2. use EPSPAM module password authentication (1) first backup/etc/pam.d/system-aut files (2) modify the/etc/pam.d/system-auth file follows: authrequired/lib/security/pam_unix.solikeauthnullokmd5sadow authsufficient/lib/security/pam_eps_aut.so authrequired/lib/security/pam_deny.so accountsufficient/lib/security/pam_unix.so accountrequired/lib/security/pam_deny.so passwordrequired/lib/security/pam_cracklib.soretry = 3 passwordrequired/lib/security/pam_eps_passwd.so passwordsufficient/lib/security/pam_unix.sonullokuse_authtokmd5sadow passwordrequired/lib/security/pam_deny.so sessionrequired/lib/security/pam_limits.so sessionrequired/lib/security/pam_unix.so note the first line in bold above said Pam eps_auth module can meet certification requirements.
The second line boldface indicates the pam_eps_passwd.so PAM module for password management. (3) the standard password is converted to EPS format (4)/etc/pam.d/system-auth profile module pam_eps_passwd.so EPS version of the password verification string/etc/tpasswd file. Modify/etc/pam.dpasswd file follows: authrequired/lib/security/pam_stack.soservice = system-aut accountrequired/lib/security/pam_stack.soservice = system-aut passwordrequired/lib/security/pam_stack.soservice = system-aut 4, start the SRP version of FTP server (1) enter SRP source FTP subdirectories, respectively, the establishment of the FTP server and FTP client file: # cd/usr/src/redhat/SOURCES/srp-2.2.1/tp # make; makeinstall (2) establishment of Super access program/etc/xinetd.d/srp-ftpd reads as follows: servicetp {socket_type = stream wait = no user = root server =/usr/local/sbin/tpd log_on_success += DURATIONUSERID log_on_failure += USERID nice = 10 disable = no} (3) use the command from the new start xinetd # killall-USR1xinetd (4) establish/etc/pam.d/telnet file, contains the following: #% PAM-1.0 authrequired/lib/security/pam_listfile.soitem = user sense = denyfile =/etc/ftpusersonerr = succeed authrequired/lib/security/pam_stack.soservice = srp-tp authrequired/lib/security/pam_shells.so accountrequired/lib/security/pam_stack.soservice = srp-tp sessionrequired/lib/security/pam_stack.soservice = srp-tp ends here now established a use SRP service FTP server. First test locally. The following is a typical session: $ $/usr/local/bin/ftplocalost connectedtolocalhost.intevo.com. 220k2.intevo.comFTPserver(SRPftp1.3)ready. SRPacceptedasauthenticationtype. Name(localhost:kabir):cao SRPPassword:xxxxxxxx SRPauthenticationsucceeded. UsingcipherCAST5_CBCandhashfunctionSA. 200ProtectionlevelsettoPrivate. 232userkabirauthorizedbySRP. 230Userkabirloggedin. RemotesystemtypeisUNIX. Usingbinarymodetotransferile if you want to use in other Linux computer to log on to the FTP server, you need to install the SRP SRP SRP service support and client software. Method is the same as the server side in the SRP. Use the FTP service in SRP is very good the following password formula: NONE (1) BLOWFISH_CBC BLOWFISH_ECB (2) (3) BLOWFISH_OFB64 BLOWFISH_CFB64 (4) (5) CAST5_CBC CAST5_ECB (6) (7) CAST5_OFB64 CAST5_CFB64 (8) (9) DES_ECB (10) DES_CFB64 DES_CBC (11) (12) DES3_ECB DES_OFB64 (13) (14) DES3_CFB64 DES3_CBC (15) (16) DES3_OFB64 (17) the SRP also supports MD5 and SHA hash functions. By default the password using CAST5_CBC SRP and SHA functions. You want to use a different format of the password. You can use the-c or-h option. #/Usr/local/bin/ftp-cblowfish_cfb64 "IP address" in the above command use BLOWFISH_CFB64 password instead of the default CAST5_CBC. #/Usr/local/bin/ftp-hmd5 "IP address" in the above command uses MD5 function instead of the default SHA functions. 5. in a non-Linux platforms using the same SRP SRP client support other popular operating systems (Unix, BSD, Winodws, MacOS). Kermit95 is a work in Windows9x, ME, NT, XP and and2000, OS/2 operating system clients of SRP. Details of the former view related website: http://www.columbia.edu/kermit/k95.html. Summary: detailed SRP works can be found on the site of SRP. The address is http://srp.stanford.edu/srp, here you can get the agreement of the online description http://srp.standford.edu/srp/design.html or is a publication of a technical white paper on SRP http://srp.standford.edu/srp/ftp. The above provides a relative OPENSSH more secure and fast FTP login to remote Linux server, application based on SRP service FTP and other network applications like belonging to a client/server model, once connected, the client can access server provides all the services.
No comments:
Post a Comment