Home / server / Questions / 744900
In Process
inckka
Asked: 2015-12-23 22:51:05 +0800 CST

How to disable plain FTP with proftp and xinetd? [duplicate]

  • 772

I'm using CentOS release 6.4 on a VPS. Its runs proftp with xinetd

I've found configuration files at

/etc/proftpd.conf /etc/xinetd.conf /etc/xinetd.d/ftp_psa

I want to disable plain FTP, but need to keep FTPS. So a ftp client tries to start a connection via plain FTP it shouldn't be allowed.

How to make this happen?

ftp

1 Answers

  1. There is this parameter: TLSRequired for mod_tls in Proftpd.

    Synopsis

    TLSRequired [ on | off | ctrl | data | auth | auth+data]

    If you set it to on then all ftp users will be forced to use TLS for both control and data channels. There are other options available also to activate it only for control channel, that is for username/password transfer.

    It should be added to the mod_tls config:

    <IfModule mod_tls.c>
    ...
    TLSRequired on
    ...
    ...
</IfModule>

    There are possible issues that when you enable tls for both channels some client software will fail to list directories after logins and hang. May be in such a case, it is good enough to active tls only for auth channel.

    Please read the Q&A sections here for more info: http://www.proftpd.org/docs/howto/TLS.html.

    • 2