Ubuntu 10.04 ProFTPd with mod_sftp

SFTP enabled FTP: secure, chrooted FTP server.

The last releases of ProFTP contan a module, called mod_sftp. Yes. This is just the thing I was searching for years, trying to achive chrooted ssh with OpenSSH (see internal SFTP option), but now with a lot better solution.

But the thing is... Ubuntu's last LTS, 10.04 only has a version lower of ProFTPd. Compile? Yes, one solution, the hardcore way. The lazy way: Debian Sid, the current unstable version, and it's packages:

First, the two dependency package:

  • libncurses51
  • libssl0.9.82

And the ProFTPd itself:

  • proftpd-basic3

Install them:

dpkg -i *

Edit /etc/proftpd/modules.conf:

comment out the line, we don't need it for now.

LoadModule                mod_tls.c

add a line

LoadModule                mod_sftp.c

Also, edit /etc/proftpd/proftpd.conf, and add the following:

<ifmodule mod_sftp.c>

SFTPEngine on
SFTPLog /var/log/proftpd/sftp.log
TransferLog /var/log/proftpd/xferlog-sftp.log

# Configure the server to listen on the normal SSH2 port, port 22
Port 22

# Configure both the RSA and DSA host keys, using the same host key
# files that OpenSSH uses.
SFTPHostKey /etc/ssh/ssh_host_rsa_key
SFTPHostKey /etc/ssh/ssh_host_dsa_key

# Configure the file used for comparing authorized public keys of users.
SFTPAuthorizedUserKeys file:~/.sftp/authorized_keys

# Enable compression
SFTPCompression delayed

# Allow the same number of authentication attempts as OpenSSH.
# It is recommended that you explicitly configure MaxLoginAttempts
# for your SSH2/SFTP instance to be higher than the normal
# MaxLoginAttempts value for FTP, as there are more ways to authenticate
# using SSH2.
MaxLoginAttempts 3


You'll also need the change the port of the OpenSSH server, but that's recommended anyway.

  1. http://packages.debian.org/sid/amd64/libncurses5/download↩︎

  2. http://packages.debian.org/sid/amd64/libssl0.9.8/download↩︎

  3. http://packages.debian.org/en/sid/amd64/proftpd-basic/download↩︎