[{ALLOW view All}]
[{ALLOW edit Markus}]
!ProFTPd (with Ubuntu 12.04 LTS)
{{{
apt-get install proftpd
}}}
(I used the standalone setup.)
20.03.2017, used [https://www.howtoforge.com/tutorial/proftpd-installation-on-debian-and-ubuntu/]
----
Configuration, see [here|http://wiki.ubuntuusers.de/ProFTPD]
{{{
vi /etc/proftpd/proftpd.conf
}}}
Edit /etc/proftpd.conf\\
Remove anonoymous access (comment out the following):
{{{
# A basic anonymous configuration, no upload directories. If you do not
# want anonymous users, simply delete this entire <Anonymous> section.
<Anonymous ~ftp>
User ftp
Group ftp
# We want clients to be able to login with "anonymous" as well as "ftp"
UserAlias anonymous ftp
# Limit the maximum number of anonymous logins
MaxClients 10
# We want 'welcome.msg' displayed at login, and '.message' displayed
# in each newly chdired directory.
DisplayLogin welcome.msg
DisplayChdir .message
# Limit WRITE everywhere in the anonymous chroot
<Limit WRITE>
DenyAll
</Limit>
</Anonymous>
}}}
Add a virtual user (in the specified path !)
{{{
> cd /etc/proftpd
> ftpasswd --passwd --name proftpd --uid 1001 --home /home/proftpd --shell /bin/false
> ftpasswd --passwd --name ftp --uid 1001 --home /home/ftp --shell /bin/false
}}}
The following output is not important:
{{{
ftpasswd: --passwd: missing --gid argument: default gid set to uid
ftpasswd: creating passwd entry for user proftpd
ftpasswd: /bin/false is not among the valid system shells. Use of
ftpasswd: "RequireValidShell off" may be required, and the PAM
ftpasswd: module configuration may need to be adjusted.
}}}
This will create the file __/etc/proftpd/ftpd.passwd__ in the current path !
!Active/Passive
Generally FTP clients use passive connections. To enable passive connection you need to enable port 49152-65534 in the firewall (iptables) and in the conf. Alternatively use active connections.
Add to /etc/proftpd/proftpd.conf
{{{
DefaultRoot ~
AuthOrder mod_auth_file.c mod_auth_unix.c
AuthUserFile /etc/proftpd/ftpd.passwd
AuthPAM off
RequireValidShell off
}}}
Restart
{{{
sudo /etc/init.d/proftpd restart
}}}
/var/run/proftpd/proftpd.delay
If you get
{{{
2016-10-20 23:00:25,427 v22013121954216166.yourvserver.net proftpd[2368]: mod_auth_file/1.0: unable to use world-readable AuthUserFile '/etc/proftpd/ftpd.passwd': Operation not permitted
2016-10-20 23:00:25,427 v22013121954216166.yourvserver.net proftpd[2368]: Fatal: AuthUserFile: unable to use /etc/proftpd/ftpd.passwd: Operation not permitted on line 91 of '/etc/proftpd/proftpd.conf'
}}}
then read [https://ubuntuforums.org/showthread.php?t=2238794]
{{{
sudo chmod o-rwx /etc/proftpd/ftpd.passwd
}}}
Old (not necessary): Edit /etc/hosts.deny and /etc/hosts.allow
{{{
ftpd: ALL
}}}
Old: Start
{{{/markus/proftpd/proftpd-1.3.3f/proftpd -c /usr/local/etc/proftpd.conf
}}}
Old: Stop
{{{
netstat -pant
kill -9 <pid>
}}}
! Logging
Add in proftpd.conf:
{{{
## Logging ##
LogFormat default "%h %l %u %t \"%r\" %s %b"
LogFormat auth "%v [%P] %h %t \"%r\" %s"
LogFormat write "%h %l %u %t \"%r\" %s %b"
TransferLog /var/log/proftpd/proftpd.xferlog
ExtendedLog /var/log/proftpd/ftp_auth.log AUTH auth
ExtendedLog /var/log/proftpd/ftp_access.log WRITE,READ write
# ExtendedLog /var/log/proftpd/ftp_paranoid.log ALL default
}}}
Increase debug level by starting with -d:
{{{
proftpd -d 5
}}}
-d level\\
Set debugging level (0-10, 10 = most debugging)
!Use SFTP
In {{{/etc/proftpd/proftpd.conf}}} you generally {{{Include /etc/proftpd/conf.d/}}}\\
Disable tls
{{{
vi /etc/proftpd/conf.d/tls.conf
TLSEngine off
}}}
Create sftp config
{{{
vi /etc/proftpd/conf.d/sftp.conf
<IfModule mod_sftp.c>
SFTPEngine on
Port 2222
SFTPLog /var/log/proftpd/sftp.log
# Configure both the RSA and DSA host keys, using the same host key
# files that OpenSSH uses.
SFTPHostKey /etc/ssh/ssh_host_rsa_key
SFTPHostKey /etc/ssh/ssh_host_dsa_key
#SFTPAuthMethods publickey
SFTPAuthMethods password
#SFTPAuthorizedUserKeys file:/etc/proftpd/authorized_keys/%u
#AuthOrder mod_auth_file.c
# Enable compression
SFTPCompression delayed
</IfModule>