This website is deprecated, and remains online only for historic access to old issues and docs for historic versions of Virtualmin. It has been unmaintained for several years, and should not be relied on for up-to-date information. Please visit www.virtualmin.com instead.
Have you ever considered dumping FTP and moving to the more secure SFTP which is powered by SSH?
Most modern FTP clients out of the box support either SFTP or SCP which work pretty much the same and make use of SSH which encrypts the connection. Also by using SFTP/SCP you can close down port 21 and any passive port range you have open therefore making your system that much more secure.
You can make use of username/password combination with SFTP just as you would with FTP. Generating a Public/Private key pair is another way which offers greater security but requires some knowledge of generating the key, and setting it up on the server properly.
If you'd like, I can provide you a quick one-on-one session and teach you how to generate a public/private key pair, implement it within your installation and make sure that FTP is turned off, and your system is secure. Whew, that was a mouthful :-)
Drop me a line on Skype or by email if you'd like to setup some time to go over.
Note that while SSH/SFTP are indeed more secure, FTP should actually work.
That's an issue that can occur when using FTP behind a NAT router.
If you're using FileZilla, there's a Forum posting there that detail a setting in FileZilla that gets around that particular problem by telling it only to use the external IP:
Well, Peter is offering to assist you with that if you're interested. However, you could always start using SSH/SFTP and a password (ie, without using SSH keys), and then once you get that working as you need, you could generate a set of keys.
Once you generate keys, the SSH public key goes into the $HOME/.ssh/authorized_keys file, and the private key goes into your SSH/SFTP client (which sounds like FileZilla in this case).
That's correct -- there's additional information on that here in the documentation "How can I prevent other types of users from browsing the entire filesystem?":
Hi,
Have you ever considered dumping FTP and moving to the more secure SFTP which is powered by SSH?
Most modern FTP clients out of the box support either SFTP or SCP which work pretty much the same and make use of SSH which encrypts the connection. Also by using SFTP/SCP you can close down port 21 and any passive port range you have open therefore making your system that much more secure.
SFTP => Secure File Transfer Protocol
SCP => Secure Copy Protocol
Both can do the same thing as FTP, so there's really no reason in today's hosting environment to ever offer FTP anymore IMHO.
*** we discontinued FTP support almost 5 years ago ***
Best Regards,
Peter Knowles
TPN Solutions
Email: pknowles@tpnsolutions.com
Phone: 604-782-9342
Skype: tpnsupport
Website: http://www.tpnsolutions.com
Best Regards,
Peter Knowles | TPN Solutions
Email: pknowles@tpnsolutions.com | Skype: tpnassist
Thnx! But how i can to do that? I mean that how i get key from webmin/virtualmin and put it to my filezilla?
Or what i must to do?
Maybe is somewhere a tutorial?
Thnx!
Hi,
You can make use of username/password combination with SFTP just as you would with FTP. Generating a Public/Private key pair is another way which offers greater security but requires some knowledge of generating the key, and setting it up on the server properly.
If you'd like, I can provide you a quick one-on-one session and teach you how to generate a public/private key pair, implement it within your installation and make sure that FTP is turned off, and your system is secure. Whew, that was a mouthful :-)
Drop me a line on Skype or by email if you'd like to setup some time to go over.
Best Regards,
Peter Knowles
TPN Solutions
Email: pknowles@tpnsolutions.com
Phone: 1-604-782-9342
Skype: tpnsupport
Website: http://www.tpnsolutions.com
*** ask me about our new support plans which include a FREE copy of Virtualmin Pro!!! ***
Best Regards,
Peter Knowles | TPN Solutions
Email: pknowles@tpnsolutions.com | Skype: tpnassist
Howdy,
Note that while SSH/SFTP are indeed more secure, FTP should actually work.
That's an issue that can occur when using FTP behind a NAT router.
If you're using FileZilla, there's a Forum posting there that detail a setting in FileZilla that gets around that particular problem by telling it only to use the external IP:
https://forum.filezilla-project.org/viewtopic.php?t=14750
You could also disable passive mode altogether in your FTP client, that should also resolve it.
There's also some info here on configuring ProFTPd to work behind a NAT router:
http://www.proftpd.org/docs/howto/NAT.html
-Eric
Thnx! It works now... but still i wish to know how to get keys from my virtualmin and put it to filezilla.
I wish to make my server more secure.
Or if i use puttugen public key goes to filezilla? but where i put my key in server?
Thnx!
Howdy,
Well, Peter is offering to assist you with that if you're interested. However, you could always start using SSH/SFTP and a password (ie, without using SSH keys), and then once you get that working as you need, you could generate a set of keys.
Once you generate keys, the SSH public key goes into the $HOME/.ssh/authorized_keys file, and the private key goes into your SSH/SFTP client (which sounds like FileZilla in this case).
-Eric
i get in... now is that problem
users can go to root folder etc... with SFTP
i saw somewere topic about that but cant find now:/
Howdy,
That's correct -- there's additional information on that here in the documentation "How can I prevent other types of users from browsing the entire filesystem?":
https://www.virtualmin.com/documentation/security/faq