Table of Contents

Introduction

PROFTPD with TLS/SSL, In day to day operations a common requirement from most of the teams will be to transfer files. Due to security concern FTP is not allowed to use in most of production environment, so we need to find an alternative way by using SCP, SFTP, FTPS or much more.

In this guide let’s see how to use PROFTPD to transfer files by encrypting all data transfer. PROFTPD used to transfer data’s same as other FTP servers locally and remotely. By default, PROFTPD comes without a secure method of transfer files. To get more secure way to transfer we need to configure it with TLS/SSL certificates.

Preparing to create SSL/TLS certificate

First install the OpenSSL package to create certificate files for Proftpd

# sudo apt-get install openssl -y

Create the certificate file using

# sudo openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/ssl/proftpd.pem -out /etc/ssl/proftpd.pem

Change the permission for the certificate file Only read/write for Root user

# sudo chmod 600 proftpd.pem

Install PROFTPD

Install the Proftpd package using apt by updating the apt cache.

# sudo apt-get update
# sudo apt-get install proftpd -y

Post Install configuration

Once done with the installation we need to make few changes under the prodtpd configuration, In Line 140 un-comment and remove the “#” to use the include line.

Include /etc/proftpd/tls.conf

Change the type to standalone, By default it will be in standalone mode to listen the incoming FTP sessions.

# ServerType standalone

Check for the following contents and change according to our need in “/etc/proftpd/tls.conf“

# vim /etc/proftpd/tls.conf

TLSEngine on
TLSLog /var/log/proftpd/tls.log
TLSProtocol SSLv23
TLSRSACertificateFile /etc/ssl/proftpd.pem
TLSRSACertificateKeyFile /etc/ssl/proftpd.pem
TLSOptions NoCertRequest
TLSVerifyClient off
TLSRequired on
TLSRenegotiate required off

Check after post configuration

Before starting with the service first we need to verify for any Syntax error using “-t” option.

# sudo proftpd -t

Restart the service to get activated

# sudo service proftpd restart

We have configured SSL certificate to authenticate in a secure way to transfer files using PROFTPD.

Conclusion:

Proftpd with TLS/SSL: The above steps are simple setup using PROFTPD. There are lot of available directive we can define under proftpd to make it robust in our production environment. Your valuable comments are most welcome.

jos on How to Configure Sudo email alertMarch 4, 2022
Hi! Some way to send commands write as root by email? Thanks!
paul on Monitoring Proxmox with InfluxDB and Grafana in 4 Easy stepsMarch 1, 2022
Tried 12966 per your example, got error "failed to import dashboard."
Anonymous on Migrate existing Iptables to Nftables in RHEL8/CentOSFebruary 27, 2022
I followed the procedures and successfully loaded some weird 8081 port configurations needed for the app, however I discovered it…
sy on Install Ansible AWX on Kubernetes in 5 minutesFebruary 17, 2022
tried many times - followed all steps but was unable to setup custom context I always get -> The connection…
Faraz Ahmed on Prometheus with Grafana for Linux server monitoring in 5 easy stepsFebruary 7, 2022
Hello Babin Lonston, Your tutorial is very helpful to me to Install the prometheus and nodeexporter on the server. Can…