From ArchWiki
Revision as of 15:38, 4 September 2008 by Hyperwired (talk | contribs)
Jump to: navigation, search


SFTP ('Secure File Transfer Protocol') encrypts passwords unlike plain FTP. SFTP is not really a true protocol, its just SSH + FTP or TLS/SSL + FTP . Note that there are many ways to do this. This is one of them.

This setup in particular (using pure-ftpd) encrypts usernames, passwords, commands and server replies, but does NOT encrypt the data channel. This also means that that there is reduced performance cost on data transfer.

Setting up FTP with pure-ftpd

we will use pure-ftpd:

pacman -Sy pure-ftpd openssh openssl

then you can go ahead and edit the configuration file:

vi /etc/pure-ftpd.conf

you can start and stop the pure-ftpd daemon by

/etc/rc.d/pure-ftpd start
/etc/rc.d/pure-ftpd stop
/etc/rc.d/pure-ftpd restart

and you can set it to automatically start by adding it to the modules list in /etc/rc.conf

Set up Certicificates

refer to for information. The short version is this :

  1. Create a Self-Signed Certificate
mkdir -p /etc/ssl/private
openssl req -x509 -nodes -newkey rsa:1024 -keyout \
 /etc/ssl/private/pure-ftpd.pem \
 -out /etc/ssl/private/pure-ftpd.pem
chmod 600 /etc/ssl/private/*.pem

be wary that using 1024 bits in some countries will get you the legal banhammer.

Enable TLS

Towards the bottom of /etc/pure-ftpd.conf (roughly after line 400) you should find a section for TLS. Uncomment the TLS setting to 1 (which enables both FTP and SFTP):

TLS             1

now restart the pure-ftpd daemon and you should be able to login with sftp-enabled clients (dont forget to use port 22)