I got this fixed by disabling IPv6 used by Proftp. Just put this one line in your proftp configuration file /etc/proftpd.conf

UseIPv6 off

You can see the changes while analysing the /var/log/secure log file for any login attempts.

#!/bin/bash

#Retrieve the current date

CUR_DATE=`date | awk ‘{print $2″ ” $3}’`

#Create a temporary file to store the logs
touch /tmp/out.txt

echo “Successful Ftp Logins on “$CUR_DATE”” > /tmp/out.txt

#Search the successful attempts and save in the temporary file

/bin/grep “$CUR_DATE” /var/log/messages | grep pure-ftpd | grep login >> /tmp/out.txt

#Email the contents of the file to your email address
/bin/mail -s “Successful Ftp Login Attempts on “$CUR_DATE” ” youremail@yourdomain.com < /tmp/out.txt

Save the file. You now have to schedule a cron to execute the file once in a day to search logs. Edit the cron file

crontab -e

and add the following cron job

59 23 * * * /bin/sh /home/script/ftologins.sh

Note: This script will work with Pure-Ftpd server. You will have to edit the search string a bit according to your Ftp server.

I’m sure some here have been using SFTP with DirectAdmin however that is done over the system’s SSH daemon. The problems with this are 1) users must be given ssh access to use SFTP. 2) You can’t restrict SSH access to certain IPs if you have customers needing to use SFTP. 3) It only lets DirectAdmin Users login, if a user creates a child FTP account, it will not work for SFTP.

SFTP hasn’t been supported by many common FTP servers such as ProFTPD, until TJ Saunders recently wrote a mod_sftp for ProFTPD. I’ve set it up for several people recently and it works really well. It addresses all of the above problems.

The only drawback to this implementation is that all users on the system will need to switch to SFTP. I might try to come up with a setup for running both SFTP and insecure-FTP later if there is demand.

Step 1. Change your ssh port (optional)

I recommend changing your ssh port if you haven’t done so already. This is done by changing the Port line in /etc/ssh/sshd_config and restarting sshd. Make sure you know what you are doing before attempting this, since you could lock yourself out of the server.

Step 2. Compile new ProFTPD with mod_sftp

Assuming your system has all of the tools and libraries for compiling, just run these commands:

Note: change prefix to /usr if this is Linux instead of FreeBSD.

Step 3. Make sure new ProFTPD is working

Restart proftpd, Linux:

FreeBSD:

Make sure you can still connect to your FTP server. You should see version 1.3.2:

Step 4a. Change Port in ProFTPD

Open /etc/proftpd.conf in an editor and change the Port to what you want SFTP to use. To make it easy on your users you could use Port 22 since it would be the default in SFTP clients. You could also pick something random such as 3822.

Step 4b. Enable SFTP in main proftpd.conf

Add the following lines to your /etc/proftpd.conf file, somewhere near the top of the file so its easy to find:

Step 4c. Enable SFTP in IP-based FTP vhosts

Add the following lines into EACH VirtualHost container in /etc/proftpd.vhosts.conf:

The Port should match what you used in Step 4a. Make sure you put these 4 new lines before EACH </VirtualHost> in that file.

Step 4d. Enable SFTP config in FTP vhost template

Add the same 4 lines into /usr/local/directadmin/data/templates/proftpd.vhosts.conf before the </VirtualHost> line

Again, the Port should match what you used in Step 4a

Step 5. Restart ProFTPD

Restart proftpd, Linux:

FreeBSD:

Step 6. Test it out

Test it out! If you telnet to the new port you should see a greeting like this:

That is normal. Now use an SFTP client like FileZilla and try it out. You should use the exact same usernames and passwords as you did previously for FTP.