@JS's Notes

Site with notes from my work.

ProFTPD with TLS on Ubuntu 18.10

2019-10-04 System @JS

Requirements: user with root privileges or non-root user with sudo privileges.

ProFTPD - installation and configuration

Update your operating system packages and install ProFTPD:

$ sudo apt update && sudo apt upgrade -y
$ sudo apt install proftpd openssl -y
$ systemctl status proftpd.service
$ sudo systemctl enable proftpd.service

The default configuration files of ProFTPD is located at /etc/proftpd/proftpd.conf. You can change the settings according to your requirements.

ProFTPD protection with TLS

After configuration, You can generate SSL certificates for ProFTPd:

$ sudo openssl req -x509 -newkey rsa:1024 -keyout /etc/ssl/private/proftpd.key -out /etc/ssl/certs/proftpd.crt -nodes -days 365

The above command will generate two files /etc/ssl/private/proftpd.key and /etc/ssl/certs/proftpd.crt. Set permissions for the generated files:

$ sudo chmod 600 /etc/ssl/private/proftpd.key
$ sudo chmod 600 /etc/ssl/certs/proftpd.crt

Next, you need to configure ProFTPD to use SSL certificates. In the file /etc/proftpd/proftpd.conf uncomment the following line:

[...]
Include /etc/proftpd/tls.conf
[...]

In the file /etc/proftpd/tls.conf change the following lines:

TLSRSACertificateFile /etc/ssl/certs/proftpd.crt
TLSRSACertificateKeyFile /etc/ssl/private/proftpd.key
TLSEngine on
TLSLog /var/log/proftpd/tls.log
TLSProtocol SSLv23
TLSRequired on
TLSOptions NoCertRequest EnableDiags NoSessionReuseRequired
TLSVerifyClient off

Restart ProFTPD and check status:

$ sudo systemctl restart proftpd.service
$ systemctl status proftpd.service

Reference: ProFTPD TLS

Ubuntu 18.10
© 2019 - 2020 Created by @JS
Powered by Hugo