Unixhops linux, howtos, tutorials, guides, linux commands
ProFTP is widely used FTP server among linux servers. ProFTP is used with several industry level control panel like cPanel, Plesk. In this tutorial I will show you, how to configure ProFTP with SSL/TLS and other security aspect.
My test server
Server : CentOS 7 ProFTP : 1.3.5
Step 1 : Install additional repository
CentOS base repository does not contain ProFTP. Enable epel repository to download and install ProFTP.
# yum install epel-release # yum install proftpd
Step 2 : Prepare Certificate
proftpd package does not create additional proftpd configuration directory
# mkdir /etc/proftpd.d/
Generate key and certificate, which will be used for sftp or ftp over SSL/TLS connection
# openssl req -new -x509 -days 3650 -nodes -out /etc/proftpd.d/proftpd.cert.pem -keyout /etc/proftpd.d/proftpd.key.pem Generating a 2048 bit RSA private key ......+++ .........................+++ writing new private key to '/etc/proftpd.d/proftpd.key.pem' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:IN State or Province Name (full name) []:WB Locality Name (eg, city) [Default City]:Kolkata Organization Name (eg, company) [Default Company Ltd]:Omegalab Organizational Unit Name (eg, section) []:IT Common Name (eg, your name or your server's hostname) []:pydl.unixhops.com Email Address []:xyz@unixhops.com
Step 3 : Prepare configuration
Add the following configuration to /etc/proftpd.conf
ServerName "ProFTP"
ServerType standalone
DefaultServer on
<Global>
DefaultRoot ~
AllowOverwrite on
<IfModule mod_tls.c>
TLSEngine on
TLSRequired off
TLSLog /var/log/plesk/ftp_tls.log
TLSRSACertificateFile /etc/proftpd.d/proftpd.cert.pem
TLSRSACertificateKeyFile /etc/proftpd.d/proftpd.key.pem
TLSVerifyClient off
TLSRenegotiate none
TLSOptions NoSessionReuseRequired
</IfModule>
</Global>
DefaultTransferMode binary
UseFtpUsers on
TimesGMT off
SetEnv TZ :/etc/localtime
Port 21
Umask 022
MaxInstances 30
ScoreboardFile /var/run/proftpd.scoreboard
TransferLog /var/log/proftpd/xferlog
AuthPAM on
AuthPAMConfig proftpd
IdentLookups off
UseReverseDNS off
AuthGroupFile /etc/group
RequireValidShell off
Include /etc/proftpd.d/*.conf
Step 4 : Create user with no shell
It is always recommended to use no shell user, create no shell user for ftp authendication
# useradd --shell /bin/false testnoshell # passwd testnoshell
Step 5 : Access FTP
Now try to access the ftp with the created user
Note : If your server is under NAT, add the following lines to the /etc/proftpd.conf
PassivePorts 49152 65534And open the port range 49152-65534 from firewall/router.
Well, that’s all.
If you like this tutorial, comment your valuable feedback.