Is it possible to restrict access to an FTP account to only from a particular client IP? I know there isn't an option in cpanel.
Yes there is but this is not recommend because if you add a dedicated IP account our reseller into their on IP and forget to add the IP to the ftp config the user will have no FTP access.
/etc/
pure-ftpd.conf
# IP address/port to listen to (default=all IP and port 21).
This change is not recommend
/etc/
pure-ftpd.conf
# IP address/port to listen to (default=all IP and port 21).
This change is not recommend
Sorry, I didn't word the question very well -- what I'd like to achieve is an FTP account which would allow a user to connect only if their own IP address is in a particular range.
It depends on exactly why you want to do this, there may be other solutions, but there's no way you can restrict just a single user through a firewall. You might be able to do it by digging into the pureftpd/proftpd documentation and finding a configuration option there, but unlikely. If you wanted to restrict ALL users and could work out a way to make that work, you could easily do that through a firewall like csf or apf.
I found this solution from http://www.novell.com/coolsolutions/feature/19818.html
article on pure ftpd administration
--------------------------------------------------------------------------------------------
IP Restrictions
Restricting access based on IP addresses is very simple. The qualifier that is used to block IP addresses is "-R" followed by the IP address as shown in Figure 5.
linux-1reo:~# pure-pw usermod damian -R 192.168.0.2 -m
---------------------------------------------------------------------------------------------
How can I implement this in Cpanel.
I need to restrict ftp access to a certail account from 1 IP only
thank you
article on pure ftpd administration
--------------------------------------------------------------------------------------------
IP Restrictions
Restricting access based on IP addresses is very simple. The qualifier that is used to block IP addresses is "-R" followed by the IP address as shown in Figure 5.
linux-1reo:~# pure-pw usermod damian -R 192.168.0.2 -m
---------------------------------------------------------------------------------------------
How can I implement this in Cpanel.
I need to restrict ftp access to a certail account from 1 IP only
thank you
Restrict FTP acces from an IP to a username
I saw in cpanel servers:
@server [~]# pure-pw show username
Unable to open the passwd file: No such file or directory
Unable to fetch info about user [username] in file [/etc/pureftpd.passwd
it;s kindof a mix, cause the username a kept in the proftpd/ folder.
This would be needed certanily, to be able to restrict FTP access from just a specific IP-Address to a single username !
I saw in cpanel servers:
@server [~]# pure-pw show username
Unable to open the passwd file: No such file or directory
Unable to fetch info about user [username] in file [/etc/pureftpd.passwd
it;s kindof a mix, cause the username a kept in the proftpd/ folder.
In a different thread I found this feature request for cPanel:
http://bugzilla.cpanel.net/show_bug.cgi?id=5599
You may vote it and maybe cPanel will implement it
I tried to find where the virtual FTP users are stored in pure-ftpd/cPanel but I didn't found...
http://bugzilla.cpanel.net/show_bug.cgi?id=5599
You may vote it and maybe cPanel will implement it
I tried to find where the virtual FTP users are stored in pure-ftpd/cPanel but I didn't found...
I have had success in restricting a users FTP access to a single IP
1) Uncomment the PureDB line within /etc/pure-ftpd.conf and restart Pure-FTPd
2) pure-pwconvert | grep username > /etc/pureftpd.passwd
3) chmod 600 /etc/pureftpd.passwd
4) pure-pw usermod username -r 192.168.0.2 -f /etc/pureftpd.passwd
5) pure-pw mkdb
Although my testing so far has been limited, the above five commands do seem to successfully restrict "username" to FTP access ONLY from the IP address "192.168.0.2".
The only problems with this approach appear to be as follows:
1) If the user later changed their password via cPanel, their FTP password would not change. To sync them up again, you'd need to rebuild the "virtual user" database by running the last four commands above. This could be scripted as a cron job, although that's not particularly tidy.
2) Because SFTP uses OpenSSH it ignores the virtual users file, meaning anybody could circumvent the above block by simply using SFTP. This can be worked around by adding the line "DenyUsers username" to /etc/ssh/sshd_config, then restarting SSH, although of course this will cut off any shell access they may have had also.
I hope that's helpful to somebody
1) Uncomment the PureDB line within /etc/pure-ftpd.conf and restart Pure-FTPd
2) pure-pwconvert | grep username > /etc/pureftpd.passwd
3) chmod 600 /etc/pureftpd.passwd
4) pure-pw usermod username -r 192.168.0.2 -f /etc/pureftpd.passwd
5) pure-pw mkdb
Although my testing so far has been limited, the above five commands do seem to successfully restrict "username" to FTP access ONLY from the IP address "192.168.0.2".
The only problems with this approach appear to be as follows:
1) If the user later changed their password via cPanel, their FTP password would not change. To sync them up again, you'd need to rebuild the "virtual user" database by running the last four commands above. This could be scripted as a cron job, although that's not particularly tidy.
2) Because SFTP uses OpenSSH it ignores the virtual users file, meaning anybody could circumvent the above block by simply using SFTP. This can be worked around by adding the line "DenyUsers username" to /etc/ssh/sshd_config, then restarting SSH, although of course this will cut off any shell access they may have had also.
I hope that's helpful to somebody
Last edited:
| Thread starter | Similar threads | Forum | Replies | Date |
|---|---|---|---|---|
| A | Restricting directory visibility for pure ftpd | File Management | 14 | |
| A | Restricting usage for a subdomain / ftp user | File Management | 0 | |
| A | Restricting subdomains / ftp user`s disc usage | File Management | 1 | |
| M | pure-ftpd restricting # of files displayed | File Management | 25 | |
| T | Restricting FTP access | File Management | 1 |