Filed with Developers SFTP and port assignment for remote FTP backups in WHM [Case 34153]

[linux25]

On my backup servers I only leave SSH open and use it for SFTP. I would like to be able to use the WHM backup feature to an SFTP server and I need to be able to specify the port.

Thanks,

Jeff Small

[lorio]

The remote backup features in terms of SFTP and SSL-FTP are really overdue.

We discussed some parts about it already in
http://forums.cpanel.net/f49/remote-...es-104277.html

Some feature requests are nice to have but an encrypted transfer out of the box should be a must have. Since the account transfer routines already use sftp I still wonder why unregular account transfers can be encrypted but regular backups can't (out of the box).

SSL FTP in terms of speed would be better, but to take the ssh codepart of the account transfer routines and implement them in the backup routines sound like a good start for 11.25.

[blaster701]

Hello there.

I've noticed that backups in cpanel, above all when they aren't set with defaults values are pretty tricky to make them work in the way we want.

SFTP via SSH should be already there (security is a must), with an option to restore a backup also remotely. I mean, making WHM to check those remote files previously created.

If I'm not wrong, the only option to bring back to life an account is transferring it from another cpanel server or putting the file into a local folder and using the restoring command.

Hope this feature is included in next updates of Cpanel

A.Aroza

[cPanelDon]

On my backup servers I only leave SSH open and use it for SFTP. I would like to be able to use the WHM backup feature to an SFTP server and I need to be able to specify the port.

Regarding the Configure Backup page in WHM, we are aware of the requested need for SFTP (SSH) being an option alongside FTP for remotely-stored backups; this feature request is currently being tracked via internal case ID #34153.

[8p-design]

We are making extreme gymnastic with extra drives and rsync over SSH for our backup procedure... restore is not so easy either and demands quite a load of mind presence every time.

Can't wait to make incremental backup over a secure connection to our remote backup servers.

Please give us an approximate time of delivery?
Where can we follow this case ID #34153?

thanks!!!!!

[bamf]

Simple request. Much needed.
I use the WHM nightly FTP
backups.

I would greatly value the ability
to SFTP the night transfer.

Please add this feature!

[Kent Brockman]

+1 for this. Backups via FTP should be securized.

[zealus.com]

I can see similar threads from 2004, 2006 and 2009. This really is an overdue feature AND I don't see why is it so hard to implement. Come on, guys, it couldn't be harder than moving an account from another server via SSH?

[SoftDux]

This has been requested, and ignored, before. Please add secure FTP transfers for FTP type backups!

[cPanelDavidG]

We already had an internal case on this feature request as mentioned above. I have updated this thread to reflect that case number. I also merged 2 separate discussions about SFTP. If anyone can provide me links to other discussions of this topic, that would be great so updates about this can be sent to just one thread where everyone interested in this can look.

[SoftDux]

David, when can we expect this to be added to cpanel?

[cPanelDavidG]

This is still in the planning stages, so I don't have an estimated ETA yet. Once I get one, I'll update this thread.

[rwagener11]

still in planning stages! I see people asking this for years! This lack of a secure backup feature shows that Cpanel is not a enterprise solution. It also shows that every single cpanel server out there has unsecure backups.

[cPanelDavidG]

still in planning stages! I see people asking this for years! This lack of a secure backup feature shows that Cpanel is not a enterprise solution. It also shows that every single cpanel server out there has unsecure backups.

SFTP is about data transfer among servers, not so much any implied encryption of data once it arrives at the destination. If you are interested in encrypted backups, you may want to voice your support for the following feature request: http://forums.cpanel.net/f145/backup...rd-194331.html - perhaps vocalize that the encryption should also be available for WHM backups.

I agree that FTP is a woefully insecure protocol as far as connecting from a laptop at coffee shop over unencrypted Wi-Fi goes. However, these are servers on hardwired ethernet (not wi-fi... well, I hope you're not running cPanel&WHM servers over wi-fi, I have been proven wrong on these things before) often backing up to a server that is either 1) probably in the same rack thus on the same switch (unless the data center for some unknown reason is still using cheap hubs) or 2) off-site to another data center, often over the fast routes of backbones that aren't easily intercepted.

Security isn't binary, there are variations from low risk to high risk, and if you can elaborate on how this should be considered anything other than low risk, that can be useful in re-prioritizing this item. Right now, the only items I can think of offhand that can readily cause problems is if the destination server is compromised, then they have your credentials and your data, the data center is using outdated or inappropriate infrastructure like hubs, or if someone is wiretapping an undersea cable somewhere (or the landline equivalent).

I'm not negating the need for this request, I would love to see this implemented too. However, if I am to convince the developers to give this a higher priority, I will need some useful feedback to provide them to convince them to do reconsider the priority given to this request.

[lorio]

often backing up to a server that is either 1) probably in the same rack thus on the same switch (unless the data center for some unknown reason is still using cheap hubs) or 2) off-site to another data center, often over the fast routes of backbones that aren't easily intercepted.

Aren't easily intercepted ??? The question is for whom?
The FTP credentials are enough to intercept. The data itself on the remote backup isn't encrypted.

I haven't heard that it is possible to assume no liability when a data breach happened with the statement:
"We used switches in our datacenter and prefered fast routes of backbones".

And switches can be tricked too.
Using Insecure Protocols – FTP » Tevora Blog

The discussions about security are always lacking a concrete demonstration.
Remember the https activities (BTW: this forum can be used via https too!) from several sites when Firesheep was released and showed how easy it is to hijack http sessions.

Two and half years ago I posted a request for a secure backup transfer and for an encryption routine for the data itself.
I quote myself (shame on me):

Is there no customer demand or is the implementation that problematic? Addon for additional bucks?

To me these features are not often demanded because too many people are expecting them to be already there.
E.g DropBox and the outrage when they made clear how exactly they handle and encrypt the data.


Encrypted transfer. Encrypted data. The question is why not?

To convince developers I need to know what is currently their priority ;-) Would be interesting.

Thanks for your time and input. It isn't an easy job to keep the kindergarten on course.