Enable SSL/TLA Encryption to pure-ftpd on cPanel/WHM Server

In real world lot of hacking attempts happening every day but we don’t want to give a change to others to make us trouble. This is for small tweak/geek to protect your ftp account from hackers. When i’m working in web hosting company i was faced this issue many times because customer’s using their ftp account every where (outside,like browsing center). That system is not genuine one because everyday lots of person using the system and they access all the websites.

If you are using plain FTP your username and passwords are sent clear text. So anyone can hack. For this kind of worst case scenario you should configure your ftp server with SSL/TLS encryption. When this extra security layer is enabled, login and passwords are no more sent clear text.

1) FTP Server Configuration in WHM

Login to WHM >> Service Configuration >> FTP Server Configuration

Change TLS Encryption Support to Required (Command/Data) and scroll down. Hit SAVE button. See the below screen shot.
how-to-configure-pure-ftpd-access-via-ssltls-encryption-in-cpanel-server-1
cPanle will configure according that and finally restart the pure-ftpd server. See the below screen shot.
how-to-configure-pure-ftpd-access-via-ssltls-encryption-in-cpanel-server-2

2) Modifying pure-ftpd.conf file

Login to ssh and open the pure-ftpd.conf file with your favorite text editor and uncomment the below colored line.

[email protected] [~]# nano /etc/pure-ftpd.conf

GNU nano 2.0.9                                File: /etc/pure-ftpd.conf                                                                      

LimitRecursion 10000 8

# Are anonymous users allowed to create new directories ?

AnonymousCanCreateDirs no

# If the system is more loaded than the following value,
# anonymous users aren't allowed to download.

MaxLoad 5

# Port range for passive connections replies. - for firewalling.

PassivePortRange          30000 50000

# Force an IP address in PASV/EPSV/SPSV replies. - for NAT.
# Symbolic host names are also accepted for gateways with dynamic IP
# addresses.

3) Modifying csf.conf file

Open the csf.conf (If you installed csf or else allow the PassivePortRange in your firewall what ever you installed) file with your favorite text editor and add the below colored range of ports at end to accept passive connection.

[email protected] [~]# nano /etc/csf/csf.conf

GNU nano 2.0.9                                File: /etc/csf/csf.conf                                                                        

# You should check for new version announcements at http://blog.configserver.com
AUTO_UPDATES = "1"

###############################################################################
# SECTION:IPv4 Port Settings
###############################################################################
# Lists of ports in the following comma separated lists can be added using a
# colon (e.g. 30000:35000).

# Allow incoming TCP ports
TCP_IN = "20,21,22,25,26,53,80,110,2082,2083,2086,2087,2095,2096,3306,30000:50000"

# Allow outgoing TCP ports
TCP_OUT = "20,21,22,25,26,37,43,53,80,110,2086,2087,3306,2089"

# Allow incoming UDP ports
UDP_IN = "20,21,53"

# Allow outgoing UDP ports
# To allow outgoing traceroute add 33434:33523 to this list
UDP_OUT = "20,21,53,113,123"

4) Accessing FTP account with PLAIN FTP using filezilla

When I’m trying to access FTP account with PLAIN FTP after configuring SSL/TLS encryption you got below error message because FTP Server will not accept clear text session
a) Screen shot for choosing Encryption method. See the screen shot.
how-to-configure-pure-ftpd-access-via-ssltls-encryption-in-cpanel-server-3
b) Screen shot for error clear text session are not accepted on this server.
how-to-configure-pure-ftpd-access-via-ssltls-encryption-in-cpanel-server-4

5) Accessing FTP account with REQUIRE EXPLICIT FTP OVER TLS using filezilla

I got connected when I’m using REQUIRE EXPLICIT FTP OVER TLS Encryption method.
a) Screen shot for choosing Encryption method. See the screen shot.
how-to-configure-pure-ftpd-access-via-ssltls-encryption-in-cpanel-server-5
b) Screen shot for success REQUIRE EXPLICIT FTP OVER TLS connection.
how-to-configure-pure-ftpd-access-via-ssltls-encryption-in-cpanel-server-6
We are preparing all articles in-depth to understand by all level/stage Linux administrators. If the article is useful for you, then please spend less than a minute to share your valuable comments in our commenting section.

Please stay tune with us…Good Luck.

Magesh Maruthamuthu

Love to play with all Linux distribution

You may also like...