Building ProFTPD with SFTP support on Debian Lenny

The mod_sftp module in ProFTPD implements the SSH2, SFTP and SCP protocols, allowing SCP and SFTP clients to be used with ProFTPD. By default, Debian Lenny does not provide mod_sftp support, but you can build a proper package using a development version available in Debian repositories – here is how.

First, download proftpd-dfsg_1.3.3a.orig.tar.gz and proftpd-dfsg_1.3.3a-3.diff.gz (or later) from http://ftp.us.debian.org/debian/pool/main/p/proftpd-dfsg/. Uncompress it, apply the diff file:

tar xpf proftpd-dfsg1.3.3a.orig.tar.gz
patch -p0 < proftpd-dfsg1.3.3a-3.diff

For Debian Lenny, you will have to edit debian/control file (directory inside proftpd-dfsg-1.3.3a after you apply the diff) – at the beginning of this file, replace libssl-dev (>= 0.9.8l) with just libssl-dev, with no version remarks. If you still don’t have a build environment installed, do so now:

apt-get install build-essential

You will still have to install some packages to make proftpd build possible:

apt-get install libmysqlclient15-dev libpam-dev debhelper zlib1g-dev libpq-dev libldap2-dev libssl-dev libwrap0-dev libcap-dev autotools-dev dpatch libacl1-dev libattr1-dev unixodbc-dev libsqlite3-dev

Well, that should be it – run the below commands in proftpd-dfsg-1.3.3a directory, and it should result in built deb packages outside of this directory (cd ..):

chmod 755 debian/rules
dpkg-buildpackage

If the build was complete with no errors, install proftpd-basic package, check if it contains mod_sftp.so file:

dpkg -i proftpd-basic_1.3.3a-3_amd64.deb
dpkg -L proftpd-basic | grep mod_sftp
/usr/lib/proftpd/mod_sftp.so
/usr/lib/proftpd/mod_sftp_pam.so

To make the module work, add this line to /etc/proftpd/modules.conf:

LoadModule mod_sftp.c

Add this one to /etc/proftpd/proftpd.conf:

Include /etc/proftpd/sftp.conf

And finally, create /etc/proftpd/sftp.conf with the contents (this assumes proftpd will be listening on port 22 to accept incoming SFTP connections; if your OpenSSH server uses this port already, adjust either config appropriately):