The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Secure FTP the right way

Discussion in 'Security' started by kers7754, Jul 18, 2014.

  1. kers7754

    kers7754 Active Member

    Joined:
    Jan 13, 2011
    Messages:
    36
    Likes Received:
    0
    Trophy Points:
    6
    Currently I have my shared hosting clients connecting to ftp using SFTP (SSH) on a custom port (not the normal 22). I have a real SSL on the hostname of the shared box.

    This is all working, but I am wondering if there are security issues in doing this.

    Is there a better way to do secure ftp?

    Should I just remove the secure part and just offer ftp?


    Any suggestions would be appreciated.
    --Jeff
     
  2. vanessa

    vanessa Well-Known Member
    PartnerNOC

    Joined:
    Sep 26, 2006
    Messages:
    817
    Likes Received:
    22
    Trophy Points:
    18
    Location:
    Virginia Beach, VA
    cPanel Access Level:
    DataCenter Provider
    Not sure how removing "the secure part" from FTP would constitute as making it better. If you intend to push SFTP, I would do the opposite. Disable normal FTP and just allow SFTP.
     
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    654
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    The method you are using is considered to be more secure than regular FTP, so switching to regular FTP is not advised if you are concerned with security.

    Thank you.
     
  4. kers7754

    kers7754 Active Member

    Joined:
    Jan 13, 2011
    Messages:
    36
    Likes Received:
    0
    Trophy Points:
    6
    I understand.. I am sorry.. I did describe the entire story. Many of my servers seem to get hacked from time to time. I am wondering if giving my shared hosting customers SFTP access is giving to much access to my server thus causing my server to be compromised more easily.

    If you were going to offer FTP to users in a shared hosting environment, do you recommend:
    plain FTP (no encryption)
    SFTP (secured by ssl on the host name)
    FTP with TLS
    Or some other way

    Is there a recommendation?

    Obviously I am not asking about general server security, but security in a shared environment as it pertains specifically to FTP.

    Thanks!
     
  5. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    940
    Likes Received:
    55
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    Typically SFTP allowed with shell access disabled is the way to go. Users can still get to some world readable files over SFTP the same way they could with FTP or symbolic links etc.

    Giving people SFTP access isn't going to compromise security in any meaningful way IMO.

    I typically allow SFTP, and ftps or ftpes (encryption required for command at least to protect passwords).
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    654
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    One point to remember is that when you create virtual FTP accounts via cPanel, users can not access SFTP with those authentication details. SFTP is a separate protocol, and only the account username/password is able to authenticate.

    Thank you.
     
  7. Michelle77

    Michelle77 Member

    Joined:
    May 19, 2013
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    "Typically SFTP allowed with shell access disabled is the way to go."

    How do we enable this?
     
  8. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    940
    Likes Received:
    55
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    Simply ensure your SSH port is open in the firewall, and that you select an appropriate option for each account in the "manage shell access" menu in WHM. SFTP will be available by using the cPanel username/password for each account, even if you disable shell access in the "manage shell access" menu in WHM.
     
Loading...

Share This Page