How to force user to use SFTP and Secure SMTP?

sodapopinski

• October 14, 2017 01:03

Hi All, Long time I never touch and read update about the cpanel server since resigned into hosting company on 2012. Now my friend want me to manage his server because too many ftp account hacked through trojan horse in customer computer. My questions are : 1. How to force customer using SFTP instead of using FTP. Do we need to turn on shell access? 2. How to force user to download and send email using secure encrypted way? Thank you very much.

• 

  Jcats

  • October 14, 2017 21:03

  . How to force customer using SFTP instead of using FTP. Do we need to turn on shell access?

  
  You can disable the FTP service via WHM > Service Manager And then yes, you would need to enable shell access. Too be honest though, this will increase the hackers ability to do even more damage if they are able to get the SFTP info from a trojan since they now have shell access where FTP will limit their abilities.

  . How to force user to download and send email using secure encrypted way?

  
  In WHM > Mailserver Configuration Set Allow Plaintext Authentication to NO WHM > Exim Configuration Manager Require clients to connect with SSL or issue the STARTTLS command before they are allowed to authenticate with the server. - On

  0
• 

  cPWilliamL

  • October 16, 2017 18:39

  Hi @sodapopinski @Jcats, Just to be clear, SFTP access for a cPanel user doesn't require shell access when disabled via WHM. When the shell is disabled from WHM, a special shell wrapper(/usr/local/cpanel/bin/noshell) is used to allow SFTP access, without allowing full shell access. With that said, this wrapper doesn't support any custom arguments added to the SFTP subsystem configuration. The rest of the recommendations are certainly correct though. Thanks,

  0
• 

  sodapopinski

  • October 17, 2017 06:22

  Thank you very much @Jcats and @cPWilliamL . Thank you ;p

  0
• 

  cPWilliamL

  • October 17, 2017 12:13

  Glad to help. I'll mark this thread as solved for now.

  0
• 

  speckados

  • October 17, 2023 08:07

  [QUOTE="J Too be honest though, this will increase the hackers ability to do even more damage if they are able to get the SFTP info from a trojan since they now have shell access where FTP will limit their abilities.
  It is incredible what level of system administrator you have to have to say such an outrage. Now it turns out that a Trojan finds it easier to obtain a user's SSH key in a command-data encrypted connection than through an unencrypted connection. It seems that you have never seen a dump of the connection between two points when they use ftp or scp/sftp. Please do not give advice like that you have given.

  0

Please sign in to leave a comment.