January 6, 2016

Pure-FTPD With FTPS Over TLS

I recently had to set up FTPS for a client as SFTP wasn’t an option. The benefit of FTPS with Pure-FTPD is the ability to save files as another user when uploading files. Here’s how to do it:

 

Give ourselves root privileges

sudo -i

 

For Debian/Ubuntu:

Update our aptitude cache

apt-get update

Install openssl and Pure-FTPD

apt-get install openssl pure-ftpd

 

For Centos/Fedora/Redhat

Update our yum cache

yum update

Install openssl and Pure-FTPD

yum install openssl pure-ftpd

 

 

Add a new user for which we want to use to log in, set their home directory that they’ll see when they log in and set their primary group as the owner of the files in that directory

adduser staging -d /var/www/wordpress -g nginx

Set a password for the new user, remember this as we’ll need to set it later to

passwd staging

The next two commands are important as they’ll display the users UID, which we need later on; make a note of both users’ UID

id staging
id nginx

 

Create the Pure-FTPD user database and set the details to the same as the adduser stage above, use the same password as the previous user creation also

pure-pw useradd staging -d /var/www/wordpress -u nginx
pure-pw mkdb

 

Make a new directory and create an SSL certificate, enter details as you wish when creating the SSL certificate, set Common Name to your servers hostname

mkdir -p /etc/ssl/private/
openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem

Make the certificate readable be root only

chmod 600 /etc/ssl/private/pure-ftpd.pem

 

Edit the Pure-FTPD config

vi /etc/pure-ftpd/pure-ftpd.conf

Uncomment and change TLS to 2 to allow only TLS connections

TLS 2

Uncomment the PureDB line to allow it to use our user

PureDB /etc/pure-ftpd/pureftpd.pdb

Change and set MinUID to the lowest UID from the “id staging and id nginx” command above, nginx will usually have the lower UID, but it depends on the users you’re going to use

MinUID 48

 

Restart PureFTPd

/etc/init.d/pure-ftpd restart

 

Connect using FTPS using SSL dependant on your client on port 21 as usual

Leave a Reply

Your email address will not be published. Required fields are marked *

css.php