How to configure PureFTPd over SSL
Tags: configure, ftp, Linux, Pureftp, SSL
Pure-FTPd is a free (BSD), secure, production-quality and standard-conformant FTP server. It doesn’t provide useless bells and whistles, but focuses on efficiency and ease of use. It provides simple answers to common needs, plus unique useful features for personal users as well as hosting providers.
Pure-FTPd is actively supported, and it was always designed with security in mind, and the code is always re-audited as new kind of vulnerabilities are discussed. The server can run with privilege separation for paranoid security. It can even run 100% non-root, with its built-in chroot() emulation and virtual accounts. Transmission of cleartext passwords and commands can be avoided : Pure-FTPd has optional support for an SSL/TLS encryption layer using the OpenSSL library.
Basically this tutorial show you how to configure pureFTPd over SSL and this is based on SuSE Linux Enterprise Server with basic SLES setup.
- Install pureFTPd rpm either using rpm command or YaST
- Edit pureFTPd config file
vi /etc/pure-ftpd/pure-ftpd.conf
ChrootEveryone yes
AnonymousOnly no
NoAnonymous yes
VerboseLog yes
PAMAuthentication yes
AnonymousCanCreateDirs no
AnonymousCantUpload yes
TLS 2
AnonymousOnly - This will allow virtual user login
NoAnonymous - This will disallow anonymous login
VerboseLog - Log all client commands
AnonymousCanCreateDirs - Disallow anonymous create Dirs
AnonymousCantUpload - Disallow anonymous users to upload new files
TLS
# This option can accept three values :
# 0 : disable SSL/TLS encryption layer (default).
# 1 : accept both traditional and encrypted sessions.
# 2 : refuse connections that don’t use SSL/TLS security mechanisms, including anonymous sessions.
# Do _not_ uncomment this blindly. Be sure that :
# 1) Your server has been compiled with SSL/TLS support (–with-tls),
# 2) A valid certificate is in place,
# 3) Only compatible clients will log in.
and many option availables such as:
- assigned individual quota, ratio and bandwidth.
- allowed to connect only from a specific range on IP address, or only to its own virtual host.
- downloads can be disallowed if the system load is too high.
- access to dot-files can be restricted.
- home directories can be created on-demand.
Please check PureFTPd web site for more details.
- Generate Certificate
- Change permission
- Restart PureFTPD services
- Alway perform status check before continue
- Download FileZilla at http://filezilla-project.org/
- Install Filezilla
- Trouble shooting
- Run tail -f /var/log/messages in your FTP server for monitoring any error messages or problem.
#openssl req -x509 -nodes -newkey rsa:1024 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem
#chmod 600 /etc/ssl/private/*.pem
#rcpure-ftpd restart
#rcpure-ftpd status
Click File -> Site Manager -> New Site -> Enter hostname or Ip Address -> Select FTPES FTP over explicit TLS/SSL -> Select logontype ask for password -> Enter your username -> click connect -> Enter your password for login to you pureFTPd over SSL FTP server.
Known Error:
- [WARNING] Sorry, cleartext sessions are not accepted on this server. Please reconnect using SSL/TLS security mechanisms - mean you’re login without TLS/SSL.
- [ERROR] Sorry, but that file doesn’t exist: [/etc/ssl/private/pure-ftpd.pem] - no certificate provider
- [DEBUG] This is a private system - No anonymous login, Disallow anonymous users access.
- PAM-listfile: Refused user root for service pure-ftpd - Disallow root users access.
After you make the changes in the configuration file, you must restart the ftp server to make these changes active. This can be done by giving the “rcpure-ftpd restart” command.
Possibly Related Posts:
- RSS Feed Submissions
- Geo Positions
- Interesting about Google Suggest
- Setup a Linux Highly Availability NFS servers
- How to find empty folders on Linux
