Install ProFTPd (TLS) on Ubuntu 16.04)

Install ProFTPd (TLS) on Ubuntu 16.04)

This tutorial describes how to install and use ProFTPd securely. Without TLS, FTP is insecure because all passwords and data are transmitted in plaintext. By using TLS, the entire communication can be encrypted, so FTP makes it much safer. This article describes how to set up the use of ProFTPd TLS to build an ftp server for Ubuntu 16.04, how to add an FTP user, and use FileZilla to connect to the TLS security.

1. Preliminary description

In this tutorial, I will use the host name server1.example.com with the IP address 192.168.1.100. These settings may be different from yours, so you have to change them as appropriate.

We recommend that you switch to the root account:

sudo -s

I will use nano editing to edit the configuration file in this tutorial. If you prefer to use nano, you have not installed it, and then run this command to install nano.

apt-get -y install nano

2. Install ProFTPd and OpenSSL

OpenSSL is a prerequisite for TLS. To install ProFTPd and OpenSSL, run:

apt-get -y install proftpd openssl

The system will ask:

Run proftpd:

For security reasons, you should add the following lines to the file/etc/proftpd. conf:

nano /etc/proftpd/proftpd.conf

Configuration content:

[...]DefaultRoot ~ServerIdent on "FTP Server ready."[...]

3. Create an SSL Certificate For TLS

To use TLS, we must create an SSL certificate. I created it in/etc/proftpd/ssl, So I first created a directory:

mkdir /etc/proftpd/ssl

Then, we can generate an SSL certificate as follows:

openssl req -new -x509 -days 365 -nodes -out /etc/proftpd/ssl/proftpd.cert.pem -keyout /etc/proftpd/ssl/proftpd.key.pem

The system will ask:

Country Name (2 letter code) [AU]: <-Enter your Country Name (e.g., "DE ").
State or Province Name (full name) [Some-State]: <-Enter your State or Province Name.
Locality Name (eg, city) []: <-Enter your City.
Organization Name (eg, company) [Internet Widgits Pty Ltd]: <-Enter your Organization Name (e.g., the name of your company ).
Organizational Unit Name (eg, section) []: <-Enter your Organizational Unit Name (e.g. "IT Department ").
Common Name (eg, YOUR name) []: <-Enter the Fully Qualified Domain Name of the system (e.g. "server1.example.com ").
Email Address []: <-Enter your Email Address.

Make sure that the certificate file is generated.

chmod 600 /etc/proftpd/ssl/proftpd.*

4. Enable TLS for ProFTPd

To enable ProFTPd to use TLS, open/etc/proftpd. conf...

nano /etc/proftpd/proftpd.conf

... And cancel the Include/etc/proftpd/tls. conf line:

[...]## This is used for FTPS connections#Include /etc/proftpd/tls.conf[...]

Then open/etc/proftpd/tls. conf and make it look as follows:

nano /etc/proftpd/tls.conf

The Edit content is as follows:

<IfModule mod_tls.c>TLSEngine                  onTLSLog                     /var/log/proftpd/tls.logTLSProtocol TLSv1.2TLSCipherSuite AES128+EECDH:AES128+EDHTLSOptions                 NoCertRequest AllowClientRenegotiationsTLSRSACertificateFile      /etc/proftpd/ssl/proftpd.cert.pemTLSRSACertificateKeyFile   /etc/proftpd/ssl/proftpd.key.pemTLSVerifyClient            offTLSRequired                onRequireValidShell          no</IfModule>

If you use TLSRequired, only the TLS connection is allowed (this will lock the old FTP client without TLS support for any user ); comment out this line or use TLSRequired to disable TLS and non-TLS connections at the same time, depending on what FTP client support is allowed.

ProFTPd after restart:

systemctl restart proftpd.service

Now, you can try to connect with your FTP client; however, you should configure your FTP client to use TLS (this is required if you use TLSRequired) -See how to achieve this with FileZilla in the next chapter.
If you are using TLS, you can look at the TLS log file/var/log/proftpd/tls. log.

5. Add an FTP user

Therefore, in the tutorial, use the ProFTPD configuration to verify the user database users (/etc/passwd and/etc/shadow files) of the Linux system ). In this step, I will add "tom" for FTP login only ".

useradd --shell /bin/false tom

Then, we will create the Home Directory of our user "tom" and modify the ownership of this directory to the user and group "tom ".

mkdir /home/tom
chown tom:tom /home/tom/

If you prefer to set different home directories, run the following command:

useradd --home /srv/tomftp --create-home --shell /bin/false tom

This command sets a different main directory. In this example, it is the user's directory/SRV/TFTP.
The next step is to set a password for the user by executing the passwd command:

passwd tom

6 configure TLS for FileZilla

To use FTP to use TLS, you need to support TLS, such as FileZilla's FTP client.
In FileZilla, open the site manager:

Select the server using TLS using ProFTPd. Select FTP as the Protocol and specify TLS on FTP.

Now you can connect to the server. In FileZilla, you must enter a password.

If you do this for the first time, you must accept the new SSL Certificate of the server:

If everything goes well, you should record it on the server now:

[Translation] install ProFTPD on CentOS 7.0

Install and configure ProFTPD in Linux

ProFTPD FTP server configuration in Ubuntu 12.04

Install and build a ProFTPD server in Ubuntu

Ubuntu 16.04 LTS was officially released and downloaded for 5 years of technical support

Ubuntu 16.04 USB flash drive installation graphic tutorial

15 things to be configured after installing Ubuntu 16.04 LTS

Upgrade Ubuntu 15.10 To Ubuntu 16.04

Install Lua game engine in Ubuntu 16.04