Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

SOLVED How to force user to use SFTP and Secure SMTP?

Discussion in 'Security' started by sodapopinski, Oct 14, 2017.

  1. sodapopinski

    sodapopinski Well-Known Member

    Joined:
    Aug 13, 2001
    Messages:
    90
    Likes Received:
    2
    Trophy Points:
    308
    Hi All,

    Long time I never touch and read update about the cpanel server since resigned into hosting company on 2012.
    Now my friend want me to manage his server because too many ftp account hacked through trojan horse in customer computer.

    My questions are :

    1. How to force customer using SFTP instead of using FTP. Do we need to turn on shell access?
    2. How to force user to download and send email using secure encrypted way?

    Thank you very much.
     
    #1 sodapopinski, Oct 14, 2017
  2. Jcats

    Jcats Well-Known Member

    Joined:
    May 25, 2011
    Messages:
    720
    Likes Received:
    123
    Trophy Points:
    168
    Location:
    New Jersey
    cPanel Access Level:
    DataCenter Provider
    You can disable the FTP service via WHM > Service Manager

    And then yes, you would need to enable shell access.

    Too be honest though, this will increase the hackers ability to do even more damage if they are able to get the SFTP info from a trojan since they now have shell access where FTP will limit their abilities.

    In WHM > Mailserver Configuration

    Set Allow Plaintext Authentication to NO

    WHM > Exim Configuration Manager

    Require clients to connect with SSL or issue the STARTTLS command before they are allowed to authenticate with the server. - On
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #2 Jcats, Oct 14, 2017
  3. cPWilliamL

    cPWilliamL cP Technical Analyst II
    Staff Member

    Joined:
    May 15, 2017
    Messages:
    257
    Likes Received:
    29
    Trophy Points:
    103
    Location:
    America
    cPanel Access Level:
    Root Administrator
    Hi @sodapopinski @Jcats,

    Just to be clear, SFTP access for a cPanel user doesn't require shell access when disabled via WHM. When the shell is disabled from WHM, a special shell wrapper(/usr/local/cpanel/bin/noshell) is used to allow SFTP access, without allowing full shell access. With that said, this wrapper doesn't support any custom arguments added to the SFTP subsystem configuration.

    The rest of the recommendations are certainly correct though.

    Thanks,
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #3 cPWilliamL, Oct 16, 2017
    Infopro likes this.
  4. sodapopinski

    sodapopinski Well-Known Member

    Joined:
    Aug 13, 2001
    Messages:
    90
    Likes Received:
    2
    Trophy Points:
    308
    #4 sodapopinski, Oct 17, 2017
  5. cPWilliamL

    cPWilliamL cP Technical Analyst II
    Staff Member

    Joined:
    May 15, 2017
    Messages:
    257
    Likes Received:
    29
    Trophy Points:
    103
    Location:
    America
    cPanel Access Level:
    Root Administrator
    Glad to help. I'll mark this thread as solved for now.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #5 cPWilliamL, Oct 17, 2017
(You must log in or sign up to post here.)
Loading...
Similar Threads - force user SFTP
  1. Rogerio

    New Thread Force regenerate server's SSL certificate

    Rogerio, Oct 18, 2018 at 11:08 AM, in forum: Security
    Replies:
    0
    Views:
    44
    Rogerio
    Oct 18, 2018 at 11:08 AM
  2. Errota

    Force HTML On Clients Websites

    Errota, Oct 14, 2018, in forum: General Discussion
    Replies:
    2
    Views:
    74
    cPanelLauren
    Oct 17, 2018 at 7:11 AM
  3. batesy87

    Pending Publication [CPANEL-22169] Pure-FTPd: Preserve disabled ForcePassiveIP when NAT is active

    batesy87, Sep 12, 2018, in forum: General Discussion
    Replies:
    3
    Views:
    176
    cPanelMichael
    Sep 12, 2018
  4. joaosavioli

    Brute force wp-login.php modsecurity

    joaosavioli, Sep 4, 2018, in forum: General Discussion
    Replies:
    4
    Views:
    245
    cPanelLauren
    Sep 5, 2018
  5. Sanjay Narayan

    Force email password change after 1st login

    Sanjay Narayan, Aug 16, 2018, in forum: General Discussion
    Replies:
    10
    Views:
    173
    Sanjay Narayan
    Sep 17, 2018

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice