Install Proftpd with TLS/SSL

Introduction

PROFTPD with TLS/SSL, In day to day operations a common requirement from most of the teams will be to transfer files. Due to security concern FTP is not allowed to use in most of production environment, so we need to find an alternative way by using SCP, SFTP, FTPS or much more.

In this guide let’s see how to use PROFTPD to transfer files by encrypting all data transfer. PROFTPD used to transfer data’s same as other FTP servers locally and remotely. By default, PROFTPD comes without a secure method of transfer files. To get more secure way to transfer we need to configure it with TLS/SSL certificates.

More FTP and SFTP articles as follows

Preparing to create SSL/TLS certificate

First install the OpenSSL package to create certificate files for Proftpd

# sudo apt-get install openssl -y

Create the certificate file using

# sudo openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/ssl/proftpd.pem -out /etc/ssl/proftpd.pem

Change the permission for the certificate file Only read/write for Root user

# sudo chmod 600 proftpd.pem

Install PROFTPD

Install the Proftpd package using apt by updating the apt cache.

# sudo apt-get update
# sudo apt-get install proftpd -y

Post Install configuration

Once done with the installation we need to make few changes under the prodtpd configuration, In Line 140 un-comment and remove the “#” to use the include line.

Include /etc/proftpd/tls.conf

Change the type to standalone, By default it will be in standalone mode to listen the incoming FTP sessions.

# ServerType standalone

Check for the following contents and change according to our need in “/etc/proftpd/tls.conf

# vim /etc/proftpd/tls.conf
TLSEngine on
TLSLog /var/log/proftpd/tls.log
TLSProtocol SSLv23
TLSRSACertificateFile /etc/ssl/proftpd.pem
TLSRSACertificateKeyFile /etc/ssl/proftpd.pem
TLSOptions NoCertRequest
TLSVerifyClient off
TLSRequired on
TLSRenegotiate required off

Check after post configuration

Before starting with the service first we need to verify for any Syntax error using “-t” option.

# sudo proftpd -t

Restart the service to get activated

# sudo service proftpd restart

We have configured SSL certificate to authenticate in a secure way to transfer files using PROFTPD.

Conclusion:

Proftpd with TLS/SSL: The above steps are simple setup using PROFTPD. There are lot of available directive we can define under proftpd to make it robust in our production environment. Your valuable comments are most welcome.