Set up ProFTPd with TLS on Ubuntu 11.04

TipsMake.com - FTP is a file transfer protocol used quite popular today. However, this protocol gradually becomes less secure because the entire password and data of the file is transmitted as clear text. So they can be blocked and stolen by the thief. By using TLS, all information will be encrypted, and will make FTP much safer. The following article will guide you to the ProFTPd settings with TLS in Ubuntu 11.04 server.

>>>Learn about OpenSSH in Linux

Note: In the following illustration we use hostname server1.example.com with IP address 192.168.0.100 . These settings may be different for you, so replace them accordingly.

In addition, since we need to run all the steps in this tutorial with root permissions, we need to prefix all sudo string commands, or we can return to root by typing:

sudosu

Install ProFTPd and OpenSSL

OpenSSL is an open source utility needed for TLS, installing ProFTPd and OpenSSL is very simple, just run the following command:

apt-get installproftpd openssl

You will then receive a question:

Run proftpd:

To increase security you can add the following command line to the file /etc/proftpd/proftpd.conf . (See more information here):

en /etc/proftpd/proftpd.conf

[.]
DefaultRoot ~
ServerIdent on "FTP Server ready."
[.]

Create an SSL certificate for TLS

To use TLS we need to create an SSL certificate. We created it in / etc / proftpd / ssl , so next is created in the first path:

mkdir / etc / proftpd / ssl

Finally we can create the SSL certificate as follows:

openssl req -new -x509 -days 365 -nodes -out /etc/proftpd/ssl/proftpd.cert.pem -keyout /etc/proftpd/ssl/proftpd.key.pem

Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:
Email Address []:

Activate TLS in ProFTPd

To enable TLS in ProFTPd , open /etc/proftpd/proftpd.conf :

en /etc/proftpd/proftpd.conf

and uncomment ' Include /etc/proftpd/tls.conf '

[.]
#
# Này được dùng cho FTPS các kết nối
#
Include /etc/proftpd/tls.conf
[.]

Then open /etc/proftpd/tls.conf and make it look like this:

en /etc/proftpd/tls.conf

If you use TLSRequired on , then only TLS connections are allowed (this will be blocked with older FTP clients that are not supported for TLS); Using TLSRequired off, TLS and non-TLS connections will be allowed depending on the support of the FTP client.

Restart ProFTPd:

/etc/init.d/proftpd restart

You can try connecting using your FTP client, but you should reconfigure it to use TLS (this is necessary if you use TLSRequired on).

If you have problems with TLS, you can see the /var/log/proftpd/tls.log log file.

Configure FileZilla for TLS

To use FTP with TLS, you need an FTP client that supports TLS, such as FileZilla .

In FileZilla open Server Manager :

Select the server using ProFTPd with TLS. In the Server type of the drop-down menu, select FTPES instead of FTP :

You can now connect to the server. If this is your first time doing this, you need to accept the server's new SSL certificate:

Once everything goes smoothly, you will begin the process of logging into the server.