This website is deprecated, and remains online only for historic access to old issues and docs for historic versions of Virtualmin. It has been unmaintained for several years, and should not be relied on for up-to-date information. Please visit www.virtualmin.com instead.

Setting up FTPS

3 posts / 0 new

Topic locked

Last post

#1 Thu, 02/25/2016 - 07:59

craigh

Setting up FTPS

Hi there,

I've been poking around -- to be rather euphemistic about it -- the GPL version of Virtualmin for about two weeks now, and am planning to purchase the Pro version when (or if) I've resolved all of my issues.

I've resolved a number of issues with reference to the forums. The one I'm stuck on right now is with respect to jailing/chrooting users in their home directories. I'm not going to start a discussion about security; that's quite clearly been done here a thousand times. I would just like to get FTPS -- FTP over SSL (TLS) -- working because I believe that ProFTPd will take care of jailing/chrooting users sufficiently to meet my standards.

I've read the information ("How can I prevent FTP Users from Browsing the Entire Filesystem?") at https://www.virtualmin.com/documentation/security/faq , but following those instructions does not work for me. I've tried multiple different configurations at Virtualmin | Limits and Validation | FTP Directory Restrictions, but nothing prevents users from seeing files outside of their home directories. However, this doesn't really surprise me, as it seems that Virtualmin uses SFTP (SSH FTP) by default, and Jamie and Joe have already made fairly clear that they currently have no intention to address the issue in SSH.

I also started looking at the options under Virtualmin | System Customization | Custom Shells, but seeing as Virtualmin seems to block FTP connections on port 21 by default it seems to me that nothing I do there will achieve what I'm trying to achieve -- i.e., I could select "FTP only" on an appropriate shell, but if a user can't even connect via FTP on port 21, it doesn't really matter.

Some more research led me to the post at https://www.virtualmin.com/node/29262 . I'm running CentOS, so had to modify what I did slightly, but I believe I've done what is necessary to activate FTPS. The problem is, as I mentioned, that port 21 appears to be blocked by default, and I can't even connect to see if my configuration changes have worked.

So, to summarise:

The instructions at https://www.virtualmin.com/documentation/security/faq do not work for me, or I misunderstand what that function does and how to use it properly. Suggestions where I might go to debug why that's not working would be welcome.
As a result I've pursued other options, but I'm obviously missing something I need to change in the ProFTPd configuration to allow FTP connections on port 21 so that I can set up a TLS connection.

Port 21 is not firewalled on my system or network; I can connect via FTP to other servers.

Thanks in advance for any assistance.

Craig

#2 Thu, 02/25/2016 - 12:57

AskewDread

if proftpd running? try systemctl status proftpd if it is try adding this to your /etc/proftpd.conf file :)

# Port 21 is the standard FTP port.
Port                            21

then do a systemctl restart proftpd

otherwise if its not running do a

systemctl enable proftpd 
systemctl start proftpd

#3 Thu, 02/25/2016 - 16:42

craigh

Hi AskewDread,

Thanks. ProFTPd was indeed running, but I knew it had to be something simple like adding a directive like "port" somewhere, but I needed sleep. :) That said, I had to comment out the directives relating to SFTP on port 2222 before FTPS would work, but that was what I was aiming for anyway.

Thanks a bunch. I think I'm finally ready to upgrade to Pro.

Craig

Topic locked