Install ProFTPD TLS on Ubuntu 18.04 LTS

Posted on by

The following tutorial describes how to install ftp server on Ubuntu 18.04
Feel free to read.

At the beginning of the renovation repositories and make the system:

1
2
apt-get update
apt-get upgrade

Install proftpd

1
apt-get install proftpd -y

Run it on your system:

1
2
systemctl start proftpd
systemctl enable proftpd

Check the service status command:

1
systemctl status proftpd

If everything is ok we will see something like:

1
2
3
4
5
6
7
8
9
10
11
12
proftpd.service - LSB: Starts ProFTPD daemon
   Loaded: loaded (/etc/init.d/proftpd; generated)
   Active: active (running) since Sat 2019-05-25 09:18:19 UTC; 31s ago
     Docs: man:systemd-sysv-generator(8)
    Tasks: 1 (limit: 1114)
   CGroup: /system.slice/proftpd.service
           ??1927 proftpd: (accepting connections)
 
May 25 09:18:19 ubuntu1804 systemd[1]: Starting LSB: Starts ProFTPD daemon...
May 25 09:18:19 ubuntu1804 proftpd[1906]:  * Starting ftp server proftpd
May 25 09:18:19 ubuntu1804 proftpd[1906]:    ...done.
May 25 09:18:19 ubuntu1804 systemd[1]: Started LSB: Starts ProFTPD daemon.

The next step is to edit the configuration file namely:

1
/etc/proftpd/proftpd.conf

edit with the command

1
nano /etc/proftpd/proftpd.conf

should look like:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
#
# /etc/proftpd/proftpd.conf -- This is a basic ProFTPD configuration file.
# To really apply changes, reload proftpd after modifications, if
# it runs in daemon mode. It is not required in inetd/xinetd mode.
#
 
# Includes DSO modules
 
Include /etc/proftpd/modules.conf
 
# Set off to disable IPv6 support which is annoying on IPv4 only boxes.
UseIPv6                         off
# If set on you can experience a longer connection delay in many cases.
IdentLookups                    off
 
ServerName                      "Debian"
# Set to inetd only if you would run proftpd by inetd/xinetd.
# Read README.Debian for more information on proper configuration.
ServerType                              standalone
DeferWelcome                    off
 
MultilineRFC2228                on
DefaultServer                   on
ShowSymlinks                    on
 
TimeoutNoTransfer               600
TimeoutStalled                  600
TimeoutIdle                     1200
 
DisplayLogin                    welcome.msg
DisplayChdir                    .message true
ListOptions                     "-l"
 
DenyFilter                      \*.*/
 
# Use this to jail all users in their homes
# DefaultRoot                   ~
# Port 21 is the standard FTP port.
Port                            21
MaxInstances                    30
# Set the user and group that the server normally runs at.
User                            proftpd
Group                           nogroup
# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask                           022  022
# Normally, we want files to be overwriteable.
AllowOverwrite                  on
TransferLog /var/log/proftpd/xferlog
SystemLog   /var/log/proftpd/proftpd.log

The following description of the most important settings

ServerName: The default name ftp.
UseIPV6: Here you can set the FTP server to listen on IPv6 also.
DefaultRoot: Closes users in their home directories.
Port: You can define your own ftp port .
SystemLog: The default location for log files. You can change it to suit your preference

Now we will secure ftp TLS

Install necessary at the beginning of a packet:

1
apt-get install openssl -y

Then we generate a certificate

1
openssl req -x509 -newkey rsa:1024 -keyout /etc/ssl/private/proftpd.key -out /etc/ssl/certs/proftpd.crt -nodes -days 365

We fill it with your details.

We give permission to the certificate files:

1
2
chmod 600 /etc/ssl/private/proftpd.key
chmod 600 /etc/ssl/certs/proftpd.crt

Edit proftpd to start TLS

1
nano /etc/proftpd/proftpd.conf

and odhaszujemy

1
Include /etc/proftpd/tls.conf

The whole should look like:

1
2
3
4
5
6
7
8
TLSRSACertificateFile /etc/ssl/certs/proftpd.crt
TLSRSACertificateKeyFile /etc/ssl/private/proftpd.key
TLSEngine on
TLSLog /var/log/proftpd/tls.log
TLSProtocol SSLv23
TLSRequired on
TLSOptions NoCertRequest EnableDiags NoSessionReuseRequired
TLSVerifyClient off

The last step is to reload ftp execute this command:

1
systemctl restart proftpd

Add users ftp command:

1
adduser nazwauzytkownika

for example ftp1

1
adduser ftp1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
Adding user `ftp1' ...
Adding new group `ftp1' (1006) ...
Adding new user `ftp1' (1002) with group `ftp1' ...
Creating home directory `/home/ftp1' ...
Copying files from `/etc/skel' ...
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
Changing the user information for ftp1
Enter the new value, or press ENTER for the default
Full Name []:
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [Y/n] Y

Now remained only connect to our server chosen by our program, for example Filezilla.

How useful this post was?

Click on the star, to evaluate it!

Average grade / 5. number of votes:

So far, no votes! Be the first to rate this post.

Related entries:

Installing Ruby on Rails on Debian 11
Multimedia installation on Ubuntu combine Kodi 18.04
Instant Server Installation openvpn
RoundCube logo change
SuperTux or Mario for Linux installation in Ubuntu 20.04