1 00:00:00,140 --> 00:00:03,410 One option for building an FTP server is to use pure FTPd, 2 00:00:03,410 --> 00:00:05,879 in this episode we'll take a closer look. 3 00:00:05,879 --> 00:00:08,595 >> You're watching ITPROTV. 4 00:00:08,595 --> 00:00:15,706 [MUSIC] 5 00:00:15,706 --> 00:00:18,190 >> Welcome back, I'm here with Don for more help pick. 6 00:00:18,190 --> 00:00:20,290 And if you've been following along in our episodes, 7 00:00:20,290 --> 00:00:23,185 then you know that we kind of started diving into FTP in the last episode and 8 00:00:23,185 --> 00:00:24,971 this episode we're going to continue that. 9 00:00:24,971 --> 00:00:27,020 So, what exactly are we gonna be talking about? 10 00:00:27,020 --> 00:00:29,618 Well, this time we're gonna learn about pure FTPd, 11 00:00:29,618 --> 00:00:32,350 which is another FTP demon available inside of Linux. 12 00:00:32,350 --> 00:00:34,640 We'll learn some of its advantages over other products. 13 00:00:34,640 --> 00:00:37,141 We're gonna see how to get it installed and 14 00:00:37,141 --> 00:00:41,840 then how to configure it to be as secure, well as secure as we can make FTP. 15 00:00:41,840 --> 00:00:44,670 >> So what can you tell us about pure FTPd and 16 00:00:44,670 --> 00:00:47,520 why would we use it as opposed to vsftpd? 17 00:00:47,520 --> 00:00:52,627 >> All right, well, vsftpd is far more common, and honestly, as usual, 18 00:00:52,627 --> 00:00:57,649 they go to FTP server, but where pure FTD kind of excels is, it still has 19 00:00:57,649 --> 00:01:03,140 a focus on security, like the vsftpd does, except it's very feature rich. 20 00:01:03,140 --> 00:01:05,840 It has a lot of really advanced features that are inside of it. 21 00:01:05,840 --> 00:01:08,391 If you take a look at their homepage, you can actually see a lot of that. 22 00:01:08,391 --> 00:01:13,670 So I'm on the pure FTPd secure FTPd Demon. 23 00:01:13,670 --> 00:01:15,180 This is a lot of acronyms today. 24 00:01:15,180 --> 00:01:19,540 And basically they highlight some of the features they have and so on. 25 00:01:19,540 --> 00:01:23,295 It's a great product, I will say, I do normally go to the vsftpd decide because 26 00:01:23,295 --> 00:01:26,680 a lot of the features they have are ones that I don't necessarily need. 27 00:01:26,680 --> 00:01:29,716 But if you're running a large scale FTP server, 28 00:01:29,716 --> 00:01:33,660 then you will find that you benefit from a lot of what they have. 29 00:01:33,660 --> 00:01:37,144 For example, maybe you want to do ratio downloads for 30 00:01:37,144 --> 00:01:40,088 every five gigs of data you want to download, 31 00:01:40,088 --> 00:01:44,591 you have to upload at least one gig or you want to do moderated upload. 32 00:01:44,591 --> 00:01:47,960 So you can upload into a temporary folder and an admin has to approve them. 33 00:01:47,960 --> 00:01:52,901 If you want advanced features like that to actually run a FTP site in a like 34 00:01:52,901 --> 00:01:55,340 a commercial environment. 35 00:01:55,340 --> 00:01:58,531 Pure FTPd has a lot of the features that will let you do that. 36 00:01:58,531 --> 00:02:01,300 So that's usually what drives people to using this one. 37 00:02:01,300 --> 00:02:05,440 So, if you need advanced functionality, this one's your choice. 38 00:02:05,440 --> 00:02:09,500 If you don't if you just need basic FTP services and you want it to be secure. 39 00:02:09,500 --> 00:02:12,840 Vsftpd in a lot of cases is a better choice. 40 00:02:12,840 --> 00:02:16,020 So what does it take to get pure FTPd up and running? 41 00:02:16,020 --> 00:02:19,351 It's a little bit different than what we saw with the vsftpd. 42 00:02:19,351 --> 00:02:23,310 One of the big differences with it is that pure FTPd? 43 00:02:23,310 --> 00:02:28,744 It can it can run as a service as a demon running as the root account or, 44 00:02:28,744 --> 00:02:33,290 system credentials or it can run entirely in user space. 45 00:02:33,290 --> 00:02:36,795 So it's a very safe application because if it's running in user space, 46 00:02:36,795 --> 00:02:38,806 if it runs as my user account for example, 47 00:02:38,806 --> 00:02:42,800 it won't have access to anything that my user account doesn't have access to. 48 00:02:42,800 --> 00:02:44,930 That's what helps it be secure. 49 00:02:44,930 --> 00:02:47,641 But it does make the configuration a little bit different. 50 00:02:47,641 --> 00:02:49,040 And let me show you what I mean. 51 00:02:49,040 --> 00:02:52,440 I'm gonna go to my command prompt here and we'll get it installed. 52 00:02:52,440 --> 00:02:56,541 It is a part of Ubuntu standard repository so I don't have to download it. 53 00:02:56,541 --> 00:03:02,320 I can just say sudo Apt install Pure-FTPd like that. 54 00:03:02,320 --> 00:03:05,221 So it's gonna go and download it very streamlined. 55 00:03:05,221 --> 00:03:07,740 Not a whole lot of package dependencies coming along with it. 56 00:03:07,740 --> 00:03:11,940 I'll say yes to get that installed and there it goes. 57 00:03:11,940 --> 00:03:14,500 And once it's installed we've got it. 58 00:03:14,500 --> 00:03:20,540 I can turn it on by doing Sudo system CTL enable--now. 59 00:03:20,540 --> 00:03:22,390 Pure-FTPd. 60 00:03:22,390 --> 00:03:26,660 And the first time you started this is where things get a little bit weird. 61 00:03:26,660 --> 00:03:29,923 We're gonna get some authentication prompts that you might not be used to. 62 00:03:29,923 --> 00:03:32,251 Actually mine just did it automatically for me. 63 00:03:32,251 --> 00:03:33,340 Perfect. 64 00:03:33,340 --> 00:03:35,969 If you get an authentication prompt here, 65 00:03:35,969 --> 00:03:40,641 you might actually have to provide your user account credentials up to three 66 00:03:40,641 --> 00:03:44,669 times in order for it to be able to attach your user account to run. 67 00:03:44,669 --> 00:03:46,860 In my case it automatically picked it up and so 68 00:03:46,860 --> 00:03:49,630 it's added it the services started and I'm good to go but 69 00:03:49,630 --> 00:03:53,613 just be aware that on some destro's you will see that authentication prompt, and 70 00:03:53,613 --> 00:03:57,271 that's because it's binding to your user account running in user space. 71 00:03:57,271 --> 00:04:00,840 That's a little bit of variation and that prompted kind of throw people. 72 00:04:00,840 --> 00:04:05,971 Otherwise I do need to open up some ports on my firewall, 73 00:04:05,971 --> 00:04:09,477 so I'll do sudu UFW allow 20-TCP. 74 00:04:09,477 --> 00:04:12,805 And I'll follow that up with 21, I guess I could have done a range command and 75 00:04:12,805 --> 00:04:13,780 save a little time. 76 00:04:13,780 --> 00:04:15,881 I will do that from my passive ports though. 77 00:04:15,881 --> 00:04:20,448 So I'm going to allow 10,000 through 20,000 and 78 00:04:20,448 --> 00:04:25,975 that's gonna be for TCP and I can add a comment to remember, or whatever but 79 00:04:25,975 --> 00:04:30,750 that's from my passive transfers that happened inside of FTP. 80 00:04:30,750 --> 00:04:34,350 Once that's done, I basically got the server installed running and 81 00:04:34,350 --> 00:04:37,588 I've got my firewall configured, so I'm pretty good to go. 82 00:04:37,588 --> 00:04:40,840 >> And now that it is up and running, how can we go about configuring it? 83 00:04:40,840 --> 00:04:44,428 All right this is probably the biggest part where we deviate from 84 00:04:44,428 --> 00:04:46,040 a standard configuration. 85 00:04:46,040 --> 00:04:49,760 Pure FTPds configuration is straight up weird. 86 00:04:49,760 --> 00:04:53,164 It's just a strange one, the developers, they wanted it to be a little 87 00:04:53,164 --> 00:04:56,230 bit more portable where it was easy to take the configuration and 88 00:04:56,230 --> 00:04:59,240 drop it on new servers without a whole lot of hassle. 89 00:04:59,240 --> 00:05:03,230 It does have a standard configuration file but they don't want you to edit it. 90 00:05:03,230 --> 00:05:04,910 Let me show you what that looks like. 91 00:05:04,910 --> 00:05:10,640 I'm gonna go into /ATC/Pure-FTPd. 92 00:05:10,640 --> 00:05:14,600 And if you take a look in there, you'll see Pure FTPd.com. 93 00:05:14,600 --> 00:05:16,450 That's the main configuration file. 94 00:05:16,450 --> 00:05:20,807 And if I edit that, which, it will let me I can go into that file and 95 00:05:20,807 --> 00:05:24,081 I can start modifying configuration settings. 96 00:05:24,081 --> 00:05:26,820 Right in here, the configuration settings are really simple. 97 00:05:26,820 --> 00:05:30,770 There is a property followed by a value. 98 00:05:30,770 --> 00:05:33,465 So here's a property broken clients, compatibility and 99 00:05:33,465 --> 00:05:36,780 then the value is set to know that compatibility is turned off, right? 100 00:05:36,780 --> 00:05:40,594 So everything will be like that, a name on the left, and a value on the right, 101 00:05:40,594 --> 00:05:43,560 if I want to edit it, I just go through and I put that in here. 102 00:05:43,560 --> 00:05:47,864 For example, if I want to enable anonymous communications, 103 00:05:47,864 --> 00:05:52,681 then I would come in and say well actually anonymous is on by default. 104 00:05:52,681 --> 00:05:55,602 So if I wanted to turn off anonymous communications, well, 105 00:05:55,602 --> 00:05:56,940 we could find that in here. 106 00:05:56,940 --> 00:05:59,530 It's called no anonymous right here. 107 00:05:59,530 --> 00:06:00,680 No anonymous. 108 00:06:00,680 --> 00:06:02,500 I could set that to yes. 109 00:06:02,500 --> 00:06:07,175 And that would turn off anonymous accounts kind of almost like a double negative 110 00:06:07,175 --> 00:06:08,040 by default. 111 00:06:08,040 --> 00:06:11,540 No anonymous set to no means anonymous users are allowed. 112 00:06:11,540 --> 00:06:14,540 Well, if I edit it here and reload that's fine. 113 00:06:14,540 --> 00:06:17,868 But if I go to a new server or if I need to merge configurations, 114 00:06:17,868 --> 00:06:21,391 I've got to go line by line and find the differences and fix that. 115 00:06:21,391 --> 00:06:23,090 That can be a bit of a hassle. 116 00:06:23,090 --> 00:06:27,992 And so what they've done is they've set up a system where instead of 117 00:06:27,992 --> 00:06:34,040 changing values in the config there is a sub folder in here called camp. 118 00:06:34,040 --> 00:06:39,000 And what you can do is you can create text files in here where the file name 119 00:06:39,000 --> 00:06:44,230 matches the property and then inside of the pile the file you put the value. 120 00:06:44,230 --> 00:06:48,160 So you can see I've got a file in here that says no anonymous and 121 00:06:48,160 --> 00:06:53,100 if I look inside of it, it just has the word, yes, no anonymous is set to yes. 122 00:06:53,100 --> 00:06:57,184 And that means right now I am not allowing anonymous communications and 123 00:06:57,184 --> 00:07:01,011 if I want to allow anonymous communications I need to change that. 124 00:07:01,011 --> 00:07:02,370 Yes to a no. 125 00:07:02,370 --> 00:07:03,990 So I can just edit that file. 126 00:07:03,990 --> 00:07:10,040 So I'll say sudo edit no anonymous and I'll say no to that. 127 00:07:10,040 --> 00:07:14,910 And when I save it, that's going to make it where now that setting is set 128 00:07:14,910 --> 00:07:19,881 to know and a lot of people just kind of automate this using the T command. 129 00:07:19,881 --> 00:07:21,371 So you can echo the word. 130 00:07:21,371 --> 00:07:24,111 No pipe it into tea and drop it into that file. 131 00:07:24,111 --> 00:07:24,970 It's kind of a hassle. 132 00:07:24,970 --> 00:07:28,252 It's usually easier to edit the file but it's a weird way to configure it, but 133 00:07:28,252 --> 00:07:31,737 just know that that's kind of different than pretty much any other service that's 134 00:07:31,737 --> 00:07:32,440 out there. 135 00:07:32,440 --> 00:07:33,841 No anonymous. 136 00:07:33,841 --> 00:07:36,350 That's one setting, we might want to make another one. 137 00:07:36,350 --> 00:07:38,800 I might want to set up my passive ports ranges. 138 00:07:38,800 --> 00:07:45,481 And so I could come in and say echo 10,000 space 20,000, right? 139 00:07:45,481 --> 00:07:47,700 Those are the values I want from my passive ports. 140 00:07:47,700 --> 00:07:53,118 I'm gonna echo that into sudo 141 00:07:53,118 --> 00:08:01,786 T /etc/ pure-FTPd/comp/passive range or 142 00:08:01,786 --> 00:08:05,911 passive ports range. 143 00:08:05,911 --> 00:08:07,630 I've got to do the right value here. 144 00:08:07,630 --> 00:08:08,570 Pass support range. 145 00:08:08,570 --> 00:08:12,830 When I do that, it's going to create a file called passive ports range. 146 00:08:12,830 --> 00:08:15,241 And inside of it has 10,000 space 20,000. 147 00:08:15,241 --> 00:08:17,314 So that setting is the same as if I had gone and 148 00:08:17,314 --> 00:08:20,140 edited the main configuration file and put it in there. 149 00:08:20,140 --> 00:08:23,561 Now when it loads it will read that it'll see that it's available and it will. 150 00:08:23,561 --> 00:08:25,340 No, that's what I want. 151 00:08:25,340 --> 00:08:27,360 So that's kind of how we go about configuring it. 152 00:08:27,360 --> 00:08:30,940 It's weird but once you get used to it it's not so bad. 153 00:08:30,940 --> 00:08:34,539 >> Now, is there any way for you to monitor people's access? 154 00:08:34,539 --> 00:08:37,511 >> Yeah, actually the logging should be turned on by default. 155 00:08:37,511 --> 00:08:38,121 Let's check that out. 156 00:08:38,121 --> 00:08:40,780 So I've got this value right here alt log, right? 157 00:08:40,780 --> 00:08:44,581 Alt log, it's a little confusing because that stands for alternative logs. 158 00:08:44,581 --> 00:08:48,662 So if you want to do something alternative to the default but 159 00:08:48,662 --> 00:08:54,240 what's in there already is the default If I can't that file let me cat or a dog. 160 00:08:54,240 --> 00:08:58,240 I can see he's got one entry in there, which is CLF colon and 161 00:08:58,240 --> 00:09:03,140 then it points to a file/bar slash log/Pure-FTPd/transfer.log. 162 00:09:03,140 --> 00:09:04,690 That's the default log. 163 00:09:04,690 --> 00:09:07,360 It's already created is already enabled. 164 00:09:07,360 --> 00:09:09,880 But that CLF at the beginning, right? 165 00:09:09,880 --> 00:09:14,670 That is it's just a regular carriage, return line feed, 166 00:09:14,670 --> 00:09:18,120 simple text log file that we're used to. 167 00:09:18,120 --> 00:09:19,991 I'm trying to remember what it stands for. 168 00:09:19,991 --> 00:09:23,613 I think it's common log files what that actually stands for 169 00:09:23,613 --> 00:09:27,525 where each line represents a single log entry and that's that, 170 00:09:27,525 --> 00:09:31,530 but it does actually support more than one style or format of log. 171 00:09:31,530 --> 00:09:32,720 So let me edit that. 172 00:09:32,720 --> 00:09:38,851 So I'll do a suit edit aunt log and I can just add more entries to this. 173 00:09:38,851 --> 00:09:41,233 If I have more than one type of log, I want to output, 174 00:09:41,233 --> 00:09:42,491 I can just punch it in here. 175 00:09:42,491 --> 00:09:46,470 So maybe I want W3C formatted logging. 176 00:09:46,470 --> 00:09:50,374 This is really useful if you have like a security like centralized logging or 177 00:09:50,374 --> 00:09:53,305 a seam and it's expecting log files in a certain format. 178 00:09:53,305 --> 00:09:56,870 We can put it in the W3C format and have that, I'll need to specify 179 00:09:56,870 --> 00:10:01,211 a destination and I don't want to use the same file name or I'll have a conflict. 180 00:10:01,211 --> 00:10:04,927 So maybe I'll call this one, 181 00:10:04,927 --> 00:10:10,440 we'll call it transfer-W3C.log. 182 00:10:10,440 --> 00:10:15,510 And it also supports doing one that is optimized for statistics. 183 00:10:15,510 --> 00:10:21,185 So I'll call that one stats colon slash bar slash 184 00:10:21,185 --> 00:10:27,640 log slash Pure-FTPd/transfer-stats.log. 185 00:10:27,640 --> 00:10:31,180 So now it's going to generate three different log files of activity on 186 00:10:31,180 --> 00:10:33,221 the system in three different formats. 187 00:10:33,221 --> 00:10:34,810 And so I'm just dropping them all in here. 188 00:10:34,810 --> 00:10:36,958 Now, the cool part about this is in theory, 189 00:10:36,958 --> 00:10:39,730 all the stuff that I'm putting in the com folder. 190 00:10:39,730 --> 00:10:42,180 These are the things that I'm modifying on the server. 191 00:10:42,180 --> 00:10:46,254 So if I ever want to go to a new server, I just have to copy these files over and 192 00:10:46,254 --> 00:10:48,040 it's got my configuration. 193 00:10:48,040 --> 00:10:50,692 And if some of these files already exist in the new server now, 194 00:10:50,692 --> 00:10:52,174 I know where there's a conflict. 195 00:10:52,174 --> 00:10:55,927 So I know exactly where to look for settings that might bump into each other 196 00:10:55,927 --> 00:10:59,300 and I can fix that versus if I just copy a configuration file over. 197 00:10:59,300 --> 00:11:02,167 Well, I've got to run some kind of comparison on them or 198 00:11:02,167 --> 00:11:03,340 something to find it. 199 00:11:03,340 --> 00:11:04,911 This makes it a lot easier. 200 00:11:04,911 --> 00:11:07,240 That's one of the reasons why they chose to do this. 201 00:11:07,240 --> 00:11:09,357 But once I've got that put in place, 202 00:11:09,357 --> 00:11:12,511 I do need to restart Pure-FTPd before that will work. 203 00:11:12,511 --> 00:11:15,661 So I'll do a sudo system CTL restart. 204 00:11:16,740 --> 00:11:19,310 Pure-FTPd. 205 00:11:19,310 --> 00:11:21,819 We'll get that restarted and then let me connect to the server and 206 00:11:21,819 --> 00:11:22,700 transfer something. 207 00:11:22,700 --> 00:11:26,070 I'm gonna fire up trusty old. 208 00:11:26,070 --> 00:11:27,101 What do I want to use today? 209 00:11:27,101 --> 00:11:29,810 Let's use files Zilla again. 210 00:11:29,810 --> 00:11:30,803 All right. So infernal zilla, 211 00:11:30,803 --> 00:11:32,131 I can just get connected to my server. 212 00:11:32,131 --> 00:11:35,950 I'm gonna punch in the IP 10.222.0251. 213 00:11:35,950 --> 00:11:39,280 I'll use my user name to connect, so that I'll see it in the log. 214 00:11:39,280 --> 00:11:44,021 I'll punch in my super secure password and I'm gonna go ahead, and connect. 215 00:11:44,021 --> 00:11:48,041 Now I will get a warning because FTP is using plain text by default, so 216 00:11:48,041 --> 00:11:51,020 I'll just have to say, okay to that and it's gonna 217 00:11:51,020 --> 00:11:55,341 connect I see my home directory, and maybe I want to copy something down. 218 00:11:55,341 --> 00:11:57,430 Let me drop something in. 219 00:11:57,430 --> 00:11:59,820 Let's see do I have my downloads folder here? 220 00:11:59,820 --> 00:12:02,484 I will copy this file down so it's gonna download and 221 00:12:02,484 --> 00:12:05,831 then once it's downloaded now I can go, and see that in the logs. 222 00:12:05,831 --> 00:12:13,900 I'll do a sudo cat/var/log/pure-ftpd/transfer.log 223 00:12:13,900 --> 00:12:17,040 was my default log. 224 00:12:17,040 --> 00:12:20,050 And right there I can see that entry that I've transferred the file. 225 00:12:20,050 --> 00:12:25,441 I can see that user depzet got/home/depzet/file. 226 00:12:25,441 --> 00:12:27,301 One.text, so I can see that activity. 227 00:12:27,301 --> 00:12:29,767 It's all stored right there in the logs and 228 00:12:29,767 --> 00:12:33,475 we can make sure that our server is being accessed responsibly. 229 00:12:33,475 --> 00:12:36,337 >> Now Pure-FTPd is supposed to be pretty secure but 230 00:12:36,337 --> 00:12:38,321 FTP is just a plain text protocol. 231 00:12:38,321 --> 00:12:42,140 So is there a way that we can make Pure-FTPd use encryption. 232 00:12:42,140 --> 00:12:46,047 >> You can but I'll say the same thing that I said about the Sftpd, 233 00:12:46,047 --> 00:12:48,281 which is why you can make it secure. 234 00:12:48,281 --> 00:12:51,440 You generally don't want to that there are better protocols for that. 235 00:12:51,440 --> 00:12:54,567 Sftp, the secure file transfer protocol uses ssh, 236 00:12:54,567 --> 00:12:56,720 you don't even need an FTP server. 237 00:12:56,720 --> 00:12:59,840 It does a better job of encrypted file transfers. 238 00:12:59,840 --> 00:13:04,309 But if you want the advanced bells and whistles of pure FTP, you want like ratio 239 00:13:04,309 --> 00:13:08,663 downloads, then that's where you just need to make it as secure as you can. 240 00:13:08,663 --> 00:13:15,001 And so we can bolt on TLS or transport layer security to add that functionality. 241 00:13:15,001 --> 00:13:17,340 It's just like ssl on a on a web page. 242 00:13:17,340 --> 00:13:21,490 We can make ftp run over that and configure ftps. 243 00:13:21,490 --> 00:13:23,350 The only thing we need is a certificate. 244 00:13:23,350 --> 00:13:24,880 We've got to generate a certificate for this. 245 00:13:24,880 --> 00:13:28,645 And unlike the sftpd where it used like the default system one here, 246 00:13:28,645 --> 00:13:32,161 I'm going to generate a self signed certificate for us to use. 247 00:13:32,161 --> 00:13:35,310 So in order to do this, there's two things I have to set. 248 00:13:35,310 --> 00:13:38,924 First off, I need to enable TLS in my configuration so to do that, 249 00:13:38,924 --> 00:13:40,389 we have a simple setting. 250 00:13:40,389 --> 00:13:46,117 I'll just say echo one and I'm gonna sudu t, that and 251 00:13:46,117 --> 00:13:53,340 I'm gonna drop that in slash btc/pure-ftpd/camp/TLS. 252 00:13:53,340 --> 00:13:56,200 The TLS setting has a few different values. 253 00:13:56,200 --> 00:13:58,710 Well, there's zero, which is to not do it. 254 00:13:58,710 --> 00:14:02,101 One is to make it optional and two is to require it. 255 00:14:02,101 --> 00:14:06,340 So if I want to require TLS, I can set that to two, if I wanted to be optional. 256 00:14:06,340 --> 00:14:07,911 I just said it to one and that's what I'm doing. 257 00:14:07,911 --> 00:14:12,773 I'm making it optional on my FTP server, but that setting right there is gonna tell 258 00:14:12,773 --> 00:14:17,240 it that I want to at least support it and enable TLS then I need a certificate. 259 00:14:17,240 --> 00:14:23,152 So for that what I'll do is let me just switch to my home directory for 260 00:14:23,152 --> 00:14:26,701 a moment and I'm gonna do a openssl req. 261 00:14:26,701 --> 00:14:32,040 So I'm gonna generate a certificate request for a-x 509 certificate. 262 00:14:32,040 --> 00:14:33,951 I'm gonna do -nodes. 263 00:14:33,951 --> 00:14:37,251 And that's what's going to let it know that I don't need a pass phrase on it and 264 00:14:37,251 --> 00:14:39,040 I'm gonna self sign this one. 265 00:14:39,040 --> 00:14:40,910 Then -new key. 266 00:14:40,910 --> 00:14:42,450 So I'm generating a key. 267 00:14:42,450 --> 00:14:45,351 I'll do rsa colon 2,048. 268 00:14:45,351 --> 00:14:50,061 So I'm doing a 2,048 bit key and then -key out. 269 00:14:50,061 --> 00:14:55,161 I'm gonna output this to a file called Pure-FTPd.pem. 270 00:14:56,640 --> 00:15:02,830 And then I have to specify dash out again for the certificate part. 271 00:15:02,830 --> 00:15:04,581 So it's just the signed certificate. 272 00:15:04,581 --> 00:15:08,106 I'm gonna put it in the same file, so it'll be pure-ftpd.pem. 273 00:15:08,106 --> 00:15:11,363 Pem files can store the key, the certificate, 274 00:15:11,363 --> 00:15:16,736 you can store it all in one and the last thing I'll do days I'll make this one for 275 00:15:16,736 --> 00:15:20,510 we'll do two years, 730 days, so I'll run that. 276 00:15:20,510 --> 00:15:23,461 It's gonna ask me for my country, my state. 277 00:15:23,461 --> 00:15:27,180 So I'll just kind of punch in the values as we need them to be. 278 00:15:27,180 --> 00:15:32,702 I'll be ITPROTV will be my company today organizational to be the IT Department, 279 00:15:32,702 --> 00:15:35,671 the fully qualified name for my FTP server. 280 00:15:35,671 --> 00:15:38,640 Maybe mine's just lab that ITPRO.TV. 281 00:15:38,640 --> 00:15:40,910 The email address people can reach for support. 282 00:15:40,910 --> 00:15:42,599 I'll leave that blank and 283 00:15:42,599 --> 00:15:48,070 when it's done I'll have generated that pem file now I called it pure-ftpd.pem. 284 00:15:48,070 --> 00:15:51,330 I did that on purpose because that's what the default configuration is looking for. 285 00:15:51,330 --> 00:15:54,241 If I name it anything else, I have to go and modify the config for it. 286 00:15:54,241 --> 00:15:56,340 So it's better to just use the standard name. 287 00:15:56,340 --> 00:15:58,031 I need to move it into the right spot. 288 00:15:58,031 --> 00:16:02,561 So I'll do a sudo cp, pure ftpd.pem. 289 00:16:02,561 --> 00:16:07,999 I'm going to copy that to /etc.ssl/private and 290 00:16:07,999 --> 00:16:10,920 I have to spell cp, right? 291 00:16:10,920 --> 00:16:12,481 Apparently I do not know how to do that. 292 00:16:12,481 --> 00:16:15,241 There we go and then I need to change its permissions a little bit. 293 00:16:15,241 --> 00:16:19,417 I'll do a sudu ch mode, 600, 294 00:16:19,417 --> 00:16:25,233 I needed to not have write permissions on it and 295 00:16:25,233 --> 00:16:33,451 I will assign that to /etc/ssl/private/pure-ftpd.pem. 296 00:16:33,451 --> 00:16:35,961 And I left the hyphen out, so let me get that in there. 297 00:16:37,040 --> 00:16:37,750 There we go. 298 00:16:37,750 --> 00:16:42,092 Once we've got that certificate with the right permissions we've got in the right 299 00:16:42,092 --> 00:16:44,470 place now we just have to restart Pure-FTP. 300 00:16:44,470 --> 00:16:50,910 So I'll do a sudo system CTL restart pure-FTPd. 301 00:16:50,910 --> 00:16:53,260 That'll restart it up and now I should be able to connect and 302 00:16:53,260 --> 00:16:55,051 actually get a secure connection this time. 303 00:16:55,051 --> 00:17:00,640 So let me disconnect from the server and this time I will let me create a site. 304 00:17:00,640 --> 00:17:02,511 All right actually I got my site leftover from last time. 305 00:17:02,511 --> 00:17:04,240 I'm sure it will love the different certificate. 306 00:17:04,240 --> 00:17:06,016 So let me just run that through and 307 00:17:06,016 --> 00:17:09,317 this time when it connect sure enough it sees a certificate and 308 00:17:09,317 --> 00:17:13,339 it's asking me do I trust it, and I can see all the values that I just put in. 309 00:17:13,339 --> 00:17:16,222 I'll trust it and say okay and now I connect up and 310 00:17:16,222 --> 00:17:18,940 I can see TLS connection established. 311 00:17:18,940 --> 00:17:22,839 This is now an encrypted connection to my FTP server. 312 00:17:22,839 --> 00:17:26,551 >> Well this is a great introduction to pure FTPd and some of its features. 313 00:17:26,551 --> 00:17:29,260 We've got to look at the installation process and configuring it. 314 00:17:29,260 --> 00:17:32,581 I mean we're also gonna look at some enabling, some of the security features as 315 00:17:32,581 --> 00:17:34,981 well but that's all we've got time for in this episode. 316 00:17:34,981 --> 00:17:37,010 Stick around because we've got more help it coming up. 317 00:17:37,010 --> 00:17:38,040 Thanks so much for watching. 318 00:17:38,040 --> 00:17:38,861 We'll see you next time. 319 00:17:40,440 --> 00:17:43,653 >> Thank you for watching ITPROTV. 320 00:17:43,653 --> 00:17:46,690 [MUSIC]