FTPS how to activate

Discussion in 'Installation/Configuration' started by muekno, Jan 16, 2015.

  1. muekno

    muekno Active Member HowtoForge Supporter

    have created an FTP Account, can connect from WinSCP. Like to secure this. Found a post from Tim to better use FTPS instead of SFTP or or SCP, but do not found who to install or activate it.

    Second, im not really a friend of accessing server with a password, more liking to use a public / private key. Is that possible for ISPConfig 3 Admin Console and FTP Access. And if yes, who to do. Didn't find this in the manual

    Thaks for any help
  2. cbj4074

    cbj4074 Member

    The steps required to enable TLS in pure-ftpd are detailed in the Perfect Server tutorials. Look there for specific instructions.

    EDIT: Because I'm a nice guy, I'll do your homework for you:

    # echo 1 > /etc/pure-ftpd/conf/TLS
    NOTE: 1 = TLS is optional. 2 = TLS is required, but clear data connections are accepted. 3 = TLS is required, and clear data connections are refused.

    # mkdir -p /etc/ssl/private/
    # openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem
    # chmod 600 /etc/ssl/private/pure-ftpd.pem
    # service pure-ftpd-mysql restart
    You will also want to ensure that your pure-ftpd implementation is not vulnerable to the POODLE attack against SSLv3. To do so, follow the appropriate instructions at https://www.howtoforge.com/how-to-secure-your-ispconfig-3-server-against-the-poodle-ssl-attack .

    Regarding your second question, are you asking whether or not it is possible to access the ISPConfig interface (the one that listens for HTTP(S) requests on port 8080, by default) using a public/private key-pair?
    Last edited: Jan 16, 2015
  3. muekno

    muekno Active Member HowtoForge Supporter

    thanks a lot , merci, danke

    Yes to your comment to my second question.
    Last edited: Jan 17, 2015
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    The ISPConfig Interface has no public/private key based logins.
  5. muekno

    muekno Active Member HowtoForge Supporter

    Hello Till,
    thank you for clear response. Would be fine if this will work in the Future


Share This Page