From ArchWiki
Revision as of 15:27, 4 September 2008 by Hyperwired (talk | contribs) (added to howtos category)
Jump to: navigation, search


SFTP ('Secure File Transfer Protocol') encrypts passwords unlike plain FTP. SFTP is not really a true protocol, its just SSH + FTP or TLS/SSL + FTP . Note that there are many ways to do this. This is one of them.

Setting up FTP

we will use pure-ftpd:

pacman -Sy pure-ftpd openssh openssl

then you can go ahead and edit the configuration file:

vi /etc/pure-ftpd.conf

you can start and stop the pure-ftpd daemon by

/etc/rc.d/pure-ftpd start
/etc/rc.d/pure-ftpd stop
/etc/rc.d/pure-ftpd restart

and you can set it to automatically start by adding it to the modules list in /etc/rc.conf

Set up Certicificates

refer to for information. The short version is this :

  1. Create a Self-Signed Certificate
mkdir -p /etc/ssl/private
openssl req -x509 -nodes -newkey rsa:1024 -keyout \
 /etc/ssl/private/pure-ftpd.pem \
 -out /etc/ssl/private/pure-ftpd.pem
chmod 600 /etc/ssl/private/*.pem

be wary that using 1024 bits in some countries will get you the legal banhammer.

Enable TLS

Towards the bottom of /etc/pure-ftpd.conf (roughly after line 400) you should find a section for TLS. Uncomment the TLS setting to 1 (which enables both FTP and SFTP):

TLS             1

now restart the pure-ftpd daemon and you should be able to login with sftp-enabled clients (dont forget to use port 22)