Jump to content
View in the app

A better way to browse. Learn more.
Froxlor Forum

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Configuring Proftpd to act as SFTP Server

naytsyrhc
in Development

Featured Replies

Hi there,

 

just wanted to share some information about setting up proftpd as sftp server with froxlor users.

 

I searched for this solution but couldn't find anything that suited my needs.

 

So, what I wanted to achieve was the following:

  • Using Froxlor FTP-Account management
  • No SSH Access for FTP-Users
  • Chroot for FTP-Users
  • No FTP Protocol  (to avoid Firewall-Config-Nightmares)
  • No interference with standard ssh access

The setup was quite easy/straight-forward:

 

1st edit /etc/proftpd/modules.conf and add following line:

LoadModule mod_sftp.c

 2nd edit /etc/proftpd/sql.conf and add following line:

Include /etc/proftpd/sftp.conf

3rd create file /etc/proftpd/sftp.conf with following content:

<IfModule mod_sftp.c>
SFTPEngine				on
SFTPLog					/var/log/proftpd/sftp.log
SFTPHostKey				/etc/ssh/ssh_host_dsa_key
SFTPHostKey				/etc/ssh/ssh_host_rsa_key
</IfModule>

4th restart proftpd:

service proftpd restart

Now your users are able to login to SFTP using standard FTP Port 21 (and you only need to open that port in your firewall), SSH File Transfer Protocol and will only be able to write to the FTP-Directory (i.e. customers home).

 

Hope this helps someone.

  • 4 months later...

I think this is exactly what I was looking for. Thank you!

  • 1 month later...

Secondly, I want to add the ability to "publish" DNS zones to an external server. For example... I have several Froxlor hosting servers each with their own DNS zones. I also have dedicated public DNS servers that will do the actual work. Froxlor would connect to these DNS servers and setup slave zones on them.

  • 7 months later...

Hi,

thanks for the config, exactly this I was searching for.

But it do not work, I get only a "Protocol error" when I try to connect.

 

Here is the log of the connection attempt:

Nov 12 18:36:33 mod_sftp/0.9.8[28999]: using '/etc/ssh/ssh_host_dsa_key' as DSA hostkey
Nov 12 18:36:33 mod_sftp/0.9.8[28999]: using '/etc/ssh/ssh_host_rsa_key' as RSA hostkey
Nov 12 18:36:33 mod_sftp/0.9.8[28999]: error using DisplayLogin 'welcome.msg': No such file or directory
Nov 12 18:36:33 mod_sftp/0.9.8[28999]: received client version 'SSH-2.0-WinSCP_release_5.7.6'
Nov 12 18:36:33 mod_sftp/0.9.8[28999]: handling connection from SSH2 client 'WinSCP_release_5.7.6'
Nov 12 18:36:33 mod_sftp/0.9.8[28999]:  + Session key exchange: diffie-hellman-group-exchange-sha256
Nov 12 18:36:33 mod_sftp/0.9.8[28999]:  + Session server hostkey: ssh-rsa
Nov 12 18:36:33 mod_sftp/0.9.8[28999]:  + Session client-to-server encryption: aes256-ctr
Nov 12 18:36:33 mod_sftp/0.9.8[28999]:  + Session server-to-client encryption: aes256-ctr
Nov 12 18:36:33 mod_sftp/0.9.8[28999]:  + Session client-to-server MAC: hmac-sha1
Nov 12 18:36:33 mod_sftp/0.9.8[28999]:  + Session server-to-client MAC: hmac-sha1
Nov 12 18:36:33 mod_sftp/0.9.8[28999]:  + Session client-to-server compression: none
Nov 12 18:36:33 mod_sftp/0.9.8[28999]:  + Session server-to-client compression: none
Nov 12 18:36:36 mod_sftp/0.9.8[28999]: authentication request for user 'apollox' blocked by 'USER' handler
Nov 12 18:36:36 mod_sftp/0.9.8[28999]: disconnecting (Protocol error)

EDIT:

Problem solved

  • 6 months later...

Hi there,

 

just wanted to share some information about setting up proftpd as sftp server with froxlor users.

 

I searched for this solution but couldn't find anything that suited my needs.

 

So, what I wanted to achieve was the following:

  • Using Froxlor FTP-Account management
  • No SSH Access for FTP-Users
  • Chroot for FTP-Users
  • No FTP Protocol  (to avoid Firewall-Config-Nightmares)
  • No interference with standard ssh access

The setup was quite easy/straight-forward:

 

1st edit /etc/proftpd/modules.conf and add following line:

LoadModule mod_sftp.c

 2nd edit /etc/proftpd/sql.conf and add following line:

Include /etc/proftpd/sftp.conf

3rd create file /etc/proftpd/sftp.conf with following content:

<IfModule mod_sftp.c>
SFTPEngine				on
SFTPLog					/var/log/proftpd/sftp.log
SFTPHostKey				/etc/ssh/ssh_host_dsa_key
SFTPHostKey				/etc/ssh/ssh_host_rsa_key
</IfModule>

4th restart proftpd:

service proftpd restart

Now your users are able to login to SFTP using standard FTP Port 21 (and you only need to open that port in your firewall), SSH File Transfer Protocol and will only be able to write to the FTP-Directory (i.e. customers home).

 

Hope this helps someone.

 

Hello Men, one question. This works with the port 21 or 22?

 

regards,

Hello Men, one question. This works with the port 21 or 22?

 

regards,

 

First post, at the end: 

 

 

Now your users are able to login to SFTP using standard FTP Port 21 (and you only need to open that port in your firewall), SSH File Transfer Protocol and will only be able to write to the FTP-Directory (i.e. customers home).

  • 2 years later...

The settings seem to work, but in FileZilla and WinSCP I get disconnections when transferring files.
Is there a solution? 

Zitat

Error: Network error: Software caused connection abort
Error: File transfer failed

 

Take a look at the server logs to check what the problem is

  • 4 years later...
Am 12.11.2015 um 18:47 schrieb apollox:

Hi,

thanks for the config, exactly this I was searching for.

But it do not work, I get only a "Protocol error" when I try to connect.

 

Here is the log of the connection attempt: 

Nov 12 18:36:33 mod_sftp/0.9.8[28999]: using '/etc/ssh/ssh_host_dsa_key' as DSA hostkey
Nov 12 18:36:33 mod_sftp/0.9.8[28999]: using '/etc/ssh/ssh_host_rsa_key' as RSA hostkey
Nov 12 18:36:33 mod_sftp/0.9.8[28999]: error using DisplayLogin 'welcome.msg': No such file or directory
Nov 12 18:36:33 mod_sftp/0.9.8[28999]: received client version 'SSH-2.0-WinSCP_release_5.7.6'
Nov 12 18:36:33 mod_sftp/0.9.8[28999]: handling connection from SSH2 client 'WinSCP_release_5.7.6'
Nov 12 18:36:33 mod_sftp/0.9.8[28999]:  + Session key exchange: diffie-hellman-group-exchange-sha256
Nov 12 18:36:33 mod_sftp/0.9.8[28999]:  + Session server hostkey: ssh-rsa
Nov 12 18:36:33 mod_sftp/0.9.8[28999]:  + Session client-to-server encryption: aes256-ctr
Nov 12 18:36:33 mod_sftp/0.9.8[28999]:  + Session server-to-client encryption: aes256-ctr
Nov 12 18:36:33 mod_sftp/0.9.8[28999]:  + Session client-to-server MAC: hmac-sha1
Nov 12 18:36:33 mod_sftp/0.9.8[28999]:  + Session server-to-client MAC: hmac-sha1
Nov 12 18:36:33 mod_sftp/0.9.8[28999]:  + Session client-to-server compression: none
Nov 12 18:36:33 mod_sftp/0.9.8[28999]:  + Session server-to-client compression: none
Nov 12 18:36:36 mod_sftp/0.9.8[28999]: authentication request for user 'apollox' blocked by 'USER' handler
Nov 12 18:36:36 mod_sftp/0.9.8[28999]: disconnecting (Protocol error)

EDIT:

Problem solved

How did you solve it? Having the same issue not being able to login via SFTP. Having the same error:
  

 authentication request for user 'xxx' blocked by 'USER' handler

 

Got it working myself, TLS was running in parallel resulting in a conflict. Disabling TLS solved the issue 

#Include /etc/proftpd/tls.conf

 

Create an account or sign in to comment

https://forum.froxlor.org/index.php?/topic/12753-configuring-proftpd-to-act-as-sftp-server/
Go to topic listing

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.