FTPS and SFTP on Plesk with ProFTP

SFTP (SSH-FTP)
—————

You can add:

/usr/libexec/openssh/sftp-server
To /etc/shells

And then select this in the account as their shell. This will give them
access to only sftp with no additional software required.

FTPS (FTP over SSL)
——————-
Either purchase a certficate or create one:

cd /whereveryouwantthessl
openssl genrsa -des3 -out server.key 1024
openssl req -new -key server.key -out server.csr
openssl genrsa -des3 -out ca.key 1024
openssl req -new -x509 -days 365 -key ca.key -out ca.crt
wget http://frodubuntu.free.fr/ubuntu/sign.sh
chmod +x sign.sh
./sign.sh server.csr

The add the following to /etc/proftpd.include:

<IfModule mod_tls.c>
TLSEngine on
TLSLog /var/log/tls.log
#TLSProtocol TLSv1
TLSProtocol SSLv23

# Are clients required to use FTP over TLS when talking to this server?
TLSRequired off

# Server’s certificate
TLSRSACertificateFile /etc/proftpd.cert
TLSRSACertificateKeyFile /etc/proftpd.key

# CA the server trusts
TLSCACertificateFile /etc/proftpd.ca

# Authenticate clients that want to use FTP over TLS?
TLSVerifyClient off
</IfModule>

<Global>
PassivePorts 28000 28015
</Global>

(passive FTP needs to be enabled as the connection messages are encrypted therefore it cant see which ports the connection will be established on)

chmod 444 proftpd.include
reload xinetd
add passive ports to firewall

You can leave a response, or trackback from your own site.

Leave a Reply