How to install ProFTPd with TLS on OpenSuse 13.2
Author: Srijan Kishore <s [dot] kishore [at] ispconfig [dot] org>
Follow howtoforge on Twitter
Last edited 16/Jan/2015
This document describes how to install a ProFTPd server with OpenSuse 13.2. I will include TLS connections. TLS provides endpoint authentication and communications confidentiality over the Internet using cryptography. TLS provides RSA security with 1024 and 2048 bit strengths.
ProFTPD is a FTP server, it uses only one configuration file “/etc/proftpd/proftpd.conf”. The ProFTPD config file is very similar to Apache’s config file. It can be used to configure multiple virtual FTP servers easily, and has chroot capabilities depending on the underlying filesystem. It can run as standalone server or inetd service. It’s able to work over IPv6.
1 Preliminary Note
In this tutorial I use the hostname server1.example.com with the IP address 192.168.0.100. These settings might differ for you, so you have to replace them where appropriate. You must have a basic Open Suse installation before moving ahead as described in this tutorial.
2 Install ProFTPd
Now let`s install protpd , so open a terminal and type the command :
zypper install proftpd opensl
Now we have to edit proftpd config file:
Add the entries at end of the file as:
DefaultRoot ~ IdentLookups off ServerIdent on "FTP Server ready."
Now we will make the directory for certificate as follows:
Next task is to generate the SSL certificate with this command:
openssl req -new -x509 -days 365 -nodes -out /etc/proftpd/openssl/proftpd.cert.pem -keyout /etc/proftpd/openssl/proftpd.key.pem
Fill the entries as follows:
Country Name (2 letter code) [XX]: <-- Enter your Country Name (e.g., "DE").
State or Province Name (full name) : <-- Enter your State or Province Name.
Locality Name (eg, city) [Default City]: <-- Enter your City.
Organization Name (eg, company) [Default Company Ltd]: <-- Enter your Organization Name (e.g., the name of your company).
Organizational Unit Name (eg, section) : <-- Enter your Organizational Unit Name (e.g. "IT Department").
Common Name (eg, your name or your server's hostname) : <-- Enter the Fully Qualified Domain Name of the system (e.g. "server1.example.com").
Email Address : <-- Enter your Email Address.
Now we need to enable the TLS in ProFTPd as by adding the entry in the ProFTPd configuration file.
Add the entries at last as:
Now we will add the entries for the file tls.conf:
TLSEngine on TLSLog /var/log/proftpd/tls.log TLSProtocol SSLv23 TLSOptions NoCertRequest TLSRSACertificateFile /etc/proftpd/openssl/proftpd.cert.pem TLSRSACertificateKeyFile /etc/proftpd/openssl/proftpd.key.pem TLSVerifyClient off TLSRequired on
We will create the TLS log file manually as:
Be sure to comment out the following lines in order to allow ftp users to CHMOD:
[...] # Bar use of SITE CHMOD by default #<Limit SITE_CHMOD> # DenyAll #</Limit> [...]
Next we need to add the entries to the boot and start the service of ProFTPd as:
systelctl enable proftpd.service
systemctl restart proftpd.service
This will make us ready for the FTP connection.
3 FTP Client
In order to use FTP over TLS, we can use FTP client as Filezilla. It can be downloaded over from the original repository of the distribution or from the link