The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Allow SFTP without Shell?

Discussion in 'General Discussion' started by Selena, Jun 22, 2009.

  1. Selena

    Selena Active Member

    Joined:
    Jun 22, 2009
    Messages:
    27
    Likes Received:
    0
    Trophy Points:
    1
    Is it possible? How would I go about enabling this?

    Thank you.
     
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,450
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    It should be by default these days.

    cPanel > FTP Accounts > scroll down to find the username for the account, far right icon Configure FTP Client. There you should see the SFTP Server Port listed for your users.
     
  3. Selena

    Selena Active Member

    Joined:
    Jun 22, 2009
    Messages:
    27
    Likes Received:
    0
    Trophy Points:
    1
    Thanks for replying. I'm not quite finding that. I went into WHM then looked under FTP Accounts but not seeing that option. Hmmmm...

    I also set up a new FTP account in cPanel under a test domain. It also didn't give SFTP settings, only settings for FTP. I do not want to enable Shell access for my customers but feel it's important that they have the ability to upload files via SFTP. I hope there is a way for them to do this.
     
    #3 Selena, Jun 22, 2009
    Last edited: Jun 22, 2009
  4. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,450
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    I never mentioned WHM, I was speaking of in a cPanel account on your server. AFAIK, all users have access to SFTP on a cPanel server by default now.
     
  5. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Correct, in cPanel 11 all cPanel users have SFTP access. However, additional FTP accounts (virtual FTP accounts) do not have SFTP access.

    If the hosting provider is not yet using cPanel 11, please have them upgrade.
     
  6. Selena

    Selena Active Member

    Joined:
    Jun 22, 2009
    Messages:
    27
    Likes Received:
    0
    Trophy Points:
    1
    Thank you. We are using cPanel 11. However, when I select SFTP, it gives an error message telling me the password is invalid. If I set it to FTP, it works. This is using Fetch for Mac.

    Hostname: ftp.mydomain.com
    Username: myusername
    Password: mypassword

    I tried using ports 21 and 22 to see if it made a difference, but it didn't.

    Are there specific settings that I should use for SFTP?

    Thank you.
     
  7. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,450
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    The port number listed in your cPanel as I mentioned and the IP for the server, will get you in. You'll need to properly config your FTP client as well.
     
    #7 Infopro, Jun 24, 2009
    Last edited: Jun 24, 2009
  8. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    On some servers, you need to do myusername@primarydomain where myusername is the user's cPanel username and primarydomain is the main domain on their cPanel account.
     
  9. hbouma

    hbouma Well-Known Member

    Joined:
    Jun 8, 2002
    Messages:
    49
    Likes Received:
    0
    Trophy Points:
    6
    Well if that's the case, how about fixing your page so that it doesn't show any SFTP information for virtual FTP account login details. That way people who create FTP users don't get the impression that they can log in their virtual users over the SFTP port when its obviously not the case.

    Hal
     
  10. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    We are currently working on fixing that page so SFTP information is not displayed when viewing virtual FTP account details. (Internal Case 26282)
     
  11. nitaish

    nitaish Well-Known Member
    PartnerNOC

    Joined:
    Jan 6, 2006
    Messages:
    123
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Mulund, India, India
    I tried to connect to a website using SFTP and was able to do so. However, I can go several levels up the server and can access other directories too except the other websites' directories in the /home directory. This is actually risky as a person can also delete data from the other directories and cause instability to the system. Is there a work around for this?
     
  12. thewebhosting

    thewebhosting Well-Known Member

    Joined:
    May 9, 2008
    Messages:
    1,201
    Likes Received:
    1
    Trophy Points:
    38
    Using SFTP you can only see the listing of the directories which is inside the /home directory. No one can modify the other directories except the owner of that directory.
     
  13. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    With the way *nix file system permissions work, being able to see a file exists is not the same as being able to view, modify or delete a file.
     
  14. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    While there are some obvious merits (and some cons) to moving to SFTP transfers, I should take a moment and point out that doing so in response to the recent IFRAME / Index Hacking problems with so many sites left victim will do ABSOLUTELY NOTHING to help you or protect your server!

    If your motivation in switching over to SFTP is something other than these
    recent attacks around the world, then all the power to you.

    If not, and that is your driving motivation, then you may want to re-consider your actions because you are doing nothing to help yourself or your clients.
     
  15. sneader

    sneader Well-Known Member

    Joined:
    Aug 21, 2003
    Messages:
    1,126
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    La Crosse, WI
    cPanel Access Level:
    Root Administrator
    It might be helpful to explain why?

    - Scott
     
  16. bvierra

    bvierra Well-Known Member

    Joined:
    Jul 28, 2006
    Messages:
    55
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    Southern California
    most of the attacks are from exploits in software on the server, not from hacking of ftp passwords.

    SFTP is a good idea as it is more secure. However it is not an end all :)
     
  17. jroll9

    jroll9 Registered

    Joined:
    Oct 2, 2009
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    bvierra - funny you should say that - I go to this post searching for ways to secure the connection for the very reason you mention. But I understood from all of my study of the exploit - sometimes referred to as the "GUMBLAR" virus - that they finally found it to end up creating a node on your network that could sniff clear text ftp packets. So encrypting the packets would take care of that it would seem.

    I would very much appreciate any info you have on it - I had 3 website hacked with that iframe upload deal through a virus on one of my team's computers, and it's clear that the ftp user/pswd was compromised.
     
  18. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Case 26282 has been addressed in version 11.32.3.15 and later.
     
  19. Selena

    Selena Active Member

    Joined:
    Jun 22, 2009
    Messages:
    27
    Likes Received:
    0
    Trophy Points:
    1
    Is there a way in WHM to *require* users to log in using SFTP instead of plain FTP?
     
  20. sneader

    sneader Well-Known Member

    Joined:
    Aug 21, 2003
    Messages:
    1,126
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    La Crosse, WI
    cPanel Access Level:
    Root Administrator
    Perhaps just edit your firewall to remove (block) Incoming TCP Port 21... that will stop incoming FTP pretty quick. :)

    - Scott
     
Loading...

Share This Page