: *** [install-recursive] Error 1

4.安装好openssl和srp 后，就可以配置srp ftp server了。首先需要拷贝pam模块到Linux /lib/security 中:

 cd srp-2.1.2/base/pam_eps

install -m 644 pam_eps_auth.so pam_eps_passwd.so /lib/security

 使用命令：“/usr/local/bin/tconf”创建/etc/tpasswd.conf文件。

5.进入/etc/pam.d，备份system-auth文件，并且修改内容如下：

auth required /lib/security/pam_Unix.so likeauth nullok md5 shadow
auth sufficIEnt /lib/security/pam_eps_auth.so
auth required /lib/security/pam_deny.so
account sufficient /lib/security/pam_unix.so
account required /lib/security/pam_deny.so
password required /lib/security/pam_cracklib.so retry=3
password required /lib/security/pam_eps_passwd.so
password sufficient /lib/security/pam_unix.so nullok use_authtok md5 shadow
password required /lib/security/pam_deny.so
session required /lib/security/pam_limits.so
session required /lib/security/pam_unix.so

6.修改/etc/pam.d/passwd文件如下形式：

auth required /lib/security/pam_stack.so service=system-auth
account required /lib/security/pam_stack.so service=system-auth
password required /lib/security/pam_stack.so service=system-auth

7.建立Ftp客户端和服务器端文件，

cd /srp-2.1.2/ftp
make；make install

建立/etc/xinedd.d/srp-ftp service

service ftp         {
socket_type = stream
wait = no
user = root
server = /usr/local/sbin/ftpd
log_on_success = DURATION USERID
log_on_failure = USERID
nice = 10
disable = no         }

重起xinetd服务

killall -kill xinetd

service xinetd start

8.建立/etc/pam.d/telnet，内容如下：

#%PAM-1.0
auth required /lib/security/pam_listfile.so item=user \
sense=deny file=/etc/ftpusers onerr=succeed
auth required /lib/security/pam_stack.so service=srp-ftp
auth required /lib/security/pam_shells.so
account required /lib/security/pam_stack.so service=srp-ftp
session required /lib/security/pam_stack.so service=srp-ftp

9.修改/etc/pam.d/system-auth文件，之前的用户名和密码将不能用于登陆系统，

需要使用passwd <<username>>来重置密码，将字符串更新到/etc/tpasswd和/etc/shadow中。在运行这个命令的时候得保证system-auth文件中每一行最后不能有空格，不然会出现 passwd: error in service module的错误，还有因为Linux和window处理回车的方式不同，如果出现错误module is unknown，需要将system-auth每一行最后的回车进行转换，运行下面的命令；

vi system-auth
命令模式下输入
:set fileformat=unix
:w

然后运行passwd更新密码字符串就没有问题了。在我们安装运行命令的时候，可以用tail -f /var/log/message 来捕捉相关的错误信息，做出正确的更正。

现在就可以使用ftp host来使用SRP FTP了。自己这个过程按照网上的配置，但是却遇到很多问题。现在做个记录，以备后用。

ftp 192.168.0.101
Connected to 192.168.0.101.
220 localhost FTP server (SRPftp 1.3) ready.
User (192.168.0.101:(none)): btong
331 Password required for btong.
Password:
230 User btong logged in.
ftp>

参考资料

http://www.ithov.com/Linux/Network/Ftp/83349_3.shtml

http://www.tekbar.net/network-construction/with---srp-to-establish-a-secure-linux-telnet-server.html