FTP Disabled by Default in Version 86

Benito

• January 29, 2020 11:35

Hello! I just got the Jan Newsletter and noticed this about FTP. FTP Disabled by Default in Version 86 | cPanel Our customers are really used to create regular FTP accounts for 3rd party people, like designers, etc to not give full access to cPanel giving their main user and password for sftp. Since version 86 and asuming we will keep disabled FTP, how they can give limited access to their files? Thanks

• 

  cPanelKenneth

  • January 29, 2020 17:40

  Hi, Excellent question! Only new installations will have FTP disabled. If you prefer to keep it that way, we provide a WebDAV service, known in the product as WebDisk. Similar to FTP, users can create logins with limited access to their files. WebDisk should work with many (most?) IDEs and operating systems. Like FTP, WebDisk works over SSL so logins would be protected.

  0
• 

  orudge

  • January 30, 2020 12:16

  Would it make more sense to keep FTP enabled, but require SSL/TLS by default?

  0
• 

  DomineauX

  • January 30, 2020 13:47

  Yes, yet it does!

  0
• 

  vacancy

  • January 30, 2020 15:31

  A ridiculous change. How many users do not use ftp service? Using sftp is a bad suggestion. When you use sftp, file ownership will be root, this time you need to edit the file ownership every time you do it, this creates an unnecessary workload.

  0
• 

  DomineauX

  • January 30, 2020 15:43

  Using sftp is a bad suggestion. When you use sftp, file ownership will be root, this time you need to edit the file ownership every time you do it, this creates an unnecessary workload.

  
  Not if you sftp as the cPanel account, which works just fine, but is only available for the cPanel account user and not additional FTP accounts. But saying that additional FTP accounts are now completely useless, you must use WebDisk, isn't a sufficient answer.

  0
• 

  Valetia

  • February 05, 2020 15:16

  Plain text FTP is of course insecure and should be disabled by default. However, what is the exact reason for cPanel choosing to also disable FTP over TLS/SSL?

  0
• 

  sparek-3

  • February 05, 2020 16:43

  I would encourage administrators or cPanel if they feel so inclined, to consider integrating mod_sftp with proftpd as part of the standard cPanel setup:

  0
• 

  Valetia

  • February 05, 2020 17:00

  I would tend to agree with removing standard FTP access (although, seems kind of drastic to just shut it off completely... but then again, how else do you get users to move to more secure alternatives). But I think SFTP is a better alternative than WebDav, since SFTP acts almost exactly like FTP except it's secure.

  
  But not FTP over TLS/SSL?

  0
• 

  sparek-3

  • February 05, 2020 17:24

  But not FTP over TLS/SSL?

  
  Well... I just think SFTP is cleaner. When you really look at FTP, it's a mess of a protocol. Active vs. Passive. Control channels and Data channels. Adding TLS certificates for each domain (I assume) would add another element of SNI needed. SFTP just simplifies things a whole lot. I also suspect that most FTP clients support SFTP now. Rather than the added element of TLS and SNI.

  0

Please sign in to leave a comment.