FTPS with ProFTPD on Debian – How to Configure

debianftpftpesproftpd

Is there a way to block all normal ftp traffic, and only allow the sftp protocol in sftp?

edit:
sorry my bad!

for secure ftp i must use the ftpes protocol…

Best Answer

If you want to do FTPES with proftpd you basically need to follow 4 steps.

1) Install proftpd and openssl

apt-get install proftpd openssl

2) Generate a cert (assuming you are going to self sign, make sure to match the common name to the ftp site dns name to make clients complain less)

mkdir /etc/proftpd/ssl
openssl req -new -x509 -days 365 -nodes -out /etc/proftpd/ssl/proftpd.cert.pem -keyout /etc/proftpd/ssl/proftpd.key.pem

3) Edit proftpd.conf replace the mod_tls module section of your config with the text below (note the TLSRequired on directive)

<IfModule mod_tls.c>
  TLSEngine                  on
  TLSLog                     /var/log/proftpd/tls.log
  TLSProtocol                SSLv23
  TLSOptions                 NoCertRequest
  TLSRSACertificateFile      /etc/proftpd/ssl/proftpd.cert.pem
  TLSRSACertificateKeyFile   /etc/proftpd/ssl/proftpd.key.pem
  TLSVerifyClient            off
  TLSRequired                on
</IfModule>

4) Restart proftpd

/etc/init.d/proftpd restart

Best Answer

Related Solutions

Ftp – How to enforce secure FTP connections (to a server that allows both secure and unsecure)

Linux – Using proftpd how to disable regular ftp but leave sftp running

Related Topic