FTP over SSH

Related articles

FTP over SSH encrypts passwords unlike plain FTP. FTP over SSH is not really a true protocol, it is just SSH + FTP.

This setup in particular (using pure-ftpdAUR + TLS) encrypts usernames, passwords, commands and server replies, but does NOT encrypt the data channel. This also means that there is reduced performance cost on data transfer.

Setting up FTP with pure-ftpd

Install pure-ftpdAUR from AUR.

The configuration file is /etc/pure-ftpd.conf.

Start/Enable the pure-ftpd.service daemon.

Set up Certificates

Refer to the documentation for more information. The short version is this:

Create a Self-Signed Certificate:

# mkdir -p /etc/ssl/private
# openssl req -x509 -nodes -days 7300 -newkey rsa:1024 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem

Make it private:

# chmod 600 /etc/ssl/private/*.pem
Warning: Be aware that using 1024 bits in some countries is against the law. Choose 512 or less if unsure.

Enable TLS

Towards the bottom of /etc/pure-ftpd.conf you should find a section for TLS. Uncomment and change the TLS setting to 1 to enable both FTP and SFTP:

TLS             1

Now restart the pure-ftpd.service daemon and you should be able to log in with SFTP-enabled clients, e.g. filezilla or SmartFTP.