Secure FTP the right way

kers7754

• July 18, 2014 16:31

Currently I have my shared hosting clients connecting to ftp using SFTP (SSH) on a custom port (not the normal 22). I have a real SSL on the hostname of the shared box. This is all working, but I am wondering if there are security issues in doing this. Is there a better way to do secure ftp? Should I just remove the secure part and just offer ftp? Any suggestions would be appreciated. --Jeff

• 

  vanessa

  • July 21, 2014 03:01

  Not sure how removing "the secure part" from FTP would constitute as making it better. If you intend to push SFTP, I would do the opposite. Disable normal FTP and just allow SFTP.

  0
• 

  cPanelMichael

  • July 21, 2014 13:40

  Hello :) The method you are using is considered to be more secure than regular FTP, so switching to regular FTP is not advised if you are concerned with security. Thank you.

  0
• 

  kers7754

  • July 21, 2014 15:28

  I understand.. I am sorry.. I did describe the entire story. Many of my servers seem to get hacked from time to time. I am wondering if giving my shared hosting customers SFTP access is giving to much access to my server thus causing my server to be compromised more easily. If you were going to offer FTP to users in a shared hosting environment, do you recommend: plain FTP (no encryption) SFTP (secured by ssl on the host name) FTP with TLS Or some other way Is there a recommendation? Obviously I am not asking about general server security, but security in a shared environment as it pertains specifically to FTP. Thanks!

  0
• 

  quizknows

  • July 21, 2014 21:03

  Typically SFTP allowed with shell access disabled is the way to go. Users can still get to some world readable files over SFTP the same way they could with FTP or symbolic links etc. Giving people SFTP access isn't going to compromise security in any meaningful way IMO. I typically allow SFTP, and ftps or ftpes (encryption required for command at least to protect passwords).

  0
• 

  cPanelMichael

  • July 22, 2014 15:47

  One point to remember is that when you create virtual FTP accounts via cPanel, users can not access SFTP with those authentication details. SFTP is a separate protocol, and only the account username/password is able to authenticate. Thank you.

  0
• 

  Michelle77

  • October 14, 2014 19:14

  "Typically SFTP allowed with shell access disabled is the way to go." How do we enable this?

  0
• 

  quizknows

  • October 14, 2014 19:30

  [quote="Michelle77, post: 1749041">"Typically SFTP allowed with shell access disabled is the way to go." How do we enable this?
  Simply ensure your SSH port is open in the firewall, and that you select an appropriate option for each account in the "manage shell access" menu in WHM. SFTP will be available by using the cPanel username/password for each account, even if you disable shell access in the "manage shell access" menu in WHM.

  0

Please sign in to leave a comment.