The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Creating SFTP

Discussion in 'General Discussion' started by danielk, Jan 4, 2010.

  1. danielk

    danielk Registered

    Joined:
    Dec 24, 2009
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    I am creating FTP users throuh WHM/cpanel where I did not find any option to enable shell access. When I create a user I can able to access only the regular FTP using port 21


    Please advice.

    Thanks
     
  2. furquan

    furquan Well-Known Member

    Joined:
    Jul 27, 2002
    Messages:
    425
    Likes Received:
    0
    Trophy Points:
    16
    If you want to enable SSH for a domain you can do that by modifying the account under "Modify an account" feature under "Account Functions".

    The same can also be enabled while you are creating a new account.
     
  3. danielk

    danielk Registered

    Joined:
    Dec 24, 2009
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    I have enabled the shell acces to the domain by modifying the account but my intention is to have secure access to the FTP users who are accessing the domain.

    I have cread few FTP users to respective home directories through the cpanel of the domain. But I am only able to access Normal FTP on port 21 which doesn't encrypt the information. I need some kind of Secure acecss like SFTP or FTPS to the FTP users.

    Please advice.
     
  4. gvard

    gvard Well-Known Member
    PartnerNOC

    Joined:
    Dec 22, 2003
    Messages:
    195
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Athens/GREECE
    cPanel Access Level:
    DataCenter Provider
    Hello,

    Enabling SSH is not needed for an account to access SFTP, as long as they know (and have access) to the SSH port. We use SFTP on users who don't have SSH access enabled with no problems.
     
  5. equens

    equens Well-Known Member

    Joined:
    Feb 8, 2002
    Messages:
    270
    Likes Received:
    0
    Trophy Points:
    16
    Hello Gvard, can you explain me how can I allow sftp access to users who don't have SSH access enabled?

    Thanks a lot.
     
  6. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,446
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    It's enabled by default in cPanel now. You'll need to know the port, and setup your FTP client appropriately for the connection.

    More here: Configure an FTP Client
     
  7. cPanelDon

    cPanelDon cPanel Quality Assurance Analyst
    Staff Member

    Joined:
    Nov 5, 2008
    Messages:
    2,557
    Likes Received:
    7
    Trophy Points:
    38
    Location:
    Houston, Texas, U.S.A.
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    For add-on FTP users you may connect securely using FTPES, that is, FTP with Explicit SSL/TLS encryption; the same port 21 will be used for FTPES.
     
  8. John_Buehrer

    John_Buehrer Registered

    Joined:
    May 18, 2010
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    SFTP over multiple user accounts ?

    Hi, I successfully make these FTPES connections (using Cyberduck on Mac PPC) to a cPanel vendor site on port 21. Each individual user can have his/her own login account and restrictions to subdirectories. This setup meets my needs.

    But my vendor says only the master account may open an SFTP account - not individual login accounts (eg, xxx@domain.com).

    It's worthwhile to clarify this topic, to avoid having users spend time on FTP client configurations which won't work. (And if this should work, I need further discussions with my own cPanel hosting vendor.)
     
  9. John_Buehrer

    John_Buehrer Registered

    Joined:
    May 18, 2010
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    FTPES shows buggy behavior with empty folders?

    Hi, both my cPanel hosting service and myself have noticed buggy behavior when FTP-viewing empty folders using Cyberduck (iMac PPC) in FTPES FTP mode. The software seems to hang for a minute or so, give a spurious error message, then resume working. Other files and folders view fine.

    Have others encountered this problem?
    Is it possibly a local configuration error, at the hosting service?
    I'm also checking this with the Cyberduck vendor.
     
  10. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Correct, only the cPanel account can use SFTP (SSH File Transfer).

    However, any FTP account can use FTPS (FTP over SSL/TLS). The FTPES just a type of FTPS.
     
  11. John_Buehrer

    John_Buehrer Registered

    Joined:
    May 18, 2010
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    ... except when it doesn't work.

    This is the nature of my FTPES / empty-folder question above. I'm in discussion with my cPanel hosting provided about this, but it's useful to know if other people have encountered problems with FTPES into cPanel software, or whether this is specific to my vendor. Thanks.
     
  12. crazyaboutlinux

    crazyaboutlinux Well-Known Member

    Joined:
    Nov 3, 2007
    Messages:
    938
    Likes Received:
    0
    Trophy Points:
    16
    When i use FTPS (FTP over SSL/TLS) i am unable to connect to FTP server
     
  13. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    Common misconception ...

    You DO NOT need to enable shell access to use SFTP

    SFTP does indeed make use of the OpenSSH daemon and the same ports as SSH but does not require that the login have any shell access setup and the connection between the two really ends at authentication.

    (This incidentally is one of the main reasons why it is a good idea to move the SSH port even if you don't have any users with shell access)
     
  14. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    I am unable to replicate this issue with:

    - cPanel/WHM server running 11.25.1
    - Running FTP Server: ProFTPd
    - Then Running FTP Server: PureFTPd
    - Using primary FTP account for a cPanel account
    - Then using a secondary FTP account for a cPanel account
    - FTP Client: CyberDuck on Mac OS with PPC architecture (not Intel) using FTPES

    I didn't have any hanging nor delay, everything displayed as it should. The only issue I encountered was just that my test server had a self-signed certificate for FTP and I just needed to authorize it.

    Nilesh, I tested using port 21 - you may want to try port 21 instead of port 990.

    For everyone else, I recommend having someone take a look at the server logs to see what may be causing this issue.
     
  15. cyon

    cyon Well-Known Member
    PartnerNOC

    Joined:
    Jan 15, 2003
    Messages:
    320
    Likes Received:
    0
    Trophy Points:
    16
    Hi cPanelDavidG

    We are having this issue with WHM 11.25.0, PureFTPd and a secondary FTP account (we are John_Buehrer's host).

    Cyberduck works fine through FTPES, unless there's an empty folder. Browsing an empty folder gives us a "Listing directory failed (I won't open a connection to LOCAL_IP".

    Filezilla does not work at all.
     
  16. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    I even tried browsing into an empty folder in my testing, unable to generate any errors in my testing. I recommend letting a technical analyst take a look at your server so we can determine the cause of this issue and thus a resolution.
     
  17. crazyaboutlinux

    crazyaboutlinux Well-Known Member

    Joined:
    Nov 3, 2007
    Messages:
    938
    Likes Received:
    0
    Trophy Points:
    16
    Dear cPaneldavidG,

    I am using Windows XP (intel) & FileZilla FTP client version 3.3.2.1

    Server details as below

    cPanel 11.25.0-S45750
    WHM 11.25.0 - X 3.9
    CENTOS 5.5 i686 virtuozzo

    And our FTP server is configured with pure-ftpd

    Still i am getting an error when i choose FTPS - FTP over implicit TLS/SSL

    Status: Waiting to retry...
    Status: Resolving address of example.com
    Status: Connecting to xxx.xxx.xxx.xx:21...
    Status: Connection established, initializing TLS...
    Error: Connection timed out
    Error: Could not connect to server

    And i am not entering port 998 its detecting bydefault but, as you said use port 21 instead of 998 , getting same error on port 21 also.

    And if i choose FTPES - FTP over explicit TLS/SSL & Its working with this, there is no issue atoll

    Nilesh
     
  18. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Looking at that, it seems the issue is occuring when a TLS connection is trying to be initialized. I was double-checking settings in WHM this morning and found that if you are using Pure-FTPD, there's a setting to disable TLS. I recommend double-checking to ensure TLS is not disabled. This setting is on the FTP Server Configuration screen in the Service Configuration section of WHM.
     
  19. cPanelDon

    cPanelDon cPanel Quality Assurance Analyst
    Staff Member

    Joined:
    Nov 5, 2008
    Messages:
    2,557
    Likes Received:
    7
    Trophy Points:
    38
    Location:
    Houston, Texas, U.S.A.
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    Implicit FTPS versus Explicit FTPS/FTPES

    Please be aware that implicit FTPS and explicit FTPS/FTPES are two different modes of operation for FTPS and, to the best of my knowledge, the implicit mode is deprecated in favor of the explicit mode that is more narrowly referred to as FTPES, versus FTPS that could imply either mode if not verbosely clarified. When configuring the FTP client software, such as FileZilla, please verify to ensure that it is setup to connect using "FTPES - FTP over explicit TLS/SSL".

    In FileZilla, selecting "FTPS - FTP over implicit TLS/SSL" will, by default, attempt to connect using the standard port for implicit FTPS, that of TCP port 990; however, a default installation of Pure-FTPd does not operate on port 990 and will not allow implicit FTPS connections unless it is a custom installation that was built using the configure option "--with-implicittls" at compile-time. For clarification, according to the official Pure-FTPd web site and documentation resources the compile-time option "--with-implicittls" is used to build an implicit-FTPS-only server, i.e., one that supports only implicit FTPS and that, I believe, would need to run independently from the Pure-FTPd installation serving plain FTP and explicit FTPS/FTPES.

    Regarding ProFTPd, to the best of my knowledge, the default installation and stock FTP virtual host configuration do not operate on TCP port 990; to connect via implicit FTPS the ProFTPd documentation leads me to believe that it would require a custom configuration using a different FTP virtual host that is configured to listen on TCP port 990 serving only implicit SSL (by setting "UseImplicitSSL" via the ProFTPd directive "TLSOptions").

    The following are specific resources I used during research of this topic:
    • Resources for general reference:
    • Resources specific to Pure-FTPd:
      • Pure-FTPd - Latest news
      • http://download.pureftpd.org/pub/pure-ftpd/doc/NEWS
      • http://download.pureftpd.org/pub/pure-ftpd/doc/ChangeLog
      • http://download.pureftpd.org/pub/pure-ftpd/doc/README
    • Resources specific to ProFTPd:
      • ProFTPD Bugzilla - Bug 3266 – Support "implicit" FTPS
      • http://www.proftpd.org/docs/NEWS-1.3.3
      • http://www.proftpd.org/docs/RELEASE_NOTES-1.3.3
      • ProFTPD mini-HOWTO - FTP and SSL/TLS - Implicit FTPS
      • ProFTPD module mod_tls - TLSOptions Directive - UseImplicitSSL
     
  20. crazyaboutlinux

    crazyaboutlinux Well-Known Member

    Joined:
    Nov 3, 2007
    Messages:
    938
    Likes Received:
    0
    Trophy Points:
    16
    Dear cPanelDavidG,

    Yes, we are using Pure-FTPD & i had looked at FTP Server Configuration, The TLS Encryption Support is set to optional.
     
Loading...

Share This Page