ProFTPd

This article will show you how to install a custom ProFTPd daemon. While each user has FTP and SFTP access to their slots, a custom ProFTPd daemon will allow you to set up other users and jail them to directories on your slot, or connect via FTPS.

You'll need to execute some commands via SSH to use this software. There is a separate guide on how to connect to your slot via SSH. Commands are kept as simple as possible and in most cases will simply need to be copied and pasted into the terminal window (then executed by pressing the Enter key).

Table of contents

Installation

The following steps will get ProFTPd's source and build it on your slot. You run the commands below by logging in via SSH, then copying and pasting the following:

wget -qO ~/proftpd.tar.gz ftp://ftp.proftpd.org/distrib/source/proftpd-1.3.6.tar.gz
tar xf ~/proftpd.tar.gz -C ~/
cd proftpd-*
install_user=$(whoami) install_group=$(whoami) ./configure --prefix=$HOME/proftpd --enable-openssl --enable-dso --enable-nls --enable-ctrls --with-shared=mod_ratio:mod_readme:mod_sftp:mod_tls:mod_ban:mod_shaper
make && make install
mkdir -p ~/proftpd/etc/sftp/authorized_keys ~/proftpd/etc/keys ~/proftpd/ssl
cd && rm -rf proftpd-* proftpd.tar.gz

Basic ProFTPd Configuration

Three things must be completed:

  1. Grab the configs and tweak the default settings
  2. Generate keys and certificates for SFTP and FTPS
  3. Create the main user and group

Each of the three things above can be done by copying and pasting the relevant commands found below.

Grab three default config files and tweak them for your main Feral user:

wget -qO ~/proftpd/etc/proftpd.conf https://bitbucket.org/feralio/wiki/raw/HEAD/src/wiki/software/proftpd/proftpd.conf
wget -qO ~/proftpd/etc/sftp.conf https://bitbucket.org/feralio/wiki/raw/HEAD/src/wiki/software/proftpd/sftp.conf
wget -qO ~/proftpd/etc/ftps.conf https://bitbucket.org/feralio/wiki/raw/HEAD/src/wiki/software/proftpd/ftps.conf
sed -i 's|/media/DiskID/defaultUser|'$HOME'|g' ~/proftpd/etc/proftpd.conf
sed -i 's|User defaultUser|User '$(whoami)'|g' ~/proftpd/etc/proftpd.conf
sed -i 's|Group defaultGroup|Group '$(whoami)'|g' ~/proftpd/etc/proftpd.conf
sed -i 's|AllowUser defaultUser|AllowUser '$(whoami)'|g' ~/proftpd/etc/proftpd.conf
sed -i 's|/media/DiskID/defaultUser|'$HOME'|g' ~/proftpd/etc/sftp.conf
sed -i 's|Port 23001|Port '$(shuf -i 10001-49999 -n 1)'|g' ~/proftpd/etc/sftp.conf
sed -i 's|/media/DiskID/defaultUser|'$HOME'|g' ~/proftpd/etc/ftps.conf
sed -i 's|Port 23002|Port '$(shuf -i 10001-49999 -n 1)'|g' ~/proftpd/etc/ftps.conf

The next thing to do is generate some keys and certificates for our SFTP and FTPS setups. Copy and paste the following commands to do this:

ssh-keygen -qt rsa -N '' -f ~/proftpd/etc/keys/sftp_rsa
ssh-keygen -qt dsa -N '' -f ~/proftpd/etc/keys/sftp_dsa
openssl req -new -x509 -nodes -days 365 -subj '/C=GB/ST=none/L=none/CN=none' -newkey rsa:2048 -keyout ~/proftpd/ssl/proftpd.key.pem -out ~/proftpd/ssl/proftpd.cert.pem

Finally we need to create our main user and group. Copy and paste and enter a password when prompted:

~/proftpd/bin/ftpasswd --group --name $(whoami) --file ~/proftpd/etc/ftpd.group --gid $(id -g $(whoami)) --member $(whoami)
~/proftpd/bin/ftpasswd --passwd --name $(whoami) --file ~/proftpd/etc/ftpd.passwd --uid $(id -u $(whoami)) --gid $(id -g $(whoami)) --home $HOME/ --shell /bin/false

Note that, as with any use of passwd, your input will not be interactive. There will not be ***** displayed as you type.

Starting, stopping and restarting

This section covers the ProFTPd process - starting it, stopping it and restarting it. It also covers checking if the process is running, in case that becomes necessary.

SFTP

start
~/proftpd/sbin/proftpd -c ~/proftpd/etc/sftp.conf
check running
cat ~/proftpd/sftp.pid
stop
cat ~/proftpd/sftp.pid | xargs kill
restart
cat ~/proftpd/sftp.pid | xargs kill && sleep 15 && ~/proftpd/sbin/proftpd -c ~/proftpd/etc/sftp.conf
kill (force stop)
cat ~/proftpd/sftp.pid | xargs kill -9 && rm -rf ~/proftpd/sftp.pid

FTPS

start
~/proftpd/sbin/proftpd -c ~/proftpd/etc/ftps.conf
check running
cat ~/proftpd/ftps.pid
stop
cat ~/proftpd/ftps.pid | xargs kill
restart
cat ~/proftpd/ftps.pid | xargs kill && sleep 15 && ~/proftpd/sbin/proftpd -c ~/proftpd/etc/ftps.conf
kill (force stop)
cat ~/proftpd/ftps.pid | xargs kill -9 && rm -rf ~/proftpd/ftps.pid

The check commands work as follows: if the process is running a list of relevant process ID numbers will be listed; if No such file or directory is returned the process is not running.

Please note that the bash script at the top of the page can also be used for restarting ProFTPd.

Automatically restarting ProFTPd if it is not running

Cron jobs can be used to check if ProFTPd is running and start it up if it is not. There is a separate page on configuring cron jobs.

Using ProFTPd

Connecting to the custom daemon is almost the same as connecting to the Feral ProFTPd daemon. The main difference is that you need to supply a port - the custom port your processes are running on.

To get the port for your custom SFTP process, run the following command:

sed -nr 's/^Port (.*)/\1/p' ~/proftpd/etc/sftp.conf

To get the port for your custom FTPS process, run the following command:

sed -nr 's/^Port (.*)/\1/p' ~/proftpd/etc/ftps.conf

Further Configuration - Adding Jails and Custom Users

Following this guide will leave you with a custom daemon that your main user can access via either SFTP or FTPS. While the addition of FTPS connectivity adds something over and above the default Feral-managed ProFTPd daemon, this is not the limit to what can be done. You can add further users and jails (the directories which a user can access) to extend the functionality.

A script has been created to take you through the creation of jails and users. Call it with the following command:

wget -qO ~/proftpd.adduser.sh https://bitbucket.org/feralio/wiki/raw/HEAD/src/wiki/software/proftpd/proftpd.adduser.sh && bash ~/proftpd.adduser.sh

Report any issues with the script in a ticket. Ensure you let staff know exactly what you entered and what the script returned so they can try to help you.

Troubleshooting

Username / password is incorrect
The error is likely to be a very general "something went wrong while logging in" while not revealing any more information. Here are some things you might want to check (the list is not meant to be exhaustive):
  • Check the username is correct.
  • Check the password is correct (use copy and paste but make sure you don't copy extra spaces).
  • Check the port and protocol.
  • For a jailed user, ensure their folder exists.
  • Check the logs.

Uninstallation

cat ~/proftpd/sftp.pid | xargs kill
cat ~/proftpd/ftps.pid | xargs kill
rm -rf ~/proftpd/