Dies ist Version 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 . Es handelt sich nicht um die aktuelle Version und kann folglich auch nicht geändert werden.

[Zurück zur aktuellen Version][Diese Version wiederherstellen]

Reinstalled 19.03.2023

Info#

proftpd -v
ps -ef|grep proftp
dpkg -l '*proftp*'
apt list --installed | less
    proftpd-basic/stable,now 1.3.7a+dfsg-12+deb11u2 all  [installiert]
    proftpd-core/stable,now 1.3.7a+dfsg-12+deb11u2 amd64  [Installiert,automatisch]
    proftpd-doc/stable,now 1.3.7a+dfsg-12+deb11u2 all  [Installiert,automatisch]
    proftpd-mod-crypto/stable,now 1.3.7a+dfsg-12+deb11u2 amd64  [Installiert,automatisch]
    proftpd-mod-wrap/stable,now 1.3.7a+dfsg-12+deb11u2 amd64  [Installiert,automatisch]    

Deinstall / Clean#

/etc/init.d/proftpd stop
apt-get remove proftpd-basic  (removes all packages listed above)
apt install proftpd-basic

Configuration#

Main one:

/etc/proftpd/proftpd.conf

This has

Include /etc/proftpd/conf.d/

We create a custom one in that subfolder

vi /etc/proftpd/conf.d/custom.conf
# Ftp user doesn't need a valid shell
<Global>
    RequireValidShell off
</Global>
# If desired turn off IPv6
UseIPv6 off
# Default directory is ftpusers home
DefaultRoot ~ ftpuser
# Limit login to the ftpuser group
<Limit LOGIN>
    DenyGroup !ftpuser
</Limit>

Restart#

systemctl restart proftpd.service

Activate TLS#

$ vi /etc/proftpd/conf.d/tls.conf
<IfModule mod_tls.c>
TLSEngine                  on
TLSLog                     /var/log/proftpd/tls.log
TLSProtocol                TLSv1.2
#TLSOptions                 NoSessionReuseRequired NoCertRequest
#TLSRSACertificateFile      /etc/proftpd/ssl/proftpd.cert.pem
TLSRSACertificateFile      /etc/letsencrypt/live/www.inetone.de/cert.pem
#TLSRSACertificateKeyFile   /etc/proftpd/ssl/proftpd.key.pem
TLSRSACertificateKeyFile   /etc/letsencrypt/live/www.inetone.de/privkey.pem
TLSVerifyClient            off
TLSRequired                on
</IfModule>

Add a virtual user (in the specified path !)

> cd /etc/proftpd
> ftpasswd --passwd --name proftpd --uid 1001 --home /home/proftpd --shell /bin/false 
> ftpasswd --passwd --name ftp --uid 1001 --home /home/ftp --shell /bin/false 

The following output is not important:

ftpasswd: --passwd: missing --gid argument: default gid set to uid
ftpasswd: creating passwd entry for user proftpd

ftpasswd: /bin/false is not among the valid system shells.  Use of
ftpasswd: "RequireValidShell off" may be required, and the PAM
ftpasswd: module configuration may need to be adjusted.

This will create the file /etc/proftpd/ftpd.passwd in the current path !

Active/Passive#

Generally FTP clients use passive connections. To enable passive connection you need to enable port 49152-65534 in the firewall (iptables) and in the conf. Alternatively use active connections.

Add to /etc/proftpd/proftpd.conf

DefaultRoot ~
AuthOrder                      mod_auth_file.c  mod_auth_unix.c
AuthUserFile /etc/proftpd/ftpd.passwd
AuthPAM off
RequireValidShell off 

Restart

sudo /etc/init.d/proftpd restart

/var/run/proftpd/proftpd.delay

If you get

2016-10-20 23:00:25,427 v22013121954216166.yourvserver.net proftpd[2368]: mod_auth_file/1.0: unable to use world-readable AuthUserFile '/etc/proftpd/ftpd.passwd': Operation not permitted
2016-10-20 23:00:25,427 v22013121954216166.yourvserver.net proftpd[2368]: Fatal: AuthUserFile: unable to use /etc/proftpd/ftpd.passwd: Operation not permitted on line 91 of '/etc/proftpd/proftpd.conf'

then read https://ubuntuforums.org/showthread.php?t=2238794

sudo chmod o-rwx /etc/proftpd/ftpd.passwd

Old (not necessary): Edit /etc/hosts.deny and /etc/hosts.allow

ftpd: ALL

Old: Start

/markus/proftpd/proftpd-1.3.3f/proftpd -c /usr/local/etc/proftpd.conf

Old: Stop

netstat -pant
kill -9 <pid>

Logging#

Add in proftpd.conf:

## Logging ##
LogFormat       default "%h %l %u %t \"%r\" %s %b"
LogFormat       auth "%v [%P] %h %t \"%r\" %s"
LogFormat       write "%h %l %u %t \"%r\" %s %b"

TransferLog     /var/log/proftpd/proftpd.xferlog
ExtendedLog     /var/log/proftpd/ftp_auth.log AUTH auth
ExtendedLog     /var/log/proftpd/ftp_access.log WRITE,READ write
# ExtendedLog   /var/log/proftpd/ftp_paranoid.log ALL default

Increase debug level by starting with -d:

proftpd -d 5

-d level
Set debugging level (0-10, 10 = most debugging)

Use SFTP#

In /etc/proftpd/proftpd.conf you generally Include /etc/proftpd/conf.d/
Disable tls

vi /etc/proftpd/conf.d/tls.conf
TLSEngine                  off

Create sftp config

vi /etc/proftpd/conf.d/sftp.conf
<IfModule mod_sftp.c>
        SFTPEngine on
        Port 2222
        SFTPLog /var/log/proftpd/sftp.log

        # Configure both the RSA and DSA host keys, using the same host key
        # files that OpenSSH uses.
        SFTPHostKey /etc/ssh/ssh_host_rsa_key
        SFTPHostKey /etc/ssh/ssh_host_dsa_key

        #SFTPAuthMethods publickey
        SFTPAuthMethods password

        #SFTPAuthorizedUserKeys file:/etc/proftpd/authorized_keys/%u
        #AuthOrder mod_auth_file.c

        # Enable compression
        SFTPCompression delayed
</IfModule>