Centos 7X Enable ProFTPd TLS

Published by

Posted on November 11, 2018

Centos 7X Enable FTP TLS

Reference https://linuxconfig.org/setup-secure-proftpd-server-on-centos-7-with-tls

Set the port range in /etc/proftpd.conf
echo “PassivePorts 49152 65534″ >> /etc/proftpd.conf

Open the Firewall ports
firewall-cmd –add-port=49152-65534/tcp –permanent
firewall-cmd –reload

Validation
firewall-cmd –list-ports

Update the options in /etc/sysconfig/proftpd

From PROFTPD_OPTIONS=””
To PROFTPD_OPTIONS=”-DTLS”

Verify TLS has been setup in /etc/proftpd.conf


TLSEngine on
TLSRequired on
TLSRSACertificateFile /etc/pki/tls/certs/proftpd.pem
TLSRSACertificateKeyFile /etc/pki/tls/certs/proftpd.pem
TLSCipherSuite ALL:!ADH:!DES
#TLSCipherSuite HIGH:MEDIUM:+TLSv1:!SSLv2:+SSLv3
TLSOptions NoCertRequest
TLSVerifyClient off
#TLSRenegotiate ctrl 3600 data 512000 required off timeout 300
TLSLog /var/log/proftpd/tls.log

TLSSessionCache shm:/file=/var/run/proftpd/sesscache

Generate the SSL if you have not done so
openssl req -x509 -nodes -newkey rsa:1024 -keyout /etc/pki/tls/certs/proftpd.pem -out /etc/pki/tls/certs/proftpd.pem