How to install and configure ProFTPD on Debian Wheezy and Ubuntu 14.04 - Gamuza Still Learn All About Technology

Breaking

BANNER 728X90

Tuesday, November 17, 2015

How to install and configure ProFTPD on Debian Wheezy and Ubuntu 14.04

proftpdHow to install and configure ProFTPD on Debian Wheezy and Ubuntu 14.04
On this page

1 Preliminary Note
2 Install ProFTPD
2.1 Installation:
2.2 Creating ProFTPD Users
3 Enabling TLS In ProFTPD
4 Anonymous FTP access in ProFTPD
5 Links

This document describes how to install and configure ProFTPD on a Debian Wheezy Server, it will also work on Ubuntu 14.04. ProFTPD is an FTP daemon for unix and unix-like operating systems. ProFTPD is developed, released and distributed under the GNU Public License (GPL), which basically establishes it as free software, meaning that it may be sold, licensed and otherwise manipulated in any way desired as long as full and complete source code either accompanies any ProFTPD packages or is made available by any and all sites that distribute pre-compiled binaries. The software can be modified by anyone at anytime, as long as all derived works also are licensed under the GNU Public License.

This guide will work for both Ubuntu and Debian server.
1 Preliminary Note

This tutorial is based on a Debian 7.6 server, so you should set up a basic Debian 7.6 server installation before you continue with this tutorial. The system should have a static IP address. I use 192.168.0.100 as my IP address in this tutorial and server1.example.com as the hostname.
2 Install ProFTPD
2.1 Installation:

We will first install the ProFTPD and OpenSSL as follows:

apt-get install proftpd openssl

It will ask for some question about ProFTPD, select standalone and press Ok.

We can check the ProFTPD version as follows:

proftpd -v
root@server1:~# proftpd -v
ProFTPD Version 1.3.4a
root@server1:~#
2.2 Creating ProFTPD Users

For this I will create a group ftpgroup and the user srijan for ProFTPD. I will restrict the user srijan with home directory as /ftpshare

addgroup ftpgroup

adduser srijan -shell /bin/false -home /ftpshare

root@server1:~# adduser srijan -shell /bin/false -home /ftpshare
Adding user `srijan' ...
Adding new group `srijan' (1002) ...
Adding new user `srijan' (1001) with group `srijan' ...
Creating home directory `/ftpshare' ...
Copying files from `/etc/skel' ...
Enter new UNIX password: <--ftppassword Retype new UNIX password: <--ftppassword passwd: password updated successfully Changing the user information for srijan Enter the new value, or press ENTER for the default<--ENTER Full Name []: <--ENTER Room Number []: <--ENTER Work Phone []: <--ENTER Home Phone []: <--ENTER Other []: <--ENTER Is the information correct? [Y/n] <--Y root@server1:~# Now we will add the srijan user to the ftpgroup as follows: adduser srijan ftpgroup Next we need to make the directory protected from removing and renaming its content by any user, so we will change the directory permissions as follows: chmod -R 1777 /ftpshare/ Next we need to configure ProFTPD as follows: nano /etc/proftpd/proftpd.conf Make changes like as shown [...] UseIPv6 off [...]
RootLogin off
RequireValidShell off


DefaultRoot ~


DenyGroup !ftpgroup


I am not using IPV6 so I made off above, I am disabling root user login with ProFTPD by RootLogon off. DefaultRoot is added to restrict users with their home folders access only. DenyGroup will allow only the users from ftpgroup access to the ftp server, all other connection will get rejected.

Restart the service as:

service proftpd restart

Sometimes you will get an error while restarting the service, like
root@server1:~# service proftpd restart
[ ok ] Stopping ftp server: proftpd.
[....] Starting ftp server: proftpdserver1 proftpd[6052]: mod_tls_memcache/0.1: notice: unable to register 'memcache' SSL session cache: Memcache support not enabled
. ok
root@server1:~#

We can overcome this error by editing the file /etc/proftpd/modules.conf and commenting the line as follows:

nano /etc/proftpd/modules.conf

[...]
#LoadModule mod_tls_memcache.c
[...]

It will sort the error.

Now we can do login with the user srijan and password at ftp://192.168.0.100

3 Enabling TLS In ProFTPD

In order to enable TLS in ProFTPD, open /etc/proftpd/proftpd.conf

nano /etc/proftpd/proftpd.conf

Make the changes as follows and un-comment the line:

[...]
Include /etc/proftpd/tls.conf
[...]

Now we will make the original file backup and then edit the file as shown below:

cp /etc/proftpd/tls.conf /etc/proftpd/tls.conf_orig
cat /dev/null > /etc/proftpd/tls.conf
nano /etc/proftpd/tls.conf

Give the entries as shown


TLSEngine on
TLSLog /var/log/proftpd/tls.log
TLSProtocol SSLv23
TLSOptions NoCertRequest
TLSRSACertificateFile /etc/proftpd/ssl/proftpd.cert.pem
TLSRSACertificateKeyFile /etc/proftpd/ssl/proftpd.key.pem
TLSVerifyClient off
TLSRequired on


In order to use TLS, we must create an SSL certificate. I will create it in /etc/proftpd/ssl, therefore I create that directory first:

mkdir /etc/proftpd/ssl

Afterwards, we can generate the SSL certificate as follows:

openssl req -new -x509 -days 365 -nodes -out /etc/proftpd/ssl/proftpd.cert.pem -keyout /etc/proftpd/ssl/proftpd.key.pem

Country Name (2 letter code) [AU]: <-- Enter your Country Name (e.g., "DE"). State or Province Name (full name) [Some-State]: <-- Enter your State or Province Name. Locality Name (eg, city) []: <-- Enter your City. Organization Name (eg, company) [Internet Widgits Pty Ltd]: <-- Enter your Organization Name (e.g., the name of your company). Organizational Unit Name (eg, section) []: <-- Enter your Organizational Unit Name (e.g. "IT Department"). Common Name (eg, YOUR name) []: <-- Enter the Fully Qualified Domain Name of the system (e.g. "server1.example.com"). Email Address []: <-- Enter your Email Address. Now for security purpose I will make the certificates only readable as follows: chmod 0440 /etc/proftpd/ssl/proftpd.key.pem Finally restart the ProFTPD service as follows: service proftpd restart We can connect to the ProFTPD server with the FileZilla software. You must have FileZilla installed at the client to connect to the server. Open FileZilla and give it the details as follows: Details will be Host = 192.168.0.100 Protocol = FTP User = srijan Port = can be blank if you have not customized it another port than 21 Password = ftppassword (just created above) Note: Since we have encryted our connection in above step so we will be using Encryption with Require explicit FTP over TLS If you have not configured TLS then you can use Use Plain FTP It will ask for trusting the certificates press OK It will be connected to the FTP shared directory. 4 Anonymous FTP access in ProFTPD We can make anonymous FTP account in ProFTPD, just add these entries in ProFTPD configuration file: nano /etc/proftpd/proftpd.conf And add these entries at the last of the file, [...] ###Anonymous share#####
User ftp
Group nogroup


AllowAll


# We want clients to be able to login with "anonymous" as well as "ftp"
UserAlias anonymous ftp

# Cosmetic changes, all files belongs to ftp user
DirFakeUser on ftp
DirFakeGroup on ftp

RequireValidShell off

# Limit the maximum number of anonymous logins
MaxClients 10
# Limit WRITE everywhere in the anonymous chroot


DenyAll



~

Now connect it through FileZilla as follows:

Note: Since we have encryted our connection in above step so we will be using Encryption with Require explicit FTP over TLS

If you have not configured TLS then you can use Use Plain FTP

Press Connect:

It will ask for trusting the certificates press OK

We have successfully connected to the server with Anonymous user.

Congratulations! Now we have successfully configured ProFTPD server environment in Debian Wheezy :)
Read more
Author Image

About wahyu sutejo
SoraTemplates is a blogger resources site is a provider of high quality blogger template with premium looking layout and robust design. The main mission of SoraTemplates is to provide the best quality blogger templates.

By at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)