Definitive instructions for installing secure Proftpd with OpenSSL – Part 2

In part 1 of this guide we:

  • prep’d the server to compile our own installations of ProFTPd and OpenSSL
  • downloaded the latest OpenSSL source
  • compiled and installed OpenSSL

Now we’re going to do this for the latest version of ProFTPd.

Note: In this part of the guide we’re simply doing the basics and won’t be configuring ProFTPd in any way. We want to be sure we can get ProFTPd installed and running in debug mode with a default configuration before we get into the weeds. In later parts of this guide, we’ll configure the FTP server and I’ll go over the options I use and why I use them, in addition to making sure SSL works as intended.

Download, Compile, and Install ProFTPd

  1. Create some directories we’ll need for the latest version of ProFTPd. As we did in part 1 of the guide for OpenSSL, you may elect to not keep the full, unmodified, zipped src. I find it handy to have in the event I need it in the future..
    sudo mkdir /etc/proftpd
    sudo mkdir /etc/proftpd/install
    sudo mkdir /etc/proftpd/src
  2. Change directories to “install”
    cd /etc/proftpd/install
  3. Download latest version of ProFTPd
    sudo wget -c ftp://ftp.proftpd.org/distrib/source/proftpd-1.3.4b.tar.gz

    You can find the URL for the latest version in 2 places, proftpd.org (upper left hand corner under “current version”. The “GZ” link.) or Github. Just copy the URL to your clipboard and paste into the SSH command here. Note that this guide has only been tested with the version of ProFTPd noted above.

  4. Copy the source tarball to the “src” directory
    sudo cp proftpd-1.3.4b.tar.gz ../src/
  5. Change directories to “src”
    cd ../src
  6. Unzip the source
    sudo tar zxvf proftpd-1.3.4b.tar.gz
  7. Delete the zip file
    sudo rm proftpd-1.3.4b.tar.gz
  8. Change to the directory created from unzipping
    cd /etc/proftpd/src/proftpd-1.3.4b
  9. Configure your compile.
    As with OpenSSL, there are many, many options you can configure here. If you want to know more about them, see the proftpd documentation. This guide is based on the configuration options below so we won’t be covering any additional switches. This step is also dependent on how we installed OpenSSL in part 1. (line wraps)
    sudo ./configure --prefix=/etc/proftpd --enable-dso --disable-auth-file --enable-openssl --with-modules=mod_sftp --with-includes=/usr/local/ssl/include --with-libraries=/usr/local/ssl/lib

    options we’re using here:
    prefix = root directory where you want ProFTPd installed
    enable-dso = add support for run-time loadable modules
    disable-auth-file = not needed. we’re using the builtin Linux authentication mechanisms
    enable-openssl = required when secure module specified
    with-modules = bake these modules into the binary executable
    with-includes, --with-libraries = point to our custom OpenSSL src

  10. Compile
    sudo make
    (Use sudo make clean to reset the configuration back to default… helpful for trying different configuration options)
  11. Install
    sudo make install
  12. Open a second Putty SSH window (or use a different console if you’re using “screen”) and fire up ProFTPd in debug mode
    sudo /etc/proftpd/sbin/proftpd -n -d 20

Now, without configuring or changing a thing, and as long as port 21 is open on your firewall, you should be able to FTP to your server and see the SSH window running ProFTPd in debug mode fill with status. We don’t care about accounts, permissions, or root directories yet. We just want an indication that the server is listening and responding.

Part 3 coming soon. Stay tuned.

2 thoughts on “Definitive instructions for installing secure Proftpd with OpenSSL – Part 2”

  1. thank you for this tutorial .. but there is one thing! i had to change dir before run step 8
    “cd /etc/proftpd/src/proftpd-1.3.4b”
    thanks again
    A.J

    1. Updated. Thanks AJ. I’ve been sort of slacking and haven’t completed part 3 of the tutorial. Maybe I’ll be motivated to do that now. 😉

Leave a Reply

Your email address will not be published. Required fields are marked *