Building ProFTPD with SFTP support on Debian Lenny

The mod_sftp module implements the SSH2, SFTP and SCP protocols, allowing SCP and SFTP clients to be used with ProFTPD. By default, Debian Lenny does not provide mod_sftp support, but you can build a proper package using a development version available in Debian repositories – here is how.

tar xpf proftpd-dfsg_1.3.3a.orig.tar.gz
patch -p0 < proftpd-dfsg_1.3.3a-3.diff

  • For Debian Lenny, you will have to edit debian/control file (directory inside proftpd-dfsg-1.3.3a after you apply the diff) – at the beginning of this file, replace libssl-dev (>= 0.9.8l) with just libssl-dev, with no version remarks.
  • If you still don’t have a build environment installed, do so now:

apt-get install build-essential

  • You will still have to install some packages to make proftpd build possible:

apt-get install libmysqlclient15-dev libpam-dev debhelper zlib1g-dev libpq-dev libldap2-dev libssl-dev libwrap0-dev libcap-dev autotools-dev dpatch libacl1-dev libattr1-dev unixodbc-dev libsqlite3-dev

  • Well, that should be it – run the below commands in proftpd-dfsg-1.3.3a directory, and it should result in built deb packages outside of this directory (cd ..):


chmod 755 debian/rules
dpkg-buildpackage

  • If the build was complete with no errors, install proftpd-basic package, check if it contains mod_sftp.so file:

dpkg -i proftpd-basic_1.3.3a-3_amd64.deb
dpkg -L proftpd-basic | grep mod_sftp
/usr/lib/proftpd/mod_sftp.so
/usr/lib/proftpd/mod_sftp_pam.so

  • To make the module work, add this line to /etc/proftpd/modules.conf:

LoadModule mod_sftp.c

  • Add this one to /etc/proftpd/proftpd.conf:

Include /etc/proftpd/sftp.conf

  • And finally, create /etc/proftpd/sftp.conf with the contents (this assumes proftpd will be listening on port 22 to accept incoming SFTP connections; if your OpenSSH server uses this port already, adjust either config appropriately):

<IfModule mod_sftp.c>
<VirtualHost 192.168.10.20 127.0.0.1>
SFTPEngine on
SFTPLog /var/log/proftpd/sftp.log
TransferLog /var/log/proftpd/xferlog-sftp.log
# Configure the server to listen on the normal SSH2 port, port 22
Port 22
# Configure both the RSA and DSA host keys, using the same host key
# files that OpenSSH uses.
SFTPHostKey /etc/ssh/ssh_host_rsa_key
SFTPHostKey /etc/ssh/ssh_host_dsa_key
# Configure the file used for comparing authorized public keys of users.
SFTPAuthorizedUserKeys file:~/.sftp/authorized_keys
# Enable compression
SFTPCompression delayed
# Allow the same number of authentication attempts as OpenSSH.
#
# It is recommended that you explicitly configure MaxLoginAttempts
# for your SSH2/SFTP instance to be higher than the normal
# MaxLoginAttempts value for FTP, as there are more ways to authenticate
# using SSH2.
MaxLoginAttempts 6
</VirtualHost>
</IfModule>

3 Comments

  1. [...] The mod_sftp module implements the SSH2, SFTP and SCP protocols, allowing SCP and SFTP clients to be used with ProFTPD. By default, Debian Lenny does not provide mod_sftp support, but you can build a proper package using a development version available in Debian repositories – here is how. More here [...]

  2. chessboxing says:

    Wow, that’s cool!
    If only it would implement fxp secure.

  3. Sean says:

    I have been looking all over for this. Thank you so much!

Leave a Reply