Configure ftp over TLS in proftpd. Install proftpd first and find proftpd. conf file and add the following lines TLSEngine onTLSRequired onTLSRSACertificateFile/usr/local/etc/proftpd. pemTLSRSACertificateKeyFile/usr/local/etc/proftpd. pemTLSCipherSuite ALL :! ADH :! DESTLSOptions NoCertRequesTLSVerifyClient offTLSRenegotiate ctrl 3600 data 512000 required off timeout 300 TLSLog/var/log/proftpd/tls. log to generate the Certificate file cd/usr/local/etcopenssl req-x509-nodes-days 365-newkey rsa: 1024-keyout/usr/local/etc/proftpd. pem-out/usr/local/etc/proftpd. pem modified proftpd again. conf file # 'ftpd. conf 'for actual use. it establishes a single server # and a single anonymous login. it assu Mes that you have a user/group # "nobody" and "ftp" for normal operation and anon. serverName "ProFTPD Default Installation" ServerType standalonedefaserver server on # Port 21 is the standard FTP port. port 990 modify the listening Port # Don't use IPv6 support by default. useIPv6 off # Umask 022 is a good standard umask to prevent new dirs and files # from being group and world writable. umask 022 # To prevent DoS attacks, Set the maximum number of child processes # to 30. if you need to allow more than 30 concurrent connections # at once, simply increase this value. note that this ONLY works # in standalone mode, in inetd mode you shocould use an inetd server # that allows you to limit maximum number of processes per service # (such as xinetd ). maxInstances 30 # Set the user and group under which the server will run. user f User Group users # To cause every FTP user to be "jailed" (chrooted) into their home # directory, uncomment this line. defaultRoot/data/test specifies the root directory after ftp logon # Normally, we want files to be overwriteable. allowOverwrite on TLSEngine on must use TLSTLSRSACertificateFile/usr/local/etc/proftpd to enable the TLSTLSRequired on connection. pem specifies the Certificate file TLSRSACertificateKeyFile/usr/local/etc/proftpd. pem specifies the certificate key file TLSCipherSui Te ALL :! ADH :! DESTLSOptions NoCertRequestTLSVerifyClient offTLSRenegotiate ctrl 3600 data 512000 required off timeout 300 TLSLog/var/log/proftpd/tls. log # Bar use of site chmod by default <Limit SITE_CHMOD> DenyAll </Limit> # A basic anonymous configuration, no upload directories. if you do not # want anonymous users, simply delete this entire <Anonymous> section. <Anonymous ~ Ftp> User ftp Group ftp # We want clients to be able to login with "anonymous" as well as "ftp" UserAlias anonymous ftp # Limit the maximum number of anonymous logins MaxClients 10 # We want 'Welcome. msg 'displayed at login, and '. message 'displayed # in each newly chdired directory. displayLogin welcome. msg DisplayChdir. message # Limit WRITE everywhere in the anonymous chroot <Limit WRITE> DenyAl L </Limit> </Anonymous> <Limit LOGIN> DenyUser! Ftp prohibits users other than ftp from logging on to the ftp server </Limit> PassivePorts 9900 9930 specifying the port ExtendedLog/var/log/proftpd/access used in passive mode. log WRITE, READ default ExtendedLog/var/log/proftpd/auth. log AUTH creates the startup script cd/sbin/init. dvi proftpd #! /Bin/sh FTPD_BIN =/usr/local/proftpd/sbin/proftpd FTPD_CONF =/usr/local/proftpd/etc/proftpd. conf PIDFILE =/usr/local/proftpd/var/proftpd. pid if [-f $ PIDFILE]; then pid = 'cat $ pidfile' fi if [! -X $ FTPD_BIN]; then echo "$0: $ FTPD_BIN: cannot execute" exit 1 fi case $1 in start) if [-n "$ pid"]; then echo "$0: proftpd [PID $ pid] already running" exit fi if [-r $ FTPD_CONF]; then echo "Starting proftpd... "$ FTPD_BIN-c $ FTPD_CONF else echo" $0: cannot start proftpd -- $ FTPD_CONF missing "fi; stop) if [-n" $ pid "]; then echo "Stopping proftpd... "kill-TERM $ pid else echo" $0: proftpd not running "exit 1 fi; restart) if [-n" $ pid "]; then echo "Rehashing proftpd configuration" kill-HUP $ pid else echo "$0: proftpd not running" exit 1 fi; *) echo "usage: $0 {start | stop | restart} "exit 1; esac exit 0: after saving the file, chmod 600 proftpd can now start, stop, and restart proftpd through a script. /proftpd start | stop | restart connect to proftpd using the ftp client software through the displayed ftp over TLS