Here is my proftpd.conf file: how do I make it so it doesn't ask for my cert passphrase each time the deamon starts? I remember reading a while ago on a way so it does it automatically...but forget where I saw it. Thanks.
Code:
ServerName "Gentoo FTP"
ServerType standalone
DeferWelcome off
DefaultServer on
AuthPAM off
AuthPAMConfig ftp
Port 666
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask 022
MaxInstances 30
# Set the user and group under which the server will run.
User nobody
Group nobody
# Normally, we want files to be overwriteable.
<Directory />
AllowOverwrite on
</Directory>
# chroot for all users of the group ftpuser
DefaultRoot ~ ftpuser
# grant login only for members of the group
<Limit LOGIN>
DenyGroup !ftpuser
</Limit>
# disable root login and require a valid shell (from /etc/shells)
<Global>
RootLogin off
RequireValidShell on
</Global>
UseReverseDNS off
IdentLookups off
# Logging formats
LogFormat default "%h %l %u %t \"%r\" %s %b"
LogFormat auth "%v [%P] %h %t \"%r\" %s"
LogFormat write "%h %l %u %t \"%r\" %s %b"
# logging
# every login
ExtendedLog /var/log/ftp_auth.log AUTH auth
# file/dir access
ExtendedLog /var/log/ftp_access.log WRITE,READ write
<IfModule mod_tls.c>
TLSEngine on
TLSLog /opt/var/proftpd/tls.log
TLSProtocol TLSv1
# Clients are required to use FTP over TLS when talking to this server
# off = clients can connect using insecure FTP or secure FTP/SSL
# on = clients can only connect using secure FTP/SSL
TLSRequired on
# Server's certificate
TLSRSACertificateFile /opt/etc/ftpd/server.crt
TLSRSACertificateKeyFile /opt/etc/ftpd/server.key
# CA the server trusts
TLSCACertificateFile /opt/etc/ftpd/ca.crt
# Authenticate clients that want to use FTP over TLS
# off = client SSL certificates are not requried
# on = client SSL certificates are required
TLSVerifyClient off
</IfModule>
EDIT: (SOLVED)
1. Remove the encryption from the RSA private key (while preserving the original file):
$ cp server.key server.key.org
$ openssl rsa -in server.key.org -out server.key
2. Make sure the server.key file is now only readable by root:
$ chmod 400 server.key