How to install ProFTPd with TLS on OpenSuse 13.2

Version 1.0
Author: Srijan Kishore <s [dot] kishore [at] ispconfig [dot] org>
Follow howtoforge on Twitter
Last edited 16/Jan/2015

This document describes how to install a ProFTPd server with OpenSuse 13.2. I will include TLS connections.  TLS provides endpoint authentication and communications confidentiality over the Internet using cryptography. TLS provides RSA security with 1024 and 2048 bit strengths.

ProFTPD is a FTP server, it uses only one configuration file “/etc/proftpd/proftpd.conf”. The ProFTPD config file is very similar to Apache’s config file. It can be used to configure multiple virtual FTP servers easily, and has chroot capabilities depending on the underlying filesystem. It can run as standalone server or inetd service. It’s able to work over IPv6.

 

1 Preliminary Note

In this tutorial I use the hostname server1.example.com with the IP address 192.168.0.100. These settings might differ for you, so you have to replace them where appropriate. You must have a basic Open Suse installation before moving ahead as described in this tutorial.

2 Install ProFTPd

Now let`s install protpd , so open a terminal and type the command :

zypper install proftpd opensl

Now we have to edit  proftpd config file:

nano /etc/proftpd/proftpd.conf

 Add the entries at end of the file as:

[...]
DefaultRoot ~
IdentLookups off
ServerIdent on "FTP Server ready."

Now we will make the directory for certificate as follows:

mkdir /etc/proftpd/openssl

Next task is to generate the SSL certificate with this command:

openssl req -new -x509 -days 365 -nodes -out /etc/proftpd/openssl/proftpd.cert.pem -keyout /etc/proftpd/openssl/proftpd.key.pem

Fill the entries as follows:

Country Name (2 letter code) [XX]: <-- Enter your Country Name (e.g., "DE").
State or Province Name (full name) []: <-- Enter your State or Province Name.
Locality Name (eg, city) [Default City]: <-- Enter your City.
Organization Name (eg, company) [Default Company Ltd]: <-- Enter your Organization Name (e.g., the name of your company).
Organizational Unit Name (eg, section) []: <-- Enter your Organizational Unit Name (e.g. "IT Department").
Common Name (eg, your name or your server's hostname) []: <-- Enter the Fully Qualified Domain Name of the system (e.g. "server1.example.com").
Email Address []: <-- Enter your Email Address.

Now we need to enable the TLS in ProFTPd as by adding the entry in the ProFTPd configuration file.

nano /etc/proftpd/proftpd.conf

Add the entries at last as:

[...]
Include /etc/proftpd/tls.conf

Now we will add the entries for the file tls.conf:

nano /etc/proftpd/tls.conf
TLSEngine                  on
TLSLog                     /var/log/proftpd/tls.log
TLSProtocol                SSLv23
TLSOptions                 NoCertRequest
TLSRSACertificateFile      /etc/proftpd/openssl/proftpd.cert.pem
TLSRSACertificateKeyFile   /etc/proftpd/openssl/proftpd.key.pem
TLSVerifyClient            off
TLSRequired                on

We will create the TLS log file manually as:

touch /var/log/proftpd/tls.log

Be sure to comment out the following lines in order to allow ftp users to CHMOD:

[...]
# Bar use of SITE CHMOD by default
#<Limit SITE_CHMOD>
#  DenyAll
#</Limit>
[...]

Next we need to add the entries to the boot and start the service of ProFTPd as:

systelctl enable proftpd.service
systemctl restart proftpd.service

This will make us ready for the FTP connection.

3 FTP Client

In order to use FTP over TLS, we can use FTP client as Filezilla. It can be downloaded over from the original repository of the distribution or from the link

4 Links

Share this page:

1 Comment(s)