Installing ProFTPd with Public Key Authentication on Ubuntu 16.04


First install proftpd:

apt-get update
apt-get install proftpd

Next, change the following lines in /etc/proftpd/proftpd.conf:

ServerName "sftp.example.net"
DefaultRoot ~

Put in your hostname (if it resolves) or IP address as ServerName. The second line will jail the user to his home directory.

Next, create the file /etc/proftpd/conf.d/sftp.conf with the following content:

<IfModule mod_sftp.c>

        SFTPEngine on

        # If you want your SFTP server on a different port, change the following
        # line accordingly
        Port 2222

        # Log file
        SFTPLog /var/log/proftpd/sftp.log

        # Configure both the RSA and DSA host keys, using the same host key
        # files that OpenSSH uses.
        SFTPHostKey /etc/ssh/ssh_host_rsa_key
        SFTPHostKey /etc/ssh/ssh_host_dsa_key

        SFTPAuthorizedUserKeys file:/etc/proftpd/authorized_keys/%u

        # Enable compression
        SFTPCompression delayed

        # Default is: publickey password
        SFTPAuthMethods publickey

</IfModule>

Then create the folder which will hold the public keys that will be allowed to connect and restart proftpd: 

mkdir /etc/proftpd/authorized_keys
service proftpd restart

Now let's create a user and its SSH key:

useradd madmax -m -s /bin/bash
sudo -u madmax ssh-keygen -t rsa

Hit enter twice to confirm key creation without password. 

Next let's convert it's key into RFC4716 format and put it into the proftpd folder:

ssh-keygen -e -f ~madmax/.ssh/id_rsa.pub | tee /etc/proftpd/authorized_keys/madmax

Now, get the private key part (/home/madmax/.ssh/id_rsa) onto your local machine from which you want to connect (permissions should be 600) and finally .. let's connect (I've been using YummyFTP on a german OSX, but e.g. Filezilla would be an alternative for Linux and Windows):

sftp-public-key-auth

As a security measure it is actually a good idea to comment the following line from /etc/ssh/sshd_config

Subsystem sftp /usr/lib/openssh/sftp-server

and restart SSH: service ssh restart