How to Configure a Secure Port for FTP Connections on ProFTPD Ubuntu 18.04 Server

Introduction

ProFTPD is a popular and versatile FTP server that allows you to transfer files between your server and clients. However, to enhance security, it’s essential to configure a secure port for FTP connections, ensuring that data transferred between the server and clients remains encrypted. In this article, we’ll guide you through the steps to configure a secure port for FTP connections on a ProFTPD server running Ubuntu 18.04.

Prerequisites

Before you begin, make sure you have:

1. A server running Ubuntu 18.04 with ProFTPD installed.
2. Root or sudo access to your server.
3. Basic knowledge of Linux commands.

Step 1: Update and Upgrade

Start by updating your Ubuntu system to ensure that you have the latest security patches and software updates:

sudo apt update
sudo apt upgrade

This will help keep your system secure.

Step 2: Install ProFTPD

If ProFTPD is not already installed, you can install it using the following command:

sudo apt install proftpd

Step 3: Configuration

1. Backup the Configuration File: Before making any changes to the ProFTPD configuration, it’s a good practice to back up the original configuration file:

   sudo cp /etc/proftpd/proftpd.conf /etc/proftpd/proftpd.conf.backup

2. Edit the Configuration File: Open the ProFTPD configuration file with your preferred text editor. In this example, we’ll use nano:

   sudo nano /etc/proftpd/proftpd.conf

3. Enable SSL/TLS: Locate the following lines in the configuration file:

   # Include /etc/proftpd/tls.conf

Uncomment this line by removing the ‘#’ at the beginning. This line includes the TLS configuration, which is required for securing FTP connections.

4. Define SSL Certificate: To use SSL/TLS, you’ll need an SSL certificate. If you don’t have one, you can generate a self-signed certificate:

   sudo openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/ssl/private/proftpd.key -out /etc/ssl/certs/proftpd.crt

Follow the prompts to create the certificate. This command generates a self-signed certificate and key in the specified locations.

5. Configure the SSL/TLS Settings: Scroll down to the TLS configuration section, usually found near the end of the file. You can modify the settings to suit your needs, but a basic configuration might look like this:

   # TLS Configuration
   <IfModule mod_tls.c>
      TLSEngine on
      TLSLog /var/log/proftpd/tls.log
      TLSProtocol SSLv23
      TLSRSACertificateFile /etc/ssl/certs/proftpd.crt
      TLSRSACertificateKeyFile /etc/ssl/private/proftpd.key
   </IfModule>

Make sure the paths to the certificate and key files match where you generated them.

Step 4: Restart ProFTPD

After making these changes, restart the ProFTPD service to apply the configuration:

sudo systemctl restart proftpd

Step 5: Verify the Configuration

To ensure that your ProFTPD server is running with the secure port and SSL/TLS encryption, you can use an FTP client like FileZilla or command-line tools to connect to your server. Make sure to connect to the server using the secure FTP port (usually port 990 for FTPS) and specify the use of SSL/TLS.

Conclusion

By configuring a secure port for FTP connections and enabling SSL/TLS encryption on your ProFTPD server, you significantly enhance the security of your file transfers. This is crucial to protect sensitive data during transmission between the server and clients. Keep in mind that maintaining the security of your server is an ongoing process, and you should regularly update and monitor it for any potential vulnerabilities.