ansible-roles/proftpd/templates/sftp.conf.j2

{% if proftpd_sftp_override %}
# WARNING : **Probably** ansible managed
{% endif %}

<IfModule !mod_tls.c>
    LoadModule mod_tls.c
</IfModule>

<IfModule !mod_sftp.c>
    LoadModule mod_sftp.c
</IfModule>

<VirtualHost {{ proftpd_default_address | join(' ') }}>
    SFTPEngine   on
    Port         {{ proftpd_sftp_port }}
    DefaultRoot  ~
    
    SFTPLog      /var/log/proftpd/sftp.log
    TransferLog  /var/log/proftpd/xferlog

{% if proftpd_sftp_use_publickeys %}
    SFTPAuthMethods publickey password
    SFTPAuthorizedUserKeys file:/etc/proftpd/sftp.authorized_keys/%u
{% else %}
    SFTPAuthMethods password
{% endif %}

    SFTPHostKey /etc/ssh/ssh_host_ecdsa_key
    SFTPHostKey /etc/ssh/ssh_host_rsa_key
    SFTPHostKey /etc/ssh/ssh_host_ed25519_key
    
    RequireValidShell off
    
    AuthUserFile /etc/proftpd/vpasswd
    
    <Limit LOGIN>
        AllowGroup ftpusers
        DenyAll
    </Limit>
</VirtualHost>