I have enabled the shell acces to the domain by modifying the account but my intention is to have secure access to the FTP users who are accessing the domain.
I have cread few FTP users to respective home directories through the cpanel of the domain. But I am only able to access Normal FTP on port 21 which doesn't encrypt the information. I need some kind of Secure acecss like SFTP or FTPS to the FTP users.
Please advice.
I have cread few FTP users to respective home directories through the cpanel of the domain. But I am only able to access Normal FTP on port 21 which doesn't encrypt the information. I need some kind of Secure acecss like SFTP or FTPS to the FTP users.
Please advice.
Hello,
Enabling SSH is not needed for an account to access SFTP, as long as they know (and have access) to the SSH port. We use SFTP on users who don't have SSH access enabled with no problems.
Enabling SSH is not needed for an account to access SFTP, as long as they know (and have access) to the SSH port. We use SFTP on users who don't have SSH access enabled with no problems.
Infopro
Well-Known Member
It's enabled by default in cPanel now. You'll need to know the port, and setup your FTP client appropriately for the connection.
More here: Configure an FTP Client
For add-on FTP users you may connect securely using FTPES, that is, FTP with Explicit SSL/TLS encryption; the same port 21 will be used for FTPES.
SFTP over multiple user accounts ?
Hi, I successfully make these FTPES connections (using Cyberduck on Mac PPC) to a cPanel vendor site on port 21. Each individual user can have his/her own login account and restrictions to subdirectories. This setup meets my needs.
But my vendor says only the master account may open an SFTP account - not individual login accounts (eg, [email protected]).
It's worthwhile to clarify this topic, to avoid having users spend time on FTP client configurations which won't work. (And if this should work, I need further discussions with my own cPanel hosting vendor.)
Hi, I successfully make these FTPES connections (using Cyberduck on Mac PPC) to a cPanel vendor site on port 21. Each individual user can have his/her own login account and restrictions to subdirectories. This setup meets my needs.
But my vendor says only the master account may open an SFTP account - not individual login accounts (eg, [email protected]).
It's worthwhile to clarify this topic, to avoid having users spend time on FTP client configurations which won't work. (And if this should work, I need further discussions with my own cPanel hosting vendor.)
FTPES shows buggy behavior with empty folders?
Hi, both my cPanel hosting service and myself have noticed buggy behavior when FTP-viewing empty folders using Cyberduck (iMac PPC) in FTPES FTP mode. The software seems to hang for a minute or so, give a spurious error message, then resume working. Other files and folders view fine.
Have others encountered this problem?
Is it possibly a local configuration error, at the hosting service?
I'm also checking this with the Cyberduck vendor.
Hi, both my cPanel hosting service and myself have noticed buggy behavior when FTP-viewing empty folders using Cyberduck (iMac PPC) in FTPES FTP mode. The software seems to hang for a minute or so, give a spurious error message, then resume working. Other files and folders view fine.
Have others encountered this problem?
Is it possibly a local configuration error, at the hosting service?
I'm also checking this with the Cyberduck vendor.
Correct, only the cPanel account can use SFTP (SSH File Transfer).
However, any FTP account can use FTPS (FTP over SSL/TLS). The FTPES just a type of FTPS.
... except when it doesn't work.
This is the nature of my FTPES / empty-folder question above. I'm in discussion with my cPanel hosting provided about this, but it's useful to know if other people have encountered problems with FTPES into cPanel software, or whether this is specific to my vendor. Thanks.
This is the nature of my FTPES / empty-folder question above. I'm in discussion with my cPanel hosting provided about this, but it's useful to know if other people have encountered problems with FTPES into cPanel software, or whether this is specific to my vendor. Thanks.
Common misconception ...
You DO NOT need to enable shell access to use SFTP
SFTP does indeed make use of the OpenSSH daemon and the same ports as SSH but does not require that the login have any shell access setup and the connection between the two really ends at authentication.
(This incidentally is one of the main reasons why it is a good idea to move the SSH port even if you don't have any users with shell access)
I am unable to replicate this issue with:
- cPanel/WHM server running 11.25.1
- Running FTP Server: ProFTPd
- Then Running FTP Server: PureFTPd
- Using primary FTP account for a cPanel account
- Then using a secondary FTP account for a cPanel account
- FTP Client: CyberDuck on Mac OS with PPC architecture (not Intel) using FTPES
I didn't have any hanging nor delay, everything displayed as it should. The only issue I encountered was just that my test server had a self-signed certificate for FTP and I just needed to authorize it.
Nilesh, I tested using port 21 - you may want to try port 21 instead of port 990.
For everyone else, I recommend having someone take a look at the server logs to see what may be causing this issue.
- cPanel/WHM server running 11.25.1
- Running FTP Server: ProFTPd
- Then Running FTP Server: PureFTPd
- Using primary FTP account for a cPanel account
- Then using a secondary FTP account for a cPanel account
- FTP Client: CyberDuck on Mac OS with PPC architecture (not Intel) using FTPES
I didn't have any hanging nor delay, everything displayed as it should. The only issue I encountered was just that my test server had a self-signed certificate for FTP and I just needed to authorize it.
Nilesh, I tested using port 21 - you may want to try port 21 instead of port 990.
For everyone else, I recommend having someone take a look at the server logs to see what may be causing this issue.
Hi cPanelDavidG
We are having this issue with WHM 11.25.0, PureFTPd and a secondary FTP account (we are John_Buehrer's host).
Cyberduck works fine through FTPES, unless there's an empty folder. Browsing an empty folder gives us a "Listing directory failed (I won't open a connection to LOCAL_IP".
Filezilla does not work at all.
We are having this issue with WHM 11.25.0, PureFTPd and a secondary FTP account (we are John_Buehrer's host).
Cyberduck works fine through FTPES, unless there's an empty folder. Browsing an empty folder gives us a "Listing directory failed (I won't open a connection to LOCAL_IP".
Filezilla does not work at all.
I even tried browsing into an empty folder in my testing, unable to generate any errors in my testing. I recommend letting a technical analyst take a look at your server so we can determine the cause of this issue and thus a resolution.
Dear cPaneldavidG,
I am using Windows XP (intel) & FileZilla FTP client version 3.3.2.1
Server details as below
cPanel 11.25.0-S45750
WHM 11.25.0 - X 3.9
CENTOS 5.5 i686 virtuozzo
And our FTP server is configured with pure-ftpd
Still i am getting an error when i choose FTPS - FTP over implicit TLS/SSL
Status: Waiting to retry...
Status: Resolving address of example.com
Status: Connecting to xxx.xxx.xxx.xx:21...
Status: Connection established, initializing TLS...
Error: Connection timed out
Error: Could not connect to server
And i am not entering port 998 its detecting bydefault but, as you said use port 21 instead of 998 , getting same error on port 21 also.
And if i choose FTPES - FTP over explicit TLS/SSL & Its working with this, there is no issue atoll
Nilesh
Looking at that, it seems the issue is occuring when a TLS connection is trying to be initialized. I was double-checking settings in WHM this morning and found that if you are using Pure-FTPD, there's a setting to disable TLS. I recommend double-checking to ensure TLS is not disabled. This setting is on the FTP Server Configuration screen in the Service Configuration section of WHM.
Implicit FTPS versus Explicit FTPS/FTPES
Please be aware that implicit FTPS and explicit FTPS/FTPES are two different modes of operation for FTPS and, to the best of my knowledge, the implicit mode is deprecated in favor of the explicit mode that is more narrowly referred to as FTPES, versus FTPS that could imply either mode if not verbosely clarified. When configuring the FTP client software, such as FileZilla, please verify to ensure that it is setup to connect using "FTPES - FTP over explicit TLS/SSL".
In FileZilla, selecting "FTPS - FTP over implicit TLS/SSL" will, by default, attempt to connect using the standard port for implicit FTPS, that of TCP port 990; however, a default installation of Pure-FTPd does not operate on port 990 and will not allow implicit FTPS connections unless it is a custom installation that was built using the configure option "--with-implicittls" at compile-time. For clarification, according to the official Pure-FTPd web site and documentation resources the compile-time option "--with-implicittls" is used to build an implicit-FTPS-only server, i.e., one that supports only implicit FTPS and that, I believe, would need to run independently from the Pure-FTPd installation serving plain FTP and explicit FTPS/FTPES.
Regarding ProFTPd, to the best of my knowledge, the default installation and stock FTP virtual host configuration do not operate on TCP port 990; to connect via implicit FTPS the ProFTPd documentation leads me to believe that it would require a custom configuration using a different FTP virtual host that is configured to listen on TCP port 990 serving only implicit SSL (by setting "UseImplicitSSL" via the ProFTPd directive "TLSOptions").
The following are specific resources I used during research of this topic:
Please be aware that implicit FTPS and explicit FTPS/FTPES are two different modes of operation for FTPS and, to the best of my knowledge, the implicit mode is deprecated in favor of the explicit mode that is more narrowly referred to as FTPES, versus FTPS that could imply either mode if not verbosely clarified. When configuring the FTP client software, such as FileZilla, please verify to ensure that it is setup to connect using "FTPES - FTP over explicit TLS/SSL".
In FileZilla, selecting "FTPS - FTP over implicit TLS/SSL" will, by default, attempt to connect using the standard port for implicit FTPS, that of TCP port 990; however, a default installation of Pure-FTPd does not operate on port 990 and will not allow implicit FTPS connections unless it is a custom installation that was built using the configure option "--with-implicittls" at compile-time. For clarification, according to the official Pure-FTPd web site and documentation resources the compile-time option "--with-implicittls" is used to build an implicit-FTPS-only server, i.e., one that supports only implicit FTPS and that, I believe, would need to run independently from the Pure-FTPd installation serving plain FTP and explicit FTPS/FTPES.
Regarding ProFTPd, to the best of my knowledge, the default installation and stock FTP virtual host configuration do not operate on TCP port 990; to connect via implicit FTPS the ProFTPd documentation leads me to believe that it would require a custom configuration using a different FTP virtual host that is configured to listen on TCP port 990 serving only implicit SSL (by setting "UseImplicitSSL" via the ProFTPd directive "TLSOptions").
The following are specific resources I used during research of this topic:
Dear cPanelDavidG,
Yes, we are using Pure-FTPD & i had looked at FTP Server Configuration, The TLS Encryption Support is set to optional.
