Linux

/
/
Configuring SFTP on ProFTPD

Configuring SFTP on ProFTPD

To use SFTP with the ProFTPD FTP server, install and configure the corresponding module.

Connect to the server via SSH as root and install the module:

apt install proftpd-mod-sftp-ldap
yum install proftpd-mod-sftp-ldap

Uncomment or add the LoadModule mod_sftp.c line in the /etc/proftpd/modules.conf configuration file:

sed -i 's/#LoadModule mod_sftp.c/LoadModule mod_sftp.c/g' /etc/proftpd/modules.conf

Next, restart the ProFTPD service and check if the module is enabled:

service proftpd restart
proftpd -vv | grep mod_sftp

The SFTP module requires its own encryption keys. Create a directory for them and generate the keys:

mkdir -p /etc/proftpd/keys
ssh-keygen -t rsa -b 4096 -f /etc/proftpd/keys/sftp_host_rsa_key -N "" -m PEM

Create a configuration file and log for the module:

touch /etc/proftpd/conf.d/sftp.conf
touch /var/log/proftpd/sftp.log

Before adding the configuration, select any suitable port on the server and check if it's busy. For example, port 2222:

ss -tulpan | grep 2222

If the port is not in use, the command output will be empty.

Instead of <server_ip_address> and <port_number>, in the configuration below, specify your server's IP address and the selected free port on which the service will listen.

Add the following configuration to the created file:

<IfModule mod_sftp.c>
  <VirtualHost <server_ip_address>>
    Port <port_number>
    
    # FTPS must be disabled to prevent conflicting with SFTP
    TLSEngine off
    
    # Enabling SFTP
    SFTPEngine on
    SFTPLog /var/log/proftpd/sftp.log
    SFTPHostKey /etc/proftpd/keys/sftp_host_rsa_key
    
    # Allowing user authentication with the /usr/sbin/nologin shell
    RequireValidShell off
    
    # Authentication methods
    SFTPAuthMethods password publickey
    SFTPAuthorizedUserKeys file:~/.ssh/authorized_keys
    
    # Permission to overwrite files
    <Directory />
      AllowOverwrite yes
    </Directory>
    
  </VirtualHost>
</IfModule>

Check the configuration:

proftpd -t

If the syntax is correct, the output will be as follows:

Checking syntax of configuration file
Syntax check complete.

Restart the service:

service proftpd restart

Check the availability of the FTP server on the port specified for SFTP from an external device:

sftp -P <port_number> <ftp_user_name>@<server_ip_address>