Install and setup ProFTPd with TLS on Debian and other distros.
This was tested on Debian 12.
This article assumes you are not using the root account and you are in the sudo group. It also makes use of Nano for the editor. Substitute 'nano' for vi, vim, or whatever your editor flavor is. Or, install nano if it's not already: sudo apt install nano
Install ProFTPd: sudo apt install proftpd
Edit the config file: sudo nano /etc/proftpd/proftpd.conf
Change the following…
UseIPV6 You may switch it to “Off“, if you don’t use it
ServerName Make it your fqdn or IP address.
DefaultRoot ~ Uncomment this line to restrict users with their home folders.
RequireValidShell off Uncomment
PassivePorts Uncomment and set to 12000 12099 or a smaller range. This is for passive transfers and will need firewall permissions.
AuthOrder Uncomment the line to enable the using of local passwords.
Include /etc/proftpd/tls.conf Uncomment
Save and close
Enable the TLS module: sudo nano /etc/proftpd/modules.conf
Uncomment on line 21: LoadModule mod_tls.c
Save and close.
Install the crypto mod: sudo apt-get install proftpd-mod-crypto
Generate SSL cert for TLS.
sudo openssl req -x509 -newkey rsa:2048 -sha256 -keyout /etc/ssl/private/proftpd.key -out /etc/ssl/private/proftpd.crt -nodes -days 3650
Set permissions on the new cert files.
sudo chmod 600 /etc/ssl/private/proftpd.key
sudo chmod 600 /etc/ssl/certs/proftpd.crt
Edit the TLS config file: sudo nano /etc/proftpd/tls.conf
Uncomment:
TLSEngine on
TLSLog /var/log/proftpd/tls.log
TLSProtocol SSLv23
Uncomment and modify to match:
TLSRSACertificateFile /etc/ssl/private/proftpd.crt
TLSRSACertificateKeyFile /etc/ssl/private/proftpd.key
Uncomment…
TLSVerifyClient off
TLSRequired on
Save and close
Restart proFTPd: sudo service proftpd restart
Enjoy!
