##SFTP server setup using Proftpd server with xferlog
Lately I have been tasked with setting up a new sftp server, due to openssh’s inability to log all file transactions properly. so we explored all the options available and settled with the proftpd as that seems the most popular one and has a widely accepted sftp user base. Proftpd has a learning curve,like every other piece of software so please bare with me with this long article.
NOTE: Special Requirement Setup for an example client named RMP will be discussed on part2 of this article so anything refering to rmp in the config is to address that requirement.
Multiple Nested folder Access control for specific users ( jailed home folders / shared folder access/ read only access / hide folders which users don’t have permission etc..)
Key / Password based authentication
xferlog log format for file transactions
Simple to setup and Maintain
Use only virtual users and not system accounts
We are going to use Centos6.6 Server patched to the latest update & Proftpd (version 1.3.5-4.0) avialable at the time of writing this article. To keep the installation simple and consistent we are going to grab the rpms from city-fan repository (proftpd-1.3.5-4.0.cf.rhel6.x86_64.rpm, proftpd-utils-1.3.5-4.0.cf.rhel6.x86_64.rpm) as the rpms are not available in epel repos.
####Install the packages:
we are going to run the proftpd server with user ‘proftpd’ and group ‘ftpgroup’. so please add the relevant user/group.
####Config Files/Directory Structure:
(Note: We have a special requirement of a shared folder setup for example client RMP which will be discussed in the part2 section of this article)
Update the config file as per the following link. proftpd.conf. please go through the config file as most of the bits are self explanatory.
####Enable the mod_ban for blocking repeated failed logins.
####Update sftpasswd script to reflect your setup to manage sftp virtual users
####Verify Configs and start Service
####Create Virtual SFTP Users/Group
The above setup will provide you a sftp server running on port 2022 with password based authentication, for which ever client if you prefer to enable key based authentication please drop the users key in /etc/proftpd/authorized_keys/ folder with as file name
####Key Based Authentication:
Drop the above key in /etc/proftpd/authorized_keys/ folder as user2 and user2 should now be able to login using key based authentication. As this article is already too long special requirements are to be discussed in the part2 of this article.