FTP Server

How to set up a secure ftp server in debian.

There are three main choices for FTP server:

For this howto, we will use ProFTPd. Why? It has an apache-style config file, has flexible authentication, and has super easy chroot support.

installation

# apt-get install proftpd

this creates:

  • user ftp
  • /home/ftp
  • /etc/proftpd/proftpd.conf

configuration

The default configuration is pretty good. It allows for…

Here are a few things you probably want to change:

codetitle. /etc/proftpd/proftpd.conf

ServerName  "myserver.taz"
DefaultRoot  ~
User root
Group root

Running the ftp daemon as user root has obvious security disadvantages and should probably only be done in vserver where there is no other services. The advantage of running the daemon as root instead of something else like nobody is that proftpd may then change its uid to be the same as the user who authenticated, granting them access to all their files.

utilities

To perform a syntax check of your proftpd.conf file:
bc. sudo proftpd -td5

To know who is connected on your server in real time use:
bc. sudo ftptop

See who is connected:
bc. ftpwho

you can also use the “ftpwho” command.
other informations here

TLS

<IfModule mod_tls.c>
  TLSEngine on
  TLSLog /var/log/proftpd/proftpd-tls.log
  #TLSProtocol TLSv1

  # Are clients required to use FTP over TLS when talking to this server?
  TLSRequired off

  # Server's certificate
  TLSRSACertificateFile /etc/ftpcert/server.crt
  TLSRSACertificateKeyFile /etc/ftpcert/server.key

  # CA the server trusts
  TLSCACertificateFile /etc/ftpcert/ca.crt

  # Authenticate clients that want to use FTP over TLS?
  TLSVerifyClient off
</IfModule>
 

we mostly prefer mysecureshell (http://mysecureshell.sourceforge.net/ )
a secure ftp server based on openssh. so far we had no problems.
(mysecureshell debian amd64 repo is down at the moment, so we manually install all the latest debs)

q1: does anyone know any pros-cons of the various ftp servers?
q2: do you happen to know any other sftp servers that can run on the ssh port?

 
   

Hey every one, I’m new here. Just wanted to say ‘hello world’. Also, y’all probably already know this, but scp (short for Secure CoPy I believe) is great if you are just transferring files between trusted computers with known users and don’t need an actual server. It’s included with SSH so you don’t have to install anything, see ’ man scp ’ for more details of course.