svalaskevicius/_proftpd_for_sftp.md

## _proftpd_for_sftp.md

      
    Raw
  

              _proftpd_for_sftp.md
            
          
    Setting up

The following commands assume the system is CentOS/RedHat Linux and ProFTPD configuration is same or similar to CentOS package version: 1.3.3g; release: 1.el6.
yum install proftpd

cd ~/
wget https://gist.github.com/raw/4296200/proftpd.conf.patch
cd /etc/
patch < ~/proftpd.conf.patch 

touch /etc/proftpd.sftp.passwd
chown nobody:nobody /etc/proftpd.sftp.passwd
chmod 600 /etc/proftpd.sftp.passwd


cd ~/
wget http://www.castaglia.org/proftpd/contrib/ftpasswd
chmod 755 ftpasswd

./ftpasswd --passwd --name=username --home=/mnt/public/media/ --shell=/bin/sh --uid=$(id -u apache) --gid=$(id -g apache)

cat ftpd.passwd >> /etc/proftpd.sftp.passwd
rm ftpd.passwd


/etc/init.d/proftpd restart
Usage with fileZilla

  Host: sftp://myhost
  Username: username
  Password: passwd
  Port: 2220


## proftpd.conf.patch
--- proftpd.conf  2012-12-15 12:58:55.417785548 +0000
+++ proftpd.conf	2012-12-15 14:53:48.325160573 +0000
@@ -19,7 +19,9 @@

 # Use pam to authenticate (default) and be authoritative
 AuthPAMConfig			proftpd
-AuthOrder			mod_auth_pam.c* mod_auth_unix.c
+AuthOrder			mod_auth_file.c*
+AuthUserFile			/etc/proftpd.sftp.passwd
+
 # If you use NIS/YP/LDAP you may need to disable PersistentPasswd
 #PersistentPasswd		off

@@ -123,7 +125,7 @@
 #
 # Support for the SSH2, SFTP, and SCP protocols, for secure file transfer over
 # an SSH2 connection (http://www.castaglia.org/proftpd/modules/mod_sftp.html)
-#   LoadModule mod_sftp.c
+LoadModule mod_sftp.c
 #
 # Use PAM to provide a 'keyboard-interactive' SSH2 authentication method for
 # mod_sftp (http://www.castaglia.org/proftpd/modules/mod_sftp_pam.html)
@@ -204,6 +206,24 @@
   BanControlsACLs		all allow user ftpadm
 </IfDefine>

+
+TLSRequired 	      off
+SFTPEngine         on
+
+Port               2220
+SFTPLog            /var/log/proftpd/sftp.log
+TransferLog        /var/log/proftpd/sftp-xferlog
+
+# Host Keys
+SFTPHostKey        /etc/ssh/ssh_host_rsa_key
+SFTPHostKey        /etc/ssh/ssh_host_dsa_key
+
+# Auth methods
+SFTPAuthMethods    password
+
+# SFTP specific configuration
+DefaultRoot        ~
+
 # Global Config - config common to Server Config and all virtual hosts
 # See: http://www.proftpd.org/docs/howto/Vhost.html
 <Global>
@@ -218,6 +238,8 @@
     AllowAll
   </Limit>

+  ExtendedLog			/var/log/proftpd/auth.log AUTH auth
+
 </Global>

 # A basic anonymous configuration, with an upload directory
	--- proftpd.conf 2012-12-15 12:58:55.417785548 +0000
	+++ proftpd.conf 2012-12-15 14:53:48.325160573 +0000
	@@ -19,7 +19,9 @@

	# Use pam to authenticate (default) and be authoritative
	AuthPAMConfig proftpd
	-AuthOrder mod_auth_pam.c* mod_auth_unix.c
	+AuthOrder mod_auth_file.c*
	+AuthUserFile /etc/proftpd.sftp.passwd
	+
	# If you use NIS/YP/LDAP you may need to disable PersistentPasswd
	#PersistentPasswd off

	@@ -123,7 +125,7 @@
	#
	# Support for the SSH2, SFTP, and SCP protocols, for secure file transfer over
	# an SSH2 connection (http://www.castaglia.org/proftpd/modules/mod_sftp.html)
	-# LoadModule mod_sftp.c
	+LoadModule mod_sftp.c
	#
	# Use PAM to provide a 'keyboard-interactive' SSH2 authentication method for
	# mod_sftp (http://www.castaglia.org/proftpd/modules/mod_sftp_pam.html)
	@@ -204,6 +206,24 @@
	BanControlsACLs all allow user ftpadm
	</IfDefine>

	+
	+TLSRequired off
	+SFTPEngine on
	+
	+Port 2220
	+SFTPLog /var/log/proftpd/sftp.log
	+TransferLog /var/log/proftpd/sftp-xferlog
	+
	+# Host Keys
	+SFTPHostKey /etc/ssh/ssh_host_rsa_key
	+SFTPHostKey /etc/ssh/ssh_host_dsa_key
	+
	+# Auth methods
	+SFTPAuthMethods password
	+
	+# SFTP specific configuration
	+DefaultRoot ~
	+
	# Global Config - config common to Server Config and all virtual hosts
	# See: http://www.proftpd.org/docs/howto/Vhost.html
	<Global>
	@@ -218,6 +238,8 @@
	AllowAll
	</Limit>

	+ ExtendedLog /var/log/proftpd/auth.log AUTH auth
	+
	</Global>

	# A basic anonymous configuration, with an upload directory