How to install ProFTPD with TLS on Ubuntu 16.04 LTS

Transferring files via FTP (File Transfer Protocol) is probably the most popular way to upload files to a server. Proftpd is a popular and versatile FTP server that is available as OpenSource software and supports TLS (SSL) for secure connections.

By default, FTP is an insecure protocol because passwords and data are transmitted in clear text. Using TLS, all communication can be encrypted, making FTP more secure.

This article describes how to configure proftpd with TLS on a Ubuntu 16.04 LTS server.

Background

  1. Ubuntu Server 16.04 64bit
  2. sudo / root privileges

What will we do in this lesson

  1. Install ProFTPD and TLS.
  2. Configure ProFTPD.
  3. Add FTP user.
  4. Configure TLS in ProFTPD.
  5. Testing.

Install Proftpd and OpenSSL

Proftpd and OpenSSL are available in the Ubuntu repository, so we can install them using the apt command:

sudo apt-get install -y proftpd openssl

When the installation starts, you will be prompted to run ProFTPD as inetd or a stand-alone server. Select the offline option here and click OK.

Configure ProFTPD

After installing ProFTPD, you will have to change the configuration to make it a fully functional and secure server. The ProFTPD configuration file is located in the / etc / proftpd / directory – edit the proftpd.conf file.

cd / etc / proftpd / vim proftpd.conf

On the Servername line, replace the value with your hostname or domain:

ServerName                      "My FTP-Server"

Uncomment the DefaultRoot line to enable jail for all users:

DefaultRoot   		~

and restart ProFTPD using the systemctl command as follows.

systemctl restart proftpd

Add FTP User

Two types of FTP users are available: anonymous FTP user and “regular” FTP user:

1. Anonymous FTP: An FTP server provides access to anyone without having to have a user account and password. This should not be used on a public server, but may be an option for a home server or company LAN. 2. FTP user: Only those with an account and password can access the FTP server.

Before creating a user for the FTP server, add / bin / false to the / etc / shells file.

echo “/ bin / false” >> / etc / shells

Now create a user with a specific home directory, disable access to the shell, and then provide it to the FTP server.

useradd -m -s / bin / false zenko passwd zenko

The above command will create a new user named zenko with the home directory / home / zenko / and without access to the / bin / false shell.

Add FTP User and Set Password

Now configure ProFTPD to allow zenko user access to the FTP server.

cd /etc/proftpd/conf.d/ vim zenko.conf

Add this configuration file to allow zenko user to log in and upload / download the file to / from the server:


Umask 022 022
AllowOverwrite off
     
        AllowUser zenko
        DenyALL
     
     
        Order Allow,Deny
        AllowUser zenko
        Deny ALL
    
    
    AllowUser zenko
    Deny ALL
    

Save the file and exit vim. Then restart ProFTPD.

systemctl restart proftpd

You can already use FTP at this point, but we will make it more secure using TLS in the next step.

Configure TLS with proftpd

To use TLS, you must create an SSL certificate. Generate an SSL certificate using the openssl command:

openssl req -x509 -newkey rsa: 1024 -keyout /etc/ssl/private/proftpd.key -out /etc/ssl/certs/proftpd.crt -nodes -days 365

The above command will create the proftpd.crt certificate file in the / etc / ssl / certs / directory, and the proftpd.key certificate key file in the / etc / ssl / private / directory.

Create SSL Certificate with OpenSSL

Then change the resolution of the certificate file to 600:

chmod 600 /etc/ssl/certs/proftpd.crt chmod 600 /etc/ssl/private/proftpd.key

Now go back to the / etc / proftpd directory and configure ProFTPD to use the SSL certificate you created.

cd / etc / proftpd / vim proftpd.conf

Uncomment the TLS line:

Include /etc/proftpd/tls.conf

Save the tls.conf file and exit.

Then edit the TLS configuration file to enable secure authentication:

vim tls.conf

Uncomment all these lines:

TLSEngine                               on
TLSLog                                  /var/log/proftpd/tls.log
TLSProtocol                             SSLv23

TLSRSACertificateFile                   /etc/ssl/certs/proftpd.crt
TLSRSACertificateKeyFile                /etc/ssl/private/proftpd.key

TLSOptions                              NoCertRequest EnableDiags

TLSVerifyClient                         off

TLSRequired                             on

Save and exit. The final step is to restart the ProFTPD server:

systemctl restart proftpd

Testing ProFTPD

To check the configuration, try connecting to your FTP server using software such as FileZilla (I use Filezilla here) and fill in the server IP address, username, password and port:

Server IP : 192.168.1.246
username : zenko
Password ******
Port : 21

And then click Quickconnect. You will be asked to confirm the SSL certificate – just click OK.

Connect to an FTP server using FileZilla

You will see that you are logged into an FTP server with a TLS / SSL certificate.

FTP connection to the server was successful

communication

  • ProFTPD software project. Link

How to install ProFTPD with TLS on Ubuntu 16.04 LTS

Sidebar