ProFTPd with SFTP, custombuild overwrites conf

zmippie

Verified User
Joined
Apr 19, 2015
Messages
142
Hey there,

I've just noticed the following: if you enable SFTP with ProFTPd, as in this technote, and rebuild ProFTPd after that (I wanted to disable TLS, then rebuild), the custom SFTP config file (/etc/proftpd.conf) will be replaced by the default config. Granted, the "old" config will be renamed, so you can copy it back, but this caught me by surprise today. I'm thinking: what if I update to a future version with Custombuild, will my SFTP config be gone again? From a security standpoint that would not be very nice. Am I missing something?
 

zEitEr

Super Moderator
Joined
Apr 11, 2005
Messages
13,932
Location
GMT +7.00
Hello,

For a safety I'd copy /etc/proftpd.conf /etc/proftpd.sftp.conf to custom/proftpd/ as well. Did you miss this step?
 

zmippie

Verified User
Joined
Apr 19, 2015
Messages
142
Hello,

For a safety I'd copy /etc/proftpd.conf /etc/proftpd.sftp.conf to custom/proftpd/ as well. Did you miss this step?
Alex, I've looked at the technote, but that step isn't in it, or am I totally overlooking it? Or do you mean the steps below:

"If you need ClamAV, CB2 will automatically add this to the proftpd.conf while it's being installed. As such, you'd also need to run:"
...because I'm afraid I stopped reading after "If you need ClamAV...", and the rest of that sentence is quite cryptic. Because what is this? And when is says "as such..." then I assume that it's not needed, when I don't need ClamAV.

But looking at the commands, you're right though, I should have copied the config to "custom". Missed that.

Thanks!
 

zEitEr

Super Moderator
Joined
Apr 11, 2005
Messages
13,932
Location
GMT +7.00
Yes, customized configs should be copied to custom folder.

And the mention of ClamAV is rather confusing. ProFTPd can be built with ClamAV module, but the guide does not cover this moment at all.
 

zmippie

Verified User
Joined
Apr 19, 2015
Messages
142
Thanks for confirming Alex.

I've moved from PureFTP to ProFTPD because I wanted SFTP support. Now as it turns out, despite enabling SFTP as in the steps outlined in the technote, regular FTP is still enabled. I'm having baddies knock on my ports already, so I added the right log file to CSF/LFD to keep tabs on that, but I was wondering how to disable regular FTP or require SFTP.

For FTPS there's this setting: TLSRequired. But there's no equivalent for SFTP.
I changed the default port number from 21 to 0, and that seems to work:

<VirtualHost 0.0.0.0>
Port 0
AuthUserFile /etc/proftpd.passwd
</VirtualHost>
But I notice that now it's also no longer possible to connect from localhost. Is that a problem?
 

zEitEr

Super Moderator
Joined
Apr 11, 2005
Messages
13,932
Location
GMT +7.00
I usually close 20,21 TCP/UDP ports for incoming connections with the help of firewall.
 
Top