Bootstrap FreeKB - FTP and Secure FTP (FTPS, SFTP) - Setup SSL on PureFTPd
FTP and Secure FTP (FTPS, SFTP) - Setup SSL on PureFTPd

A public / private key pair is used to configure PureFTPd to accept connections over a secure protocol, such as FTPS or SFTP. By default, PureFTPd will look for a PEM file in the /etc/ssl/private directory named pure-ftpd.pem, and the following directives are commented out in /etc/pure-ftpd/pure-ftpd.conf .

# CertFile        /etc/ssl/private/pure-ftpd.pem
# CertFileAndKey "/etc/pure-ftpd.pem" "/etc/pure-ftpd.key"


Assuming you will be using the defaults, as root, create the /etc/ssl/private directory.

mkdir --parents /etc/ssl/private


This one liner can be used to create the PEM file, so that the PEM file contains both the public certificate and private key.

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -sha256 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem


Ensure pure-ftpd.pem is owned by root with -rw------- (0600) permissions.

chown root /etc/ssl/private/pure-ftpd.pem
chgrp root /etc/ssl/private/pure-ftpd.pem
chmod 0600 /etc/ssl/private/pure-ftpd.pem


In /etc/pure-ftpd/pure-ftpd.conf file, uncomment the TLS directive. Setting the TLS directive to a value of 1 will allow both FTP and FTPS and SFTP connections, whereas a value of 2 will only allow FTPS and SFTP connections.



Restart PureFTPd for this change to take effect.

systemctl restart pure-ftpd


Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee


Add a Comment

Please enter 208b7e in the box below so that we can be sure you are a human.