FTP over SSH
Related articles
FTP over SSH encrypts passwords unlike plain FTP. FTP over SSH is not really a true protocol, it is just SSH + FTP.
This setup in particular (using pure-ftpdAUR + TLS) encrypts usernames, passwords, commands and server replies, but does NOT encrypt the data channel. This also means that there is reduced performance cost on data transfer.
Setting up FTP with pure-ftpd
Install pure-ftpdAUR from AUR.
The configuration file is /etc/pure-ftpd.conf
.
Start/Enable the pure-ftpd.service
daemon.
Set up Certificates
Refer to the documentation for more information. The short version is this:
Create a Self-Signed Certificate:
# mkdir -p /etc/ssl/private # openssl req -x509 -nodes -days 7300 -newkey rsa:1024 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem
Make it private:
# chmod 600 /etc/ssl/private/*.pem
Enable TLS
Towards the bottom of /etc/pure-ftpd.conf
you should find a section for TLS. Uncomment and change the TLS setting to 1
to enable both FTP and SFTP:
TLS 1
Now restart the pure-ftpd.service
daemon and you should be able to log in with SFTP-enabled clients, e.g. filezilla or SmartFTP.