Results 1 to 8 of 8

Thread: ProFTPd with SFTP, custombuild overwrites conf

  1. #1
    Join Date
    Apr 2015
    Posts
    141

    ProFTPd with SFTP, custombuild overwrites conf

    Hey there,

    I've just noticed the following: if you enable SFTP with ProFTPd, as in this technote, and rebuild ProFTPd after that (I wanted to disable TLS, then rebuild), the custom SFTP config file (/etc/proftpd.conf) will be replaced by the default config. Granted, the "old" config will be renamed, so you can copy it back, but this caught me by surprise today. I'm thinking: what if I update to a future version with Custombuild, will my SFTP config be gone again? From a security standpoint that would not be very nice. Am I missing something?

  2. #2
    Join Date
    Apr 2005
    Location
    GMT +7.00
    Posts
    13,060
    Hello,

    For a safety I'd copy /etc/proftpd.conf /etc/proftpd.sftp.conf to custom/proftpd/ as well. Did you miss this step?
    Regards, Alex G.

    - You can hire me on www.poralix.com to work on your server
    - Follow and like @Poralix on Facebook

  3. #3
    Join Date
    Apr 2015
    Posts
    141
    Quote Originally Posted by zEitEr View Post
    Hello,

    For a safety I'd copy /etc/proftpd.conf /etc/proftpd.sftp.conf to custom/proftpd/ as well. Did you miss this step?
    Alex, I've looked at the technote, but that step isn't in it, or am I totally overlooking it? Or do you mean the steps below:

    "If you need ClamAV, CB2 will automatically add this to the proftpd.conf while it's being installed. As such, you'd also need to run:"
    ...because I'm afraid I stopped reading after "If you need ClamAV...", and the rest of that sentence is quite cryptic. Because what is this? And when is says "as such..." then I assume that it's not needed, when I don't need ClamAV.

    But looking at the commands, you're right though, I should have copied the config to "custom". Missed that.

    Thanks!

  4. #4
    Join Date
    Apr 2005
    Location
    GMT +7.00
    Posts
    13,060
    Yes, customized configs should be copied to custom folder.

    And the mention of ClamAV is rather confusing. ProFTPd can be built with ClamAV module, but the guide does not cover this moment at all.
    Regards, Alex G.

    - You can hire me on www.poralix.com to work on your server
    - Follow and like @Poralix on Facebook

  5. #5
    Join Date
    Apr 2015
    Posts
    141
    Thanks for confirming Alex.

    I've moved from PureFTP to ProFTPD because I wanted SFTP support. Now as it turns out, despite enabling SFTP as in the steps outlined in the technote, regular FTP is still enabled. I'm having baddies knock on my ports already, so I added the right log file to CSF/LFD to keep tabs on that, but I was wondering how to disable regular FTP or require SFTP.

    For FTPS there's this setting: TLSRequired. But there's no equivalent for SFTP.
    I changed the default port number from 21 to 0, and that seems to work:

    <VirtualHost 0.0.0.0>
    Port 0
    AuthUserFile /etc/proftpd.passwd
    </VirtualHost>
    But I notice that now it's also no longer possible to connect from localhost. Is that a problem?

  6. #6
    Join Date
    Apr 2015
    Posts
    141

  7. #7
    Join Date
    Apr 2005
    Location
    GMT +7.00
    Posts
    13,060
    I usually close 20,21 TCP/UDP ports for incoming connections with the help of firewall.
    Regards, Alex G.

    - You can hire me on www.poralix.com to work on your server
    - Follow and like @Poralix on Facebook

  8. #8
    Join Date
    Apr 2015
    Posts
    141
    Quote Originally Posted by zEitEr View Post
    I usually close 20,21 TCP/UDP ports for incoming connections with the help of firewall.
    Duh! Indeed, that would have been so much easier! Thanks Alex.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •