FTP security

Overview

FTP (port 21) is not considered a "secure" protocol. This means that incoming/outgoing data is unencrypted and in plain text. Because the data is unencrypted, an exceptionally sneaky person could eavesdrop on what you're sending.

For this reason, it's only recommended that you create an SFTP or Shell user and use port 22 when connecting.

Difference between FTP and SFTP

SFTP is a network protocol designed to provide secure file transfer over the secure shell (SSH) protocol. SFTP is NOT just FTP run over SSH, but rather a new protocol. It is often called Secure FTP because it uses an encrypted transport layer.

Setting an existing FTP user to an SFTP user

To change an existing FTP user to an SFTP user:

  1. Navigate to the Manage Users page.
    users show info
  2. Click the Show Info down arrow next to your hostname to open the settings box for the user.
    2019-11_panel_new_manage_users_04.fw.png
  3. Click the Edit Access Settings link.
    Set user to SFTP
  4. Check the Secure connection (FTP access disabled) checkbox.
  5. Click the Save Changes button and wait about 5 minutes for the new settings to update. You can then log into your server using port 22.

Setting a user to FTP

When you are editing or adding a new domain and add a new user during that process, it defaults to SFTP automatically and FTP is disallowed.

If you need FTP for some reason, you still have the option to uncheck the checkbox Secure connection (FTP access disabled) for the newly created user, but this is NOT RECOMMENDED. You can do that on the Manage Users page by clicking 'Show Info' and then clicking the Edit Access Settings link:

Set user to FTP

Disabling FTP on a VPS server

If you have a VPS, you can completely disable FTP to further secure your server. Navigate to the VPS page. To the right of the server, click the Configure button.

Disable FTP on a VPS

Click the drop-down box to the right of 'FTP server' and select 'Inactive'. Finally, click Save ps123456's settings at the bottom to save.

Notes on using SFTP

When logging in to your account using SFTP you may notice some differences from what you would normally see when you logged in with a normal FTP user.

  • You may notice that you can also access other directories above the /home directory. That's normal, as all users have some level of access to those directories. However, as a regular user you won't be able to view files that you don't have access to, nor are you able to harm the server.
  • Hidden files/directories: On a Unix system, hidden files are those that begin with a period (.) in their name. As with FTP clients, SFTP clients usually have an option to "enable/disable viewing hidden files". If that is enabled, you'll be able to see these files/directories (if your user has permissions to do so). If you are having problems deleting a directory (assuming you have the correct permissions to delete) and it gives you an error saying "directory not empty", it may be that there are hidden files/directories in that directory that your client is not allowing you to see. Check your program options before going any further. If you do have the option enabled to view hidden files/directories and still cannot delete a directory, please contact support for assistance. Give support the server, user account, and full path to the directory you are trying to delete so they can investigate. View the How do I show hidden files? article for further information.

Did this article answer your questions?

Article last updated PST.

Still not finding what you're looking for?