Reinstalled 19.03.2023
Inhaltsverzeichnis
Info#
proftpd -v # get version ps -ef|grep proftpd # check running / pid dpkg -l '*proftp*' # check package installed apt list --installed | less # check packages installed proftpd-basic/stable,now 1.3.7a+dfsg-12+deb11u2 all [installiert] proftpd-core/stable,now 1.3.7a+dfsg-12+deb11u2 amd64 [Installiert,automatisch] proftpd-doc/stable,now 1.3.7a+dfsg-12+deb11u2 all [Installiert,automatisch] proftpd-mod-crypto/stable,now 1.3.7a+dfsg-12+deb11u2 amd64 [Installiert,automatisch] proftpd-mod-wrap/stable,now 1.3.7a+dfsg-12+deb11u2 amd64 [Installiert,automatisch] service proftpd status # check ProFTPD running netstat -tlp|grep proftp # ProFTPD lauscht auf Port 21 telnet 192.0.2.10 21 # Verbindungstest auf Port 21 mit telnet openssl s_client -connect 192.0.2.10:21 -starttls ftp # Verbindungstest auf Port 21 mit TLS proftpd -d 5 # ? increase debug, 0-10, 10 = most debugging vi /var/log/proftpd/proftpd.log vi /var/log/proftpd/tls.log vi /var/log/proftpd/sftp.log vi /var/log/proftpd/xferlog
Deinstall / Clean#
/etc/init.d/proftpd stop apt-get remove proftpd-basic (removes all packages listed above) apt install proftpd-basic
Configuration#
Standard configuration isvi /etc/proftpd/proftpd.conf # main one vi /etc/proftpd/conf.d/tls.conf # tls vi /etc/proftpd/conf.d/sftp.conf # sftp (not used, but see below)The main one includes ALL files from folder conf.d. We create our own one
vi /etc/proftpd/conf.d/custom.conf # Ftp user doesn't need a valid shell <Global> RequireValidShell off </Global> # If desired turn off IPv6 UseIPv6 off # Default directory is ftpusers home DefaultRoot ~ ftpuser # Limit login to the ftpuser group <Limit LOGIN> DenyGroup !ftpuser </Limit>
Restart#
systemctl restart proftpd.service
Activate TLS#
We use TLS, NOT SFTP, nevertheless check sftp.conf:
$ vi /etc/proftpd/conf.d/tls.conf SFTPEngine off " is it off? (ok) Port 2222 " port overridden ?
$ vi /etc/proftpd/conf.d/tls.conf <IfModule mod_tls.c> TLSEngine on TLSLog /var/log/proftpd/tls.log TLSProtocol TLSv1.2 #TLSOptions NoSessionReuseRequired NoCertRequest #TLSRSACertificateFile /etc/proftpd/ssl/proftpd.cert.pem TLSRSACertificateFile /etc/letsencrypt/live/www.inetone.de/cert.pem #TLSRSACertificateKeyFile /etc/proftpd/ssl/proftpd.key.pem TLSRSACertificateKeyFile /etc/letsencrypt/live/www.inetone.de/privkey.pem TLSVerifyClient off TLSRequired on </IfModule>
Add a virtual user (in the specified path !)
> cd /etc/proftpd > ftpasswd --passwd --name proftpd --uid 1001 --home /home/proftpd --shell /bin/false > ftpasswd --passwd --name ftp --uid 1001 --home /home/ftp --shell /bin/falseThe following output is not important:
ftpasswd: --passwd: missing --gid argument: default gid set to uid ftpasswd: creating passwd entry for user proftpd ftpasswd: /bin/false is not among the valid system shells. Use of ftpasswd: "RequireValidShell off" may be required, and the PAM ftpasswd: module configuration may need to be adjusted.This will create the file /etc/proftpd/ftpd.passwd in the current path !
SFTP Client#
I use filezilla 64bit without setup Use "Explizites FTP über TLS erfordern"Active/Passive#
Generally FTP clients use passive connections. To enable passive connection you need to enable port 49152-65534 in the firewall (iptables) and in the conf. Alternatively use active connections.Log Settings#
You may adopt in proftpd.conf:## Logging ## LogFormat default "%h %l %u %t \"%r\" %s %b" LogFormat auth "%v [%P] %h %t \"%r\" %s" LogFormat write "%h %l %u %t \"%r\" %s %b" TransferLog /var/log/proftpd/proftpd.xferlog ExtendedLog /var/log/proftpd/ftp_auth.log AUTH auth ExtendedLog /var/log/proftpd/ftp_access.log WRITE,READ write # ExtendedLog /var/log/proftpd/ftp_paranoid.log ALL default