This article describes steps one can take to install and configure Pure-FTPD on Ubuntu Linux with SSL/TLS certificates.
Using FTP protocol is probably the easiest way to transfer files between a server and client computers. Anyone can simply download an FTP client and begin transferring files; however, it is inherently insecure in its standard form.
A more secure way to use FTP is via FTP over SSH or SFTP. If you are unable to configure SFTP, then the closest thing will be to enable SSL/TLS certificates with your setup or FTPS
The reason you may want SSL/TLS enabled on FTP is that FTP communicates over an insecure channel, and someone with the right tool could intercept data between the server and the client reading it.
With SSL/TLS, even if the data is intercepted, they may still be unable to read the content, and that’s because of the extra security.
How to Install Pure-FTPD in Ubuntu Linux
First, install Pure-FTPD. To install Pure-FTPD on Ubuntu Linux, run the commands below.
sudo apt update sudo apt-get install pure-ftpd
After installing Pure-FTPD, the commands below can be used to stop, start and enable the server service to always start up when the server boots.
sudo systemctl stop pure-ftpd.service sudo systemctl start pure-ftpd.service sudo systemctl enable pure-ftpd.service
How to create a self-signed SSL/TLS certificate in Ubuntu Linux
Now that Pure-FTPD is installed, run the commands below to generate a self-signed SSL/TLS certificate for the server. the commands create both the server key and certificate files and store them in the/etc/SSL/private directory.
You must keep both server key and certificate file names to be pure-ftpd.pem and should live in the /etc/ssl/private directory.
sudo openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem -days 365
After running the commands above, you’ll be prompted to answer a few questions about the certificate you’re generating… answer them and complete the process.
Generating a 2048 bit RSA private key ...+++ .+++ writing new private key to '/etc/ssl/private/pure-ftpd.pem' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:US State or Province Name (full name) [Some-State]:New York Locality Name (eg, city) :Brooklyn Organization Name (eg, company) [Internet Widgits Pty Ltd]:Website for Students Organizational Unit Name (eg, section) :SSL Unit Common Name (e.g. server FQDN or YOUR name) :example.com Email Address :email@example.com
Pure-FTPD server will use the key and certificate created above.
How to configure Pure-FTPD with SSL/TLS certificate
Now that you’ve generated the server private key and certificate files, go and configure Pure-FTPD to use the SSL/TLS certificate created above.
To do that, run the commands below as root (sudo bash) to force Pure-FTPD to communicate over TLS.
sudo bash echo "2" > /etc/pure-ftpd/conf/TLS
After adding the highlighted lines to the file, save it. Then run the commands below to restart the Pure-FTPD server.
sudo systemctl restart pure-ftpd
Now grab your favorite FTP client (FileZilla) and set up a new site in your site management and use FTP protocol with encryption with explicit FTP over TLS. Type your username and password and connect.
You should be prompted with a certificate. accept the certificate and continue. You may check the box at the bottom of the page to trust the certificate so you don’t get prompted in the future.
You should now be transferring files securely via SSL/TLS.
That should do it!
This post showed you how to install and configure Pure-FTPD in Ubuntu Linux with SSL/TLS certificate. If you find any error above or have something to add, please use the comment form below.