• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Dsiable ftp and enable SFTP

A

andywill

New Pleskian
Failing pci scan for having port 21 unencrypted

The service running on this port (most often Telnet, FTP, etc…) appears to make use of a plaintext (unencrypted) communication channel. Payment industry policies (PCI 1.1.5.b, 2.2.2.b, 2.3, & 8.4.a) forbid the use of such insecure services/protocols. Unencrypted communication channels are vulnerable to the disclosure and/or modification of any data transiting through them (including usernames and passwords), and as such the confidentially and integrity of the data in transit cannot be ensured with any level of certainty.

Is there a way to enable SFTP and get rid on FTP ?
 
Has anyone found a solution for this? We have PCI compliance failing because this has been re-enabled somehow(a recent update perhaps?) Even though we still have the full plesk PCI compliance enabled.
 
Eric Pretorious said:
Is this KB article still relevant for Plesk 11.x?
What client should Windows users use to connect? i.e., Will Filezilla for Windows support TLS?
Are any other modifications required? e.g., Will ProFTPd continue to listen on TCP Port 21 or will it also begin listening on any other ports?
Click to expand...

It worked alright for me so it must be. Filezilla still works, just change Encryption to "Require Explicit FTP over TLS" It will still operate on port 21 unless you tell it otherwise, and the PCI scan still failed as the server responded on 21 but I disputed it as it is now encrypted and they accepted this.
 
JohnathanW said:
It worked alright for me so it must be. Filezilla still works, just change Encryption to "Require Explicit FTP over TLS" It will still operate on port 21 unless you tell it otherwise, and the PCI scan still failed as the server responded on 21 but I disputed it as it is now encrypted and they accepted this.
Click to expand...

Thanks, Johnathan. I've also changed the setting to Require Explicit FTP over TLS:
Code: 
Are clients required to use FTP over TLS?
TLSRequired yes
...and everything seems to work as expected. :)
 
You must log in or register to reply here.

Similar threads

Edi Duluman
Question How to fix cleartext IMAP / FTP
Replies
3
Views
3K
UFHH01
U
A
Help with the compliance with Trustwave
Replies
7
Views
8K
SteveL132
S
Back
Top