This is a guide on how to configure ProFTPd for SFTP sessions. Secure File Transfer Protocol (SFTP) is a secure version of FTP which transfers files via the SSH protocol. ProFTPD can be reconfigured to serve SFTP sessions vs using the default FTP protocol. This guide assumes you already have a existing ProFTPD installation. If you do not already have it installed please follow How to Install Proftpd.
Edit /etc/proftpd.conf To Enable sFTP
nano /etc/proftpd.conf
Un-comment the following lines to load mod_sftp
#LoadModule mod_sftp.c #LoadModule mod_sftp_pam.c
To
LoadModule mod_sftp.c LoadModule mod_sftp_pam.c
Add the following to the end of the configuration (outside of the <global> </global> block to run it separately)
<IfModule mod_sftp.c> SFTPEngine ON SFTPLog /var/log/sftp.log Port 2222 SFTPHostKey /etc/ssh/ssh_host_rsa_key SFTPLog /var/log/proftpd/sftp.log SFTPCompression delayed </IfModule>
SFTPEngine – This will enable SFTP
SFTPLog – This will set the log file for sftp connections
Port – This will set the port ProFTPd will listen on for SFTP connections
SFTPHostKey – This points to the SSH key.
SFTPCompression – This sets the compression method used during transfers
Open the sFTP port in the firewall
Firewalld:
Enable firewall rule:
firewall-cmd --zone=public --add-port=2222/tcp --permanent
Load the new firewall
firewall-cmd --reload
Iptables:
Enable the firewall rule:
iptables -A INPUT -p tcp -m tcp --dport 2222 -j ACCEPT
Save the firewall rule:
iptables-save > /etc/sysconfig/iptables
Restart Proftpd
CentOS 7:
systemctl restart proftpd
CentOS 6:
service proftpd restart
Thats all you need to do to configure ProFTPd to accept ssh connections. You should now able to connect via port 2222 using a sFTP client.
View Comments (2)
firewall-cmd command not found Centos 6
Hello,
If you are running a firewall on Centos 6, it would likely be iptables? If so, please utilize the commands for iptables instead of firewalld