## /etc/proftpd/proftpd.conf -- This is a basic ProFTPD configuration file.#

1. #
2. # /etc/proftpd/proftpd.conf -- This is a basic ProFTPD configuration file.
3. # To really apply changes, reload proftpd after modifications, if
4. # it runs in daemon mode. It is not required in inetd/xinetd mode.
5. #
6.  
7. # Includes DSO modules
8. Include /etc/proftpd/modules.conf
9.  
10. # Set off to disable IPv6 support which is annoying on IPv4 only boxes.
11. UseIPv6 on
12. # If set on you can experience a longer connection delay in many cases.
13. <IfModule mod_ident.c>
14. IdentLookups off
15. </IfModule>
16.  
17. ServerName "Debian"
18. # Set to inetd only if you would run proftpd by inetd/xinetd/socket.
19. # Read README.Debian for more information on proper configuration.
20. ServerType standalone
21. DeferWelcome off
22.  
23. # Disable MultilineRFC2228 per https://github.com/proftpd/proftpd/issues/1085
24. # MultilineRFC2228on
25. DefaultServer on
26. ShowSymlinks on
27.  
28. TimeoutNoTransfer 600
29. TimeoutStalled 600
30. TimeoutIdle 1200
31.  
32. DisplayLogin welcome.msg
33. DisplayChdir .message true
34. ListOptions "-l"
35.  
36. DenyFilter \*.*/
37.  
38. # Use this to jail all users in their homes
39. # DefaultRoot~
40.  
41. # Users require a valid shell listed in /etc/shells to login.
42. # Use this directive to release that constrain.
43. # RequireValidShelloff
44.  
45. # Port 21 is the standard FTP port.
46. #Port 21
47.  
48. # In some cases you have to specify passive ports range to by-pass
49. # firewall limitations. Ephemeral ports can be used for that, but
50. # feel free to use a more narrow range.
51. # PassivePorts 49152 65534
52.  
53. # If your host was NATted, this option is useful in order to
54. # allow passive tranfers to work. You have to use your public
55. # address and opening the passive ports used on your firewall as well.
56. # MasqueradeAddress 1.2.3.4
57.  
58. # This is useful for masquerading address with dynamic IPs:
59. # refresh any configured MasqueradeAddress directives every 8 hours
60. <IfModule mod_dynmasq.c>
61. # DynMasqRefresh 28800
62. </IfModule>
63.  
64. # To prevent DoS attacks, set the maximum number of child processes
65. # to 30. If you need to allow more than 30 concurrent connections
66. # at once, simply increase this value. Note that this ONLY works
67. # in standalone mode, in inetd mode you should use an inetd server
68. # that allows you to limit maximum number of processes per service
69. # (such as xinetd)
70. MaxInstances 30
71.  
72. # Set the user and group that the server normally runs at.
73. User proftpd
74. Group nogroup
75.  
76. # Umask 022 is a good standard umask to prevent new files and dirs
77. # (second parm) from being group and world writable.
78. Umask 022 022
79. # Normally, we want files to be overwriteable.
80. AllowOverwrite on
81.  
82. # Uncomment this if you are using NIS or LDAP via NSS to retrieve passwords:
83. # PersistentPasswd off
84.  
85. # This is required to use both PAM-based authentication and local passwords
86. # AuthOrder mod_auth_pam.c* mod_auth_unix.c
87.  
88. # Be warned: use of this directive impacts CPU average load!
89. # Uncomment this if you like to see progress and transfer rate with ftpwho
90. # in downloads. That is not needed for uploads rates.
91. #
92. # UseSendFile off
93.  
94. TransferLog /var/log/proftpd/xferlog
95. SystemLog /var/log/proftpd/proftpd.log
96.  
97. # Logging onto /var/log/lastlog is enabled but set to off by default
98. #UseLastlog on
99.  
100. # In order to keep log file dates consistent after chroot, use timezone info
101. # from /etc/localtime. If this is not set, and proftpd is configured to
102. # chroot (e.g. DefaultRoot or <Anonymous>), it will use the non-daylight
103. # savings timezone regardless of whether DST is in effect.
104. #SetEnv TZ :/etc/localtime
105.  
106. <IfModule mod_quotatab.c>
107. QuotaEngine off
108. </IfModule>
109.  
110. <IfModule mod_ratio.c>
111. Ratios off
112. </IfModule>
113.  
114.  
115. # Delay engine reduces impact of the so-called Timing Attack described in
116. # http://www.securityfocus.com/bid/11430/discuss
117. # It is on by default.
118. <IfModule mod_delay.c>
119. DelayEngine on
120. </IfModule>
121.  
122. <IfModule mod_ctrls.c>
123. ControlsEngine off
124. ControlsMaxClients 2
125. ControlsLog /var/log/proftpd/controls.log
126. ControlsInterval 5
127. ControlsSocket /var/run/proftpd/proftpd.sock
128. </IfModule>
129.  
130. <IfModule mod_ctrls_admin.c>
131. AdminControlsEngine off
132. </IfModule>
133.  
134. #
135. # Alternative authentication frameworks
136. #
137. #Include /etc/proftpd/ldap.conf
138. #Include /etc/proftpd/sql.conf
139.  
140. #
141. # This is used for FTPS connections
142. #
143. #Include /etc/proftpd/tls.conf
144.  
145. #
146. # This is used for SFTP connections
147. #
148. #Include /etc/proftpd/sftp.conf
149.  
150. #
151. # This is used for other add-on modules
152. #
153. #Include /etc/proftpd/dnsbl.conf
154. #Include /etc/proftpd/geoip.conf
155. #Include /etc/proftpd/snmp.conf
156.  
157. #
158. # Useful to keep VirtualHost/VirtualRoot directives separated
159. #
160. #Include /etc/proftpd/virtuals.conf
161.  
162. # A basic anonymous configuration, no upload directories.
163.  
164. # <Anonymous ~ftp>
165. # User ftp
166. # Group nogroup
167. # # We want clients to be able to login with "anonymous" as well as "ftp"
168. # UserAlias anonymous ftp
169. # # Cosmetic changes, all files belongs to ftp user
170. # DirFakeUser on ftp
171. # DirFakeGroup on ftp
172. #
173. # RequireValidShell off
174. #
175. # # Limit the maximum number of anonymous logins
176. # MaxClients 10
177. #
178. # # We want 'welcome.msg' displayed at login, and '.message' displayed
179. # # in each newly chdired directory.
180. # DisplayLogin welcome.msg
181. # DisplayChdir .message
182. #
183. # # Limit WRITE everywhere in the anonymous chroot
184. # <Directory *>
185. # <Limit WRITE>
186. # DenyAll
187. # </Limit>
188. # </Directory>
189. #
190. # # Uncomment this if you're brave.
191. # # <Directory incoming>
192. # # # Umask 022 is a good standard umask to prevent new files and dirs
193. # # # (second parm) from being group and world writable.
194. # # Umask022 022
195. # # <Limit READ WRITE>
196. # # DenyAll
197. # # </Limit>
198. # # <Limit STOR>
199. # # AllowAll
200. # # </Limit>
201. # # </Directory>
202. #
203. # </Anonymous>
204.  
205. # Include other custom configuration files
206. # !! Please note, that this statement will read /all/ file from this subdir,
207. # i.e. backup files created by your editor, too !!!
208. # Eventually create file patterns like this: /etc/proftpd/conf.d/*.conf
209. #
210. Include /etc/proftpd/conf.d/
211.  
212. <IfModule mod_sftp.c>
213. SFTPEngine on
214. SFTPLog /var/log/proftpd/sftp.log
215.  
216. Port 2222
217.  
218. # Configure both the RSA and DSA host keys, using the same host key
219. # files that OpenSSH uses.
220. SFTPHostKey /etc/ssh/ssh_host_rsa_key
221. SFTPHostKey /etc/ssh/ssh_host_dsa_key
222.  
223. SFTPAuthMethods password
224. #SFTPAuthMethods password,publickey
225. #SFTPAuthorizedUserKeys file:/etc/proftpd/authorized_keys/%u
226.  
227. SFTPCompression delayed
228. </IfModule>
229.