There are three main choices for FTP server:
For this howto, we will use ProFTPd. Why? It has an apache-style config file, has flexible authentication, and has super easy chroot support.
installation¶
# apt-get install proftpd
this creates:
- user ftp
- /home/ftp
- /etc/proftpd/proftpd.conf
configuration¶
The default configuration is pretty good. It allows for…
Here are a few things you probably want to change:
codetitle. /etc/proftpd/proftpd.conf
ServerName "myserver.taz"
DefaultRoot ~
User root
Group root
Running the ftp daemon as user root has obvious security disadvantages and should probably only be done in vserver where there is no other services. The advantage of running the daemon as root instead of something else like nobody is that proftpd may then change its uid to be the same as the user who authenticated, granting them access to all their files.
utilities¶
To perform a syntax check of your proftpd.conf file:
bc. sudo proftpd -td5
To know who is connected on your server in real time use:
bc. sudo ftptop
See who is connected:
bc. ftpwho
you can also use the “ftpwho” command.
other informations here
TLS¶
<IfModule mod_tls.c>
TLSEngine on
TLSLog /var/log/proftpd/proftpd-tls.log
#TLSProtocol TLSv1
# Are clients required to use FTP over TLS when talking to this server?
TLSRequired off
# Server's certificate
TLSRSACertificateFile /etc/ftpcert/server.crt
TLSRSACertificateKeyFile /etc/ftpcert/server.key
# CA the server trusts
TLSCACertificateFile /etc/ftpcert/ca.crt
# Authenticate clients that want to use FTP over TLS?
TLSVerifyClient off
</IfModule>