Difference between revisions of "SCP and SFTP"

From ArchWiki
Jump to: navigation, search
m (Introduction: - added mini definition)
(added to howtos category)
Line 1: Line 1:
 +
[[Category:HOWTOs (English)]]
 +
 
= Introduction =
 
= Introduction =
  

Revision as of 15:27, 4 September 2008


Introduction

SFTP ('Secure File Transfer Protocol') encrypts passwords unlike plain FTP. SFTP is not really a true protocol, its just SSH + FTP or TLS/SSL + FTP . Note that there are many ways to do this. This is one of them.

Setting up FTP

we will use pure-ftpd:

pacman -Sy pure-ftpd openssh openssl

then you can go ahead and edit the configuration file:

vi /etc/pure-ftpd.conf

you can start and stop the pure-ftpd daemon by

/etc/rc.d/pure-ftpd start
/etc/rc.d/pure-ftpd stop
/etc/rc.d/pure-ftpd restart

and you can set it to automatically start by adding it to the modules list in /etc/rc.conf

Set up Certicificates

refer to http://download.pureftpd.org/pub/pure-ftpd/doc/README.TLS for information. The short version is this :

  1. Create a Self-Signed Certificate
mkdir -p /etc/ssl/private
openssl req -x509 -nodes -newkey rsa:1024 -keyout \
 /etc/ssl/private/pure-ftpd.pem \
 -out /etc/ssl/private/pure-ftpd.pem
chmod 600 /etc/ssl/private/*.pem

be wary that using 1024 bits in some countries will get you the legal banhammer.

Enable TLS

Towards the bottom of /etc/pure-ftpd.conf (roughly after line 400) you should find a section for TLS. Uncomment the TLS setting to 1 (which enables both FTP and SFTP):

TLS             1

now restart the pure-ftpd daemon and you should be able to login with sftp-enabled clients (dont forget to use port 22)