Installation of a FTP server: ProFTPd

Requirements:

In this tutorial we will see how to configure a FTP server (ProFTPD) for the transfer of files between your PC and your server.

This tutorial is based on Ubuntu 14.04. It will work in a similar matter on Debian.

Installation

We start by installing the server:

sudo apt-get install proftpd

During the installation we are being asked if we want to install the server using inetd or standalone mode. Select the standalone mode.

'inetd' is a kind of “Super Daemon” that can handle multiple services at once, also the FTP service.
With the inetd mode you may fail to configure it correctly, which is not our goal here.

In standalone mode ProFTPD will work on its own.

Configuration

Now you have to edit the file /etc/proftpd/proftpd.conf

Go to the line DefaultRoot and uncomment it.
This will us allow to chroot the users in their proper home directory.

You may also personalize the ServerName, DisplayLogin & UseIPv6, if required (don't hesitate to consult the official documentation for more information).

A secure connection by using TLS

Your server is now up, however, all that passes between your server and your FTP client is sent unencrypted over the Internet, which is far from secure.

We will encrypt all traffic with TLS security (SSLv3 being deprecated).

Start by creating a self-signed SSL certificate:

sudo openssl req -new -x509 -days 365 -nodes -out /etc/ssl/certs/proftpd.cert -keyout /etc/ssl/private/proftpd.key

You will see an output like the following:

Generating a 2048 bit RSA private key
..........................................................+++
..................................................................................+++
writing new private key to '/etc/ssl/private/proftpd.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:FR
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:sd-xxxxx.dedibox.fr
Email Address []:me@mymail.tld

Fill in the required information by OpenSSL.
sd-xxxxx.dedibox.fr can be replaced by your domain name, if you have one.

Now we will force our FTP server to use it to generate an encrypted connection.

Créez le fichier /etc/proftpd/conf.d/tls.conf :

  <IfModule mod_tls.c>
    TLSEngine on
    TLSLog /var/log/proftpd/tls.log

    # TLSv1 Only
    TLSProtocol TLSv1

    # Don't acceppt unencrypted connections
    TLSRequired on

    # The path to the certificates
    TLSRSACertificateFile /etc/ssl/certs/proftpd.cert
    TLSRSACertificateKeyFile /etc/ssl/private/proftpd.key

    TLSVerifyClient off
    TLSRenegotiate none

  </IfModule>

We restart our FTP server now:

sudo service proftpd restart

You are now able to connect to your FTP server using an encrypted connection!

If required, you may also consult our documentation about FTP clients.