Infopro
Well-Known Member
It should be by default these days.
cPanel > FTP Accounts > scroll down to find the username for the account, far right icon Configure FTP Client. There you should see the SFTP Server Port listed for your users.
cPanel > FTP Accounts > scroll down to find the username for the account, far right icon Configure FTP Client. There you should see the SFTP Server Port listed for your users.
Thanks for replying. I'm not quite finding that. I went into WHM then looked under FTP Accounts but not seeing that option. Hmmmm...
I also set up a new FTP account in cPanel under a test domain. It also didn't give SFTP settings, only settings for FTP. I do not want to enable Shell access for my customers but feel it's important that they have the ability to upload files via SFTP. I hope there is a way for them to do this.
Last edited:
Infopro
Well-Known Member
I never mentioned WHM, I was speaking of in a cPanel account on your server. AFAIK, all users have access to SFTP on a cPanel server by default now.
Correct, in cPanel 11 all cPanel users have SFTP access. However, additional FTP accounts (virtual FTP accounts) do not have SFTP access.
If the hosting provider is not yet using cPanel 11, please have them upgrade.
Thank you. We are using cPanel 11. However, when I select SFTP, it gives an error message telling me the password is invalid. If I set it to FTP, it works. This is using Fetch for Mac.
Hostname: ftp.mydomain.com
Username: myusername
Password: mypassword
I tried using ports 21 and 22 to see if it made a difference, but it didn't.
Are there specific settings that I should use for SFTP?
Thank you.
Infopro
Well-Known Member
The port number listed in your cPanel as I mentioned and the IP for the server, will get you in. You'll need to properly config your FTP client as well.
Last edited:
On some servers, you need to do [email protected] where myusername is the user's cPanel username and primarydomain is the main domain on their cPanel account.
Well if that's the case, how about fixing your page so that it doesn't show any SFTP information for virtual FTP account login details. That way people who create FTP users don't get the impression that they can log in their virtual users over the SFTP port when its obviously not the case.
Hal
We are currently working on fixing that page so SFTP information is not displayed when viewing virtual FTP account details. (Internal Case 26282)
I tried to connect to a website using SFTP and was able to do so. However, I can go several levels up the server and can access other directories too except the other websites' directories in the /home directory. This is actually risky as a person can also delete data from the other directories and cause instability to the system. Is there a work around for this?
Using SFTP you can only see the listing of the directories which is inside the /home directory. No one can modify the other directories except the owner of that directory.
With the way *nix file system permissions work, being able to see a file exists is not the same as being able to view, modify or delete a file.
While there are some obvious merits (and some cons) to moving to SFTP transfers, I should take a moment and point out that doing so in response to the recent IFRAME / Index Hacking problems with so many sites left victim will do ABSOLUTELY NOTHING to help you or protect your server!
If your motivation in switching over to SFTP is something other than these
recent attacks around the world, then all the power to you.
If not, and that is your driving motivation, then you may want to re-consider your actions because you are doing nothing to help yourself or your clients.
If your motivation in switching over to SFTP is something other than these
recent attacks around the world, then all the power to you.
If not, and that is your driving motivation, then you may want to re-consider your actions because you are doing nothing to help yourself or your clients.
most of the attacks are from exploits in software on the server, not from hacking of ftp passwords.
SFTP is a good idea as it is more secure. However it is not an end all
SFTP is a good idea as it is more secure. However it is not an end all
bvierra - funny you should say that - I go to this post searching for ways to secure the connection for the very reason you mention. But I understood from all of my study of the exploit - sometimes referred to as the "GUMBLAR" virus - that they finally found it to end up creating a node on your network that could sniff clear text ftp packets. So encrypting the packets would take care of that it would seem.
I would very much appreciate any info you have on it - I had 3 website hacked with that iframe upload deal through a virus on one of my team's computers, and it's clear that the ftp user/pswd was compromised.
I would very much appreciate any info you have on it - I had 3 website hacked with that iframe upload deal through a virus on one of my team's computers, and it's clear that the ftp user/pswd was compromised.
Perhaps just edit your firewall to remove (block) Incoming TCP Port 21... that will stop incoming FTP pretty quick.
- Scott