This page looks plain and unstyled because you're using a non-standard compliant browser. To see it in its best form, please upgrade to a browser that supports web standards. It's free and painless.

Blog About Dedicated Servers

« | »

Use SFTP (Secure FTP via SSH2) instead of FTP

Luigi Ramone | 15 December, 2005 21:41

NOTE: If you have SSH set up on your server, your server is ready to be an SFTP server. SFTP uses SSH.


What does this How-To show you?

a. How to install, setup and use an SFTP client to connect to your box using SSH2 to download/ upload files rather than FTP.

b. How to block port 21 (the default FTP port) which you don't need anymore.

c. How to uninstall and remove the FTP server from your box (if you don't need it anymore).


Why you should NOT use normal FTP

Most people use normal unsecure FTP do upload and download files to their servers using an FTP client from home.

The problem with this is that YOUR USERNAME AND PASSWORD are sent in PLAIN TEXT - a hacker can easily get this information and use it to gain access to your server.



What is secure FTP or SFTP?

SFTP basically removes the need to use FTP, and instead uses SSH to connect to your server to upload or download files. Choose SSH2 to connect (as you should anyway with your SSH client) and your connection will be secure.


What are the advantages of SFTP?

a. Your username and passwords are secure.

b. You can disable the FTP server - ftpd (proftpd or pure-ftpd) - on your server which should reduce server overhead. SFTP uses SSH to transfer files, not FTP.

c. You can block port 21 with your firewall. One less port to worry about.


Let's begin...

1. Download and install an SFTP client on your home computer.

You can use WS-FTP Pro, or CuteFTP Pro, which has SFTP built-in. I prefer to use a free open-source one called Filezilla which you can download and install here:

http://sourceforge.net/project/show...lease_id=183014

NOTE: Filezilla uses part of PUTTY to work, so you may need to install PUTTY on your computer too.


2. Set up your SFTP client.

If you are using Filezilla:

a. Open the program.
b. Click on Edit.
c. Click on Settings.
d. Open Connection tree.
e. Click on SFTP settings.
f. Leave Use Compression as default.
g. Choose to Use SSH2 (a more secure SSH connection).
h. Click OK.

i. Click on File.
j. Click on File Manager.
k. Click on New Site.
l. Enter your server SSH IP address in Host.
m. Choose SSH2 for ServerType - the port number should be 22.
n. Change the port number if you have a custom one for SSH.
o. Choose Normal for LogonType.
p. Enter your SSH username and password.
q. Click on Save and Exit.

Done! Try connecting to your server now via SSH2 using your SFTP client by clicking on the connect icon on the toolbar (most left). It should work. If it doesn't, check your Host SSH IP address again, Port number, Username and Password. Remember, it's the same settings as your SSH client (e.g. PUTTY).


3. Block port 21 (the default FTP port) in your server using your favorite firewall.

If you are using APF 0.91:

Login using SSH as root and edit the apf config file by running this command:

pico -w /etc/apf/conf.apf

Find:

IG_TCP_CPORTS="

and remove 21 from the list.

Then find:

EG_TCP_CPORTS="

and remove 21 from the list.

Then find:

EG_UDP_CPORTS="

and remove 21 from the list as well.

This will prevent port 21 from ever being used.

Don't forget to restart apf after this by running this command:

service apf restart


4. Remove the FTP server from your box by uninstalling FTP.

Login using SSH as root.

Find out what FTP server software you are using by running either commands:

service proftpd status

OR

service pure-ftpd status


Then find out which RPM version of the software you are using by running either commands:

If you're using ProFTP run this:

rpm -qa | grep proftpd

Cut and paste the rpm name into your Notepad - you'll need it.

OR if you're using PureFTP run this:

rpm -qa | grep pure-ftpd

Cut and paste the rpm name somewhere.


Then run this command to uninstall FTP:

rpm -e (full rpm name)

Done!

Check to make sure if the FTP client has been uninstalled successfully by running this again:

service proftpd status

OR

service pure-ftpd status

System :: Comment (0) :: Permalink :: Trackbacks (2)

Add comment

Topic

Text

Your name

Your email address (if any)

Your personal page (if any)


authimage




Powered by Boonic, Bloogo & pLog
This Blog does not have any affiliation nor relation with the mentioned companies. All the logotipos, trade names and images are property of the companies that registered them.