Dsiable ftp and enable SFTP

[andywill]

Failing pci scan for having port 21 unencrypted

The service running on this port (most often Telnet, FTP, etc…) appears to make use of a plaintext (unencrypted) communication channel. Payment industry policies (PCI 1.1.5.b, 2.2.2.b, 2.3, & 8.4.a) forbid the use of such insecure services/protocols. Unencrypted communication channels are vulnerable to the disclosure and/or modification of any data transiting through them (including usernames and passwords), and as such the confidentially and integrity of the data in transit cannot be ensured with any level of certainty.

Is there a way to enable SFTP and get rid on FTP ?

 

[JohnathanW]

Has anyone found a solution for this? We have PCI compliance failing because this has been re-enabled somehow(a recent update perhaps?) Even though we still have the full plesk PCI compliance enabled.

 

[JohnathanW]

Nevermind I followed this guide - http://kb.parallels.com/en/2207

and set "TLSRequired" to on.

 

[Eric Pretorious]

Nevermind I followed this guide - http://kb.parallels.com/en/2207 and set "TLSRequired" to on.

Is this KB article still relevant for Plesk 11.x?
What client should Windows users use to connect? i.e., Will Filezilla for Windows support TLS?
Are any other modifications required? e.g., Will ProFTPd continue to listen on TCP Port 21 or will it also begin listening on any other ports?

 

[JohnathanW]

Is this KB article still relevant for Plesk 11.x?
What client should Windows users use to connect? i.e., Will Filezilla for Windows support TLS?
Are any other modifications required? e.g., Will ProFTPd continue to listen on TCP Port 21 or will it also begin listening on any other ports?

It worked alright for me so it must be. Filezilla still works, just change Encryption to "Require Explicit FTP over TLS" It will still operate on port 21 unless you tell it otherwise, and the PCI scan still failed as the server responded on 21 but I disputed it as it is now encrypted and they accepted this.

 

[Eric Pretorious]

It worked alright for me so it must be. Filezilla still works, just change Encryption to "Require Explicit FTP over TLS" It will still operate on port 21 unless you tell it otherwise, and the PCI scan still failed as the server responded on 21 but I disputed it as it is now encrypted and they accepted this.

Thanks, Johnathan. I've also changed the setting to Require Explicit FTP over TLS:

Are clients required to use FTP over TLS?
TLSRequired yes

...and everything seems to work as expected.