install and configure proftpd on NAT VPS

We have talked about proftpd installation/configuration  on Sentora and zPanel.  Sentora/zPanel distribution comes with proftpd in it so you do not need to install proftpd separately. NAT VPS, which has limited disk space/memory, is often deployed with a minimum OS, not to say with a control panel installed. So you need to install proftpd yourself. However, the standard CentOS repository does not include the proftpd package. You need to add EPEL repository before installing proftpd with yum:

rpm -Uvh

yum install proftpd

If you are on an ordinary VPS, after starting the protftpd service using “service proftpd start”, you can connect to it with an ftp client. However, as NAT VPS do not offer a dedicated IPV4 address, you need to modify the proftpd config file to specify a port that proftpd listens on. Append the following lines to the proftpd configuration file(/etc/proftpd.conf) to support sftp:

LoadModule mod_sftp.c
SFTPEngine on
Port 2725
SFTPLog /var/log/proftpd/sftp.log

# Configure both the RSA and DSA host keys, using the same host key
# files that OpenSSH uses.
SFTPHostKey /etc/ssh/ssh_host_rsa_key
SFTPHostKey /etc/ssh/ssh_host_dsa_key

#SFTPAuthMethods publickey #not necessary

SFTPAuthorizedUserKeys file:/etc/proftpd/authorized_keys/%u #not necessary

# Enable compression
SFTPCompression delayed

Note that 2725 is one of the ports that is assigned to your VPS.  Now you can connect to it with an sftp client using the external ip and the port 2725 such as

Also note that you cannot login with the root account. Even the password is correct, proftpd still prohibits you from login unless you set the RootLogin parameter to “on” in the config file. This is the security mechanism of proftpd.  You should create another account(“useradd username”) to use with proftpd. Unlike some other ftp servers which have their own account systems, proftpd uses the accounts in OS for login.

Posted in tips of hosting