Question
How to configure secure FTP (FTPS) in Plesk for Linux?
Answer
Note: the below steps only make FTPS protocol available. Plesk does not manage FTPS mode settings (implicit or explicit)
FTP over SSL can be enabled with the following steps:
-
Go to Tools & Settings > Security Policy and select one of the following options:
- Allow both secure FTPS and non-secure FTP connections will accept both FTP and FTPS connections.
- Allow only secure FTPS connections will force FTPS connections.
-
Connect to the server via SSH.
Note: if direct SSH access to the server is not possible, contact server administrator for further assistance.
-
Make sure that the following lines are present in the file
/etc/proftpd.conf:<IfModule mod_tls.c>
# common settings for all virtual hosts
TLSEngine on
TLSRequired off
TLSLog /var/log/plesk/ftp_tls.log
TLSRSACertificateFile /usr/local/psa/admin/conf/httpsd.pem
TLSRSACertificateKeyFile /usr/local/psa/admin/conf/httpsd.pem
# Authenticate clients that want to use FTP over TLS?
TLSVerifyClient off
# Allow SSL/TLS renegotiations when the client requests them, but
# do not force the renegotations. Some clients do not support
# SSL/TLS renegotiations; when mod_tls forces a renegotiation, these
# clients will close the data connection, or there will be a timeout
# on an idle data connection.
TLSRenegotiate none
# As of ProFTPD 1.3.3rc1, mod_tls only accepts SSL/TLS data connections
# that reuse the SSL session of the control connection, as a security measure.
TLSOptions NoSessionReuseRequired
</IfModule> -
Create the file
/etc/xinetd.d/ftps_psawith the following content:service ftps
{
flags = IPv6
disable = no
socket_type = stream
protocol = tcp
wait = no
user = root
instances = UNLIMITED
server = /usr/sbin/in.proftpd
server_args = -c /etc/proftpd.conf
} -
Restart the xinetd service:
# systemctl restart xinetd
Note: after settings secure FTP select the required connection in used FTP client. For example, in FileZilla:
with