0

我尝试通过 PHP 将文件上传到运行 ProFTPD 的 FTP 服务器。这以前就像一个魅力。这是代码:

$this->con = ftp_ssl_connect($CFG['BACKUP_FTP_HOST'], $port);
ftp_login($this->con, $CFG['BACKUP_FTP_USER'], $CFG['BACKUP_FTP_PASSWORD']);
ftp_pasv($this->con, true); // Returns true
ftp_put($this->con, "/path/test.txt", __DIR__ . "/test.txt", FTP_ASCII); // Returns false, local file and remote directory exists (FTP_BINARY does not work also)

有几个有趣的 PHP 警告:

Warning: ftp_put(): Unable to build data connection: Operation not permitted

如果我尝试通过 更改被动模式lftp,它也不起作用:

lftp ftp@test.de:/> quote PASV
501 PASV: Operation not permitted

的返回FEAT如下:

211-Features:                
SSCN
SITE COPY
LANG en-US.UTF-8*;en-US
SIZE
PROT
CCC
SITE MKDIR
PBSZ
AUTH TLS
REST STREAM
UTF8
EPRT
SITE SYMLINK
EPSV
SITE UTIME
MDTM
SITE RMDIR
211 End

我认为 FTP 服务器有问题,但其他服务器可以使用该配置。另外,我可以使用 FileZilla 上传文件。使用 PHP,主动模式也不起作用。

我的proftpd.conf 的内容:

# Includes DSO modules
Include /etc/proftpd/modules.conf

# If set on you can experience a longer connection delay in many cases.
<IfModule mod_ident.c>
IdentLookups                    off
</IfModule>

ServerIdent                     off
ServerName                      "FTP Server"
ServerType                      standalone
DeferWelcome                    off

MultilineRFC2228                on
DefaultServer                   on
ShowSymlinks                    on

TimeoutNoTransfer               600
TimeoutStalled                  600
TimeoutIdle                     1200

DisplayLogin                    welcome.msg
DisplayChdir                    .message true
ListOptions                     "-al"

DenyFilter                      \*.*/

# Use this to jail all users in their homes
DefaultRoot                     ~

# Allow continuation of uploads/downloads
AllowRetrieveRestart            On
AllowStoreRestart               On

# Users require a valid shell listed in /etc/shells to login.
# Use this directive to release that constrain.
RequireValidShell               Off

# Port 21 is the standard FTP port.
Port                            21

# Workaround for nasty problem with FileZilla:
<IfModule mod_facts.c>
  FactsAdvertise off
</IfModule>

# Unlimited number of concurrent connections
MaxClients                      none
MaxInstances                    none

# Unlimited number of concurrent connections per IP/user allowed
MaxClientsPerHost               none
MaxClientsPerUser               none
PassivePorts 60000 65535
<IfModule mod_tls.c>
  TLSEngine On

  # Support TLSv1 (no more SSLv3 due to POODLE attack)
  TLSProtocol TLSv1

  # Safe ciphers:
  TLSCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
  # Are clients required to use FTP over TLS when talking to this server?
TLSRequired on
  # Server's certificate
  TLSRSACertificateFile /etc/ssl/certs/proftpd.crt
  TLSRSACertificateKeyFile /etc/ssl/private/proftpd.key
  TLSCertificateChainFile /etc/ssl/certs/proftpd-ca.crt
  TLSDHParamFile /etc/proftpd/dhparams.pem

  # Authenticate clients that want to use FTP over TLS?
  TLSVerifyClient off

</IfModule>

# Virtual FTP users file
AuthUserFile /etc/proftpd/passwd

# Set the user and group that the server normally runs at.
User                            proftpd
Group                           nogroup

# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask                           022  022
# Normally, we want files to be overwriteable.
AllowOverwrite                  on
TransferLog /var/log/proftpd/xferlog
SystemLog   /var/log/proftpd/proftpd.log
<IfModule mod_quotatab.c>
QuotaEngine off
</IfModule>

<IfModule mod_ratio.c>
Ratios off
</IfModule>

# Delay engine reduces impact of the so-called Timing Attack described in
# http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02
# It is on by default.
<IfModule mod_delay.c>
DelayEngine on
</IfModule>
<IfModule mod_ctrls.c>
ControlsEngine        off
ControlsMaxClients    2
ControlsLog           /var/log/proftpd/controls.log
ControlsInterval      5
ControlsSocket        /var/run/proftpd/proftpd.sock
</IfModule>
<IfModule mod_ctrls_admin.c>
AdminControlsEngine off
</IfModule>

# include additional configuration files
Include /etc/proftpd/conf.d/*.conf
# <EOF>-----------------------------------------------------------------------
4

1 回答 1

1

您可以配置一个TLSLog文件,并查看那里记录了哪些附加信息。我怀疑(但TLSLog可能会确认......或不确认)这mod_tls要求您的数据传输连接重用与控制连接上使用的相同的 TLS 会话,并且您的 FTPS 客户端没有这样做。可以通过在配置中使用以下内容来放宽此要求mod_tls

TLSOptions NoSessionReuseRequired

有关此选项的更多信息,请参阅 下的“NoSessionReuseRequired”描述TLSOptions

希望这可以帮助!

于 2016-03-25T20:45:42.347 回答