How to disable plain FTP with proftp and xinetd?

Question

I'm using CentOS release 6.4 on a VPS. Its runs proftp with xinetd

I've found configuration files at

/etc/proftpd.conf /etc/xinetd.conf /etc/xinetd.d/ftp_psa

I want to disable plain FTP, but need to keep FTPS. So a ftp client tries to start a connection via plain FTP it shouldn't be allowed.

How to make this happen?

Don't tangle up sftp with ftps. Whole different routines. – inckka Dec 23 '15 at 07:05 — inckka, Dec 23 '15 at 07:05

Diamond · Answer 1 · 2015-12-23T08:43:36.370

2

There is this parameter: TLSRequired for mod_tls in Proftpd.

Synopsis

TLSRequired [ on | off | ctrl | data | auth | auth+data]

If you set it to on then all ftp users will be forced to use TLS for both control and data channels. There are other options available also to activate it only for control channel, that is for username/password transfer.

It should be added to the mod_tls config:

<IfModule mod_tls.c>
    ...
    TLSRequired on
    ...
    ...
</IfModule>

There are possible issues that when you enable tls for both channels some client software will fail to list directories after logins and hang. May be in such a case, it is good enough to active tls only for auth channel.

Please read the Q&A sections here for more info: http://www.proftpd.org/docs/howto/TLS.html.

edited Dec 23 '15 at 08:43

answered Dec 23 '15 at 08:09

Diamond

9,001
3
24
38

This is exactly what the duplicate answer says. – user9517 Dec 23 '15 at 18:54
Hi @lain, I have read the other answer and wanted to give an answer to foucs only on the specific parameter `TLSRequired` and related issue, which I have found missing in the other answer. – Diamond Dec 24 '15 at 21:53

How to disable plain FTP with proftp and xinetd?

1 Answers1