Building ProFTPD with SFTP support on Debian Lenny

From lxadm | Linux administration tips, tutorials, HOWTOs and articles
Jump to: navigation, search

The mod_sftp module in ProFTPD implements the SSH2, SFTP and SCP protocols, allowing SCP and SFTP clients to be used with ProFTPD. By default, Debian Lenny does not provide mod_sftp support, but you can build a proper package using a development version available in Debian repositories – here is how.

First, download proftpd-dfsg_1.3.3a.orig.tar.gz and proftpd-dfsg_1.3.3a-3.diff.gz (or later) from Uncompress it, apply the diff file:

tar xpf proftpd-dfsg_1.3.3a.orig.tar.gz
patch -p0 < proftpd-dfsg_1.3.3a-3.diff

For Debian Lenny, you will have to edit debian/control file (directory inside proftpd-dfsg-1.3.3a after you apply the diff) – at the beginning of this file, replace libssl-dev (>= 0.9.8l) with just libssl-dev, with no version remarks. If you still don’t have a build environment installed, do so now:

apt-get install build-essential

You will still have to install some packages to make proftpd build possible:

apt-get install libmysqlclient15-dev libpam-dev debhelper zlib1g-dev libpq-dev libldap2-dev libssl-dev libwrap0-dev libcap-dev autotools-dev dpatch libacl1-dev libattr1-dev unixodbc-dev libsqlite3-dev

Well, that should be it – run the below commands in proftpd-dfsg-1.3.3a directory, and it should result in built deb packages outside of this directory (cd ..):

chmod 755 debian/rules

If the build was complete with no errors, install proftpd-basic package, check if it contains file:

dpkg -i proftpd-basic_1.3.3a-3_amd64.deb
dpkg -L proftpd-basic | grep mod_sftp

To make the module work, add this line to /etc/proftpd/modules.conf:

LoadModule mod_sftp.c

Add this one to /etc/proftpd/proftpd.conf:

Include /etc/proftpd/sftp.conf

And finally, create /etc/proftpd/sftp.conf with the contents (this assumes proftpd will be listening on port 22 to accept incoming SFTP connections; if your OpenSSH server uses this port already, adjust either config appropriately):

<IfModule mod_sftp.c>
SFTPEngine on
SFTPLog /var/log/proftpd/sftp.log
TransferLog /var/log/proftpd/xferlog-sftp.log
# Configure the server to listen on the normal SSH2 port, port 22
Port 22
# Configure both the RSA and DSA host keys, using the same host key
# files that OpenSSH uses.
SFTPHostKey /etc/ssh/ssh_host_rsa_key
SFTPHostKey /etc/ssh/ssh_host_dsa_key
# Configure the file used for comparing authorized public keys of users.
SFTPAuthorizedUserKeys file:~/.sftp/authorized_keys
# Enable compression
SFTPCompression delayed
# Allow the same number of authentication attempts as OpenSSH.
# It is recommended that you explicitly configure MaxLoginAttempts
# for your SSH2/SFTP instance to be higher than the normal
# MaxLoginAttempts value for FTP, as there are more ways to authenticate
# using SSH2.
MaxLoginAttempts 6