Secure FTP

[interfasys]

We just need the default DA config to support FTP w/ implicit SSL.

It could use the server's SSL cert or a snakeoil, it doesn't matter.

 

[Yikes2000]

On FreeBSD, the SSH daemon handles secure FTP. So if you enable SSH for a user, that user will be able to secure FTP into your server. Reading the SSH_CONFIG man page (look for 'Subsystem') indicates that this is standard for SSH daemons.

Is this what you're asking?

 

[interfasys]

Hello,

No this is not what I need
You are talking about SFTP, but we don't want to give shell access to our customers.

FTP w/SSL allows a user to protect its connection by using a server SSL certificate. It's very convenient.

 

[TheLinuxGuy]

For future reference you have to recompile proftp from source using --with-modules=mod_tls

and add something like:

<IfModule mod_tls.c>
TLSEngine on
TLSLog /var/ftpd/tls.log
TLSProtocol TLSv1

# Are clients required to use FTP over TLS when talking to this server?
TLSRequired off

# Server's certificate
TLSRSACertificateFile /etc/ftpd/server.cert.pem
TLSRSACertificateKeyFile /etc/ftpd/server.key.pem

# CA the server trusts
TLSCACertificateFile /etc/ftpd/root.cert.pem

# Authenticate clients that want to use FTP over TLS?
TLSVerifyClient off
</IfModule>

to proftpd.conf. You also have to create the certificates.

 

[yorn]

This topic appears to be quite old and maybe even dead.
Still, I think it's a great idea to provide FTP-SSL support by default.
With that I mean that DirectAdmin should come with a ProFTPd binary that already supports SSL.
After all, FTP-SSL is a great way to offer users protected connections without the need to give them a shell account.

 

[Duboux]

I second that

Secure connections to web, mail and ftp should the standard..

 

[IMcomGuy]

You definitely have my vote on this one as well.

 

[jackc]

Yes, needing this as well.

 

[floyd]

Why don't one of you volunteer to recompile the rpm so that it supports ssl.

 

[yorn]

I already compiled an RPM on Fedora 7, if anyone would volunteer to host it, you may all use it at your own risk. I got it to work on Fedora 7, haven't tested other platforms. You also need to modify the configfile yourself.
I can't host it myself, I only manage a server but deciding what should be hosted is done by someone else, I rather not interfere with that just because i'm not the only one who wants TLS/SSL FTP (which should be supported by DirectAdmin anyway, not by their clients)

Please contact me through the Private Message system of this forum if you want to host the rpm files.

 

[floyd]

which should be supported by DirectAdmin

That is one opinion. DA just installs the default Proftpd for a particular OS because that is what they chose to write their control panel for. Its not a DA specific install of Proftpd. If one needs customization then that is up to the server admin.

Instead of indicating that DA should support ssl in proftpd by default maybe proftpd should be told to support ssl by default. They are the ones responsible for supporting their product. And that is just my opinion.

 

[yorn]

The fact that compiling with --with-modules=mod_tls allows SSL connections to be used proves that ProFTPd already supports TLS/SSL out of the box IMHO.
It's up to DirectAdmin whether they do or do not include that compile flag.

 

[floyd]

The fact that compiling with --with-modules=mod_tls allows SSL connections to be used proves that ProFTPd already supports TLS/SSL out of the box IMHO.

It doesn't work out of the box with any of the rpm's I have ever used. It in order to get it to work you have to compile it yourself which is what TheLinuxGuy said.

DA uses the rpm. The DA install doesn't do a custom compile. A custom compile is what needs to be done until the ones who are responsible for doing the rpm's decide to include it.

 

[floyd]

This is starting to get off topic now. The feature request was made and the alternative was suggested. Its up to DA now if they want to do it. What should and should not be included is up to DA. Its their product.

 

[smtalk]

We've included proFTPD into the custombuild script And it's compiled from the source. I'm planning to add this feature, but firstly, I will talk about it with John

 

[smtalk]

TLS support has been added to the custombuild script.

 

[jackc]

TLS support has been added to the custombuild script.

great, thanks!
How to custombuild proftpd with TLS support?

 

[mrtwice99]

great, thanks!
How to custombuild proftpd with TLS support?

I would also like to know this.

 

[smtalk]

It's added by default to configure/proftpd/configure.proftpd So it's compiled-in, if it doesn't work for you - then you need to take a look at /etc/proftpd.conf file.

 

[fwpeter]

It's added by default to configure/proftpd/configure.proftpd So it's compiled-in, if it doesn't work for you - then you need to take a look at /etc/proftpd.conf file.

Is there a way to achieve this with the customapache build script?