I spent much time to configure Pure-FTPd for some problems. I wanted to:
- make it run by inetd.
- force users to connect with the strongest SSL/TLS connection.
inetd.conf
Pure-FTPd can be started and run by inetd set up like below:
ftp stream tcp nowait root /usr/local/sbin/pure-ftpd pure-ftpd /usr/local/etc/pure-ftpd.conf
/etc/inetd.conf
We have to specify the path to its configuration file and write all settings in it. This keeps inetd.conf lines simple.
pure-ftpd.conf
First, finish setting up the other options except for ones about TLS (I don’t see details but sorry for my idleness).
Secondly, set these up like below:
TLS 2
/usr/local/etc/pure-ftpd.conf
TLSCipherSuite HIGH
#CertFile /etc/ssl/private/pure-ftpd.pem
CertFileAndKey “/path/to/cert.pem” “/path/to/privkey.pem”
Make sure “CertFile” is commented out. Set CertFileAndKey with certificate file and private key file together. Even symbolic links work fine, like ones created by letsencrypt/certbot.
The error message below is shown when CertFile option is set wrong:
Jul 28 16:45:50 home pure-ftpd[42438]: (?@?) [ERROR] Sorry, but that file doesn’t exist: [/etc/ssl/private/pure-ftpd.pem]
/var/log/xferlog
I hope this sample helps you.