The File Transfer Protocol (FTP) is still a widely used technology to move files over a computer network. It is famous for being lightweight, easy to set up and use. FTP has a bad reputation as an insecure protocol because it transmits passwords and data in plain text. However, modern FTP servers like ProFTPD support FTP over TLS, so the connection is encrypted using TLS/SSL. In this tutorial, I will show you how to configure ProFTPD so that the connection is encrypted using TLS.

ProFTPd is an open source FTP server application that allows you to set up your own FTP servers on Linux machines, even more so if they are dedicated servers or cloud instances. We are going to install the latest version of ProFTPD on an Ubuntu 20.04 machine using Focal Fossa repositories, but it should work fine on most Debian-based distributions as well. We also set up TLS to secure the FTP connections.

Prerequisites

  • A fresh server instance, with Ubuntu 20.04 ( Focal Fossa ) installed.
  • Sudo/root privileges for installing/configuring applications.

Updating your system

It is always a good idea to update your system before installing any packages or software, especially when it comes from external repositories. We will use the “apt-get” utility for that:

sudo apt-get update -y
sudo apt-get upgrade -y

Reboot your server if there are any kernel updates to apply the changes

sudo reboot now

Installing ProFTPD Server

Now that your system is up to date, we can continue with the installation of ProFTPD.

By default, ProFTPD is available on Focal Fossa repositories, which you can install with the following command:

sudo apt-get install proftpd -y

Install ProFTPD

Once the installation is completed, you can start the proftpd service and enable it to start automatically a boot time.

sudo systemctl start proftpd
sudo systemctl enable proftpd

Enable ProFTPD service

Now that the service is running, we can check its status using:

sudo systemctl status proftpd

ProFTPD service is running

You can see the active (running) in green so that it’s safe to conclude that the proftpd daemon is working as expected.

The default configuration files of ProFTPD are available on the /etc/proftpd/proftpd.conf directory.

You can view the content of the configuration file by running:

sudo nano /etc/proftpd/proftpd.conf

ProFTPD configuration file

The configuration is broken down into a number of sections of directives. Let’s take a look at those directives.

The DefaultRoot directive tells the FTP server where to serve files by default. The value of DefaultRoot can be either an absolute or relative path. When the DefaultRoot directive is set to ~ (the tilde character), the users will be restricted to their home directories. You can change the path to another folder for example:

DefaultRoot /home/Linux/Docs

You can use various directives to set each user to a specific directory. For example:

DefaultRoot /home/linux A
DefaultRoot / B

Those lines indicate that user A will be logged in to the /home/linux directory and user B will be logged in to the entire system.

The ServerName directive is used to define a name for the FTP server. This directive can be used in logs and notifications, so you should set it to a descriptive name that is meaningful to you.

ServerName "Vitux"

The Port directive defines the port number on which the FTP server will be listening for connections. The default value of this directive is 21.

Creating ProFTPD Users

For security reasons, you should create a dummy user account, with restricted permission, that only has access to their home directory. This is good practice to follow when you allow users to upload or download files on your FTP server.

The installed version of ProFTPD doesn’t come with pre-created users and configuration options out of the box. We will need to add a new user for this purpose.

Let’s create a FTP user linuxways with the folder /home/linuxways as the home folder.

sudo useradd -m linuxways

Create a new password for the new user.

sudo passwd linuxways

Now you can test the FTP connection using the user “linuxways”. Open your preferred FTP client (FileZilla, CoreFTP or any others), fill in the details such as IP address, username, password and Port and click on Quick Connect.

Connect to FTP Server

As you can see we can now access the FTP with the newly created user. The ProFTPd server is running and working as expected.

In case you want to add more users, simply create them using the useradd command with your desired username. You can also grant root privileges to a FTP user if needed.

Configure TLS for ProFTPD

In order to secure FTP connection, you can use TLS. In this section, we will configure ProFTPD with a TLS certificate from Let’s Encrypt (a free SSL provider) and activate the newly created certificate within the configuration file.

First, install OpenSSL

sudo apt-get install openssl -y

Install OpenSSL

Now that we have OpenSSL installed, let’s generate an SSL certificate.

sudo openssl req -x509 -newkey rsa:1024 -keyout /etc/ssl/private/proftpd.key -out /etc/ssl/certs/proftpd.crt -nodes -days 365

Let’s take a quick look at what is happening here. We are creating the directory where the SSL certificates will be created (/etc/ssl), generating the certificate request and granting it a validity of one year (365 days). We are also specifying the private key file and the certificate file. You will have to answer some questions about your organization like the one below. Just type in the answer and hit Enter

Get SSL cert

The above command will create two files: proftpd.key and proftpd.crt that we will need to configure ProFTPD.

Change the permission of the key files and to 600.

sudo chmod 600 /etc/ssl/private/proftpd.key
sudo chmod 600 /etc/ssl/certs/proftpd.crt

Now we need to edit the main configuration file, located at /etc/proftpd/proftpd.conf, and add some information about our newly created certificate files.

sudo nano /etc/proftpd/proftpd.conf

Uncomment the SSL and TLS section by deleting the “#” at the beginning of the line, so you can use FTP over SSL.

Configure TLS in ProFTPD

Save and close the file. Now let’s configure the tls.conf file

sudo nano /etc/proftpd/tls.conf

Find and uncomment the following lines by deleting the “#” at the beginning of each line.

Enable TLS module

SSL cert file

TLS options

Save and close the file. Don’t forget to restart the service.

sudo systemctl restart proftpd

If you want to check if everything is working as expected, use an FTP client and connect to your server with SSL enabled. You should be presented with a TLS warning from your FTP client

It is common to get TLS warnings from FTP clients. After you allow or OK the warning, the SSL connection should be established and you can continue to use the FTP client as usual.

Conclusion

In this tutorial, we have installed ProFTPD on our Ubuntu 20.04 server, created a user for FTP connection and tested its functionality. We have also configured TLS to secure the FTP connection from eavesdropping or tampering with data in transit. In case you need more information about ProFTPD configuration options, make sure to check their official documentation.

 

How to Install ProFTPD on Ubuntu 20.04

Karim Buzdar

About the Author: Karim Buzdar holds a degree in telecommunication engineering and holds several sysadmin certifications. As an IT engineer and technical author, he writes for various web sites. You can reach Karim on LinkedIn