SOLVED How to force user to use SFTP and Secure SMTP?

sodapopinski

Well-Known Member
Aug 13, 2001
90
2
308
Hi All,

Long time I never touch and read update about the cpanel server since resigned into hosting company on 2012.
Now my friend want me to manage his server because too many ftp account hacked through trojan horse in customer computer.

My questions are :

1. How to force customer using SFTP instead of using FTP. Do we need to turn on shell access?
2. How to force user to download and send email using secure encrypted way?

Thank you very much.
 

Jcats

Well-Known Member
PartnerNOC
May 25, 2011
797
152
168
New Jersey
cPanel Access Level
DataCenter Provider
1. How to force customer using SFTP instead of using FTP. Do we need to turn on shell access?
You can disable the FTP service via WHM > Service Manager

And then yes, you would need to enable shell access.

Too be honest though, this will increase the hackers ability to do even more damage if they are able to get the SFTP info from a trojan since they now have shell access where FTP will limit their abilities.

2. How to force user to download and send email using secure encrypted way?
In WHM > Mailserver Configuration

Set Allow Plaintext Authentication to NO

WHM > Exim Configuration Manager

Require clients to connect with SSL or issue the STARTTLS command before they are allowed to authenticate with the server. - On
 

cPWilliamL

cP Technical Analyst II
Staff member
May 15, 2017
258
30
103
America
cPanel Access Level
Root Administrator
Hi @sodapopinski @Jcats,

Just to be clear, SFTP access for a cPanel user doesn't require shell access when disabled via WHM. When the shell is disabled from WHM, a special shell wrapper(/usr/local/cpanel/bin/noshell) is used to allow SFTP access, without allowing full shell access. With that said, this wrapper doesn't support any custom arguments added to the SFTP subsystem configuration.

The rest of the recommendations are certainly correct though.

Thanks,
 
  • Like
Reactions: Infopro