FreeBSD 14
Sponsored Link

FTP : ProFTPD Over SSL/TLS2024/02/15

Configure ProFTPD to use SSL/TLS.
[1] Create self-signed certificates.
However. if you use valid certificates like from Let's Encrypt or others, you don't need to create this one.
root@www:~ #
mkdir /usr/local/etc/ssl

root@www:~ #
cd /usr/local/etc/ssl

root@www:/usr/local/etc/ssl #
openssl req -x509 -nodes -newkey rsa:2048 -keyout proftpd.pem -out proftpd.pem -days 3650

Generating a RSA private key
writing new private key to 'proftpd.pem'
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [AU]:JP                            # country code
State or Province Name (full name) [Some-State]:Hiroshima       # State
Locality Name (eg, city) []:Hiroshima                           # city
Organization Name (eg, company) [Internet Widgits Pty Ltd]:GTS  # company
Organizational Unit Name (eg, section) []:Server World          # department
Common Name (e.g. server FQDN or YOUR name) []    # server's FQDN
Email Address []                                 # admin's email

root@www:/usr/local/etc/ssl #
chmod 600 proftpd.pem

[2] Configure ProFTPD.
root@www:~ #
vi /usr/local/etc/proftpd.conf
# add to last line

LoadModule mod_tls.c
<IfModule mod_tls.c>
  TLSEngine                     on
  TLSRequired                   on
  TLSRSACertificateFile         /usr/local/etc/ssl/proftpd.pem
  TLSRSACertificateKeyFile      /usr/local/etc/ssl/proftpd.pem
  TLSOptions                    NoSessionReuseRequired
  TLSLog                        /var/log/proftpd.log

# if firewall service is running on the system, 
# fix passv ports and allow them on firewall service
PassivePorts                    60000 60100

root@www:~ #
service proftpd restart

FTP Client : FreeBSD
Configure FTP Client to use FTPS connection.
[3] Install FTP Client on FreeBSD and configure like follows.
freebsd@client:~ $
vi ~/.lftprc
# create new

set ftp:ssl-auth TLS
set ftp:ssl-force true
set ftp:ssl-protect-list yes
set ftp:ssl-protect-data yes
set ftp:ssl-protect-fxp yes
set ssl:verify-certificate no
freebsd@client:~ $
lftp -u freebsd

FTP Client : Windows
[4] For example of FileZilla on Windows, Open [File] - [Site Manager].
[5] Input connection information like follows, and for encryption field, select [Require explicit FTP over TLS].
[6] If you set self-signed certificate, following warning is shown, it's no problem. Go next.
[7] If settings are OK, it's possible to connect to FTP server with FTPS like follows.
Matched Content