PROFTPD with TLS/SSL, In day to day operations a common requirement from most of the teams will be to transfer files. Due to security concern FTP is not allowed to use in most of production environment, so we need to find an alternative way by using SCP, SFTP, FTPS or much more.
In this guide let’s see how to use PROFTPD to transfer files by encrypting all data transfer. PROFTPD used to transfer data’s same as other FTP servers locally and remotely. By default, PROFTPD comes without a secure method of transfer files. To get more secure way to transfer we need to configure it with TLS/SSL certificates.
More FTP and SFTP articles as follows
- Setting up SFTP with chroot
- Install VSFTPD with SSL/TLS in Ubuntu Server
- How to enable last login information for SFTP chroot or non-chroot users
Preparing to create SSL/TLS certificate
First install the OpenSSL package to create certificate files for Proftpd
# sudo apt-get install openssl -y
Create the certificate file using
# sudo openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/ssl/proftpd.pem -out /etc/ssl/proftpd.pem
Change the permission for the certificate file Only read/write for Root user
# sudo chmod 600 proftpd.pem
Install the Proftpd package using apt by updating the apt cache.
# sudo apt-get update # sudo apt-get install proftpd -y
Post Install configuration
Once done with the installation we need to make few changes under the prodtpd configuration, In Line 140 un-comment and remove the “#” to use the include line.
Change the type to standalone, By default it will be in standalone mode to listen the incoming FTP sessions.
# ServerType standalone
Check for the following contents and change according to our need in “/etc/proftpd/tls.conf“
# vim /etc/proftpd/tls.conf
TLSRenegotiate required off
Check after post configuration
Before starting with the service first we need to verify for any Syntax error using “-t” option.
# sudo proftpd -t
Restart the service to get activated
# sudo service proftpd restart
We have configured SSL certificate to authenticate in a secure way to transfer files using PROFTPD.
Proftpd with TLS/SSL: The above steps are simple setup using PROFTPD. There are lot of available directive we can define under proftpd to make it robust in our production environment. Your valuable comments are most welcome.