WF AQ

Knowledge base

Enable TLS/ssl proftpd Ubuntu/Fedora/Centos

14 Novembre 2016 di admin@admin

Benefits of TLS/SSL

TLS/SSL provides numerous benefits to clients and servers over other methods of authentication, including:

– Strong authentication, message privacy, and integrity
– Interoperability
– Algorithm flexibility
– Ease of deployment
– Ease of use

1- Install Proftpd and openssl

apt-get install proftpd openssl
yum install proftpd openssl

2- Create SSL Certificates

mkdir /opt/ssl/
 cd /opt/ssl

3- Generate ssl certificate with

openssl req -new -x509 -days 365 -nodes -out proftpd.cert.pem -keyout proftpd.key.pem

Generating a 2048 bit RSA private key
…………………+++
……….+++
writing new private key to ‘proftpd.key.pem’
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [XX]:NL
State or Province Name (full name) []:Adam
Locality Name (eg, city) [Default City]:Adam
Organization Name (eg, company) [Default Company Ltd]:Unixmen
Organizational Unit Name (eg, section) []:Unixmen
Common Name (eg, your name or your server’s hostname) []:Unixmen-test
Email Address []:@unixmen.com
4- Enable TLS In ProFTPd

Edit /etc/proftpf/proftpd.conf or /etc/proftpd.conf (Ubuntu/Centos)

TLSEngine on
TLSLog /var/log/proftpd/tls.log
TLSProtocol SSLv23
TLSOptions NoCertRequest
TLSRSACertificateFile /opt/ssl/proftpd.cert.pem
TLSRSACertificateKeyFile /opt/ssl/proftpd.key.pem
TLSVerifyClient off
TLSRequired on

5- Check if proftpd ready with:

 # proftpd -vv
 ProFTPD Version: 1.3.3g (maint)
 Scoreboard Version: 01040003
 Built: Thu Nov 10 2011 16:20:47 UTC
 Loaded modules:
 mod_lang/0.9
 mod_ctrls/0.9.4
 mod_cap/1.0
 mod_vroot/0.9.2
 mod_tls/2.4.2
 mod_auth_pam/1.1
 mod_readme.c
 mod_ident/1.0
 mod_dso/0.5
 mod_facts/0.1
 mod_delay/0.6
 mod_site.c
 mod_log.c
 mod_ls.c
 mod_auth.c
 mod_auth_file/0.8.3
 mod_auth_unix.c
 mod_xfer.c
 mod_core.c

6- Now start proftpd

/etc/init.d/proftpd start
 Starting proftpd: [ OK ]

and is done!