1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Dsiable ftp and enable SFTP

Discussion in 'Plesk 11.x for Linux' started by andywill, Jan 20, 2013.

  1. andywill

    andywill New Pleskian

    10
     
    Joined:
    Jan 20, 2013
    Messages:
    2
    Likes Received:
    0
    Failing pci scan for having port 21 unencrypted

    The service running on this port (most often Telnet, FTP, etc…) appears to make use of a plaintext (unencrypted) communication channel. Payment industry policies (PCI 1.1.5.b, 2.2.2.b, 2.3, & 8.4.a) forbid the use of such insecure services/protocols. Unencrypted communication channels are vulnerable to the disclosure and/or modification of any data transiting through them (including usernames and passwords), and as such the confidentially and integrity of the data in transit cannot be ensured with any level of certainty.

    Is there a way to enable SFTP and get rid on FTP ?
     
  2. JohnathanW

    JohnathanW New Pleskian

    10
     
    Joined:
    Feb 13, 2013
    Messages:
    3
    Likes Received:
    0
    Has anyone found a solution for this? We have PCI compliance failing because this has been re-enabled somehow(a recent update perhaps?) Even though we still have the full plesk PCI compliance enabled.
     
  3. JohnathanW

    JohnathanW New Pleskian

    10
     
    Joined:
    Feb 13, 2013
    Messages:
    3
    Likes Received:
    0
  4. Eric Pretorious

    Eric Pretorious Regular Pleskian

    15
    35%
    Joined:
    Mar 2, 2013
    Messages:
    188
    Likes Received:
    0
    Location:
    Truckee, CA
    Is this KB article still relevant for Plesk 11.x?
    What client should Windows users use to connect? i.e., Will Filezilla for Windows support TLS?
    Are any other modifications required? e.g., Will ProFTPd continue to listen on TCP Port 21 or will it also begin listening on any other ports?
     
  5. JohnathanW

    JohnathanW New Pleskian

    10
     
    Joined:
    Feb 13, 2013
    Messages:
    3
    Likes Received:
    0
    It worked alright for me so it must be. Filezilla still works, just change Encryption to "Require Explicit FTP over TLS" It will still operate on port 21 unless you tell it otherwise, and the PCI scan still failed as the server responded on 21 but I disputed it as it is now encrypted and they accepted this.
     
  6. Eric Pretorious

    Eric Pretorious Regular Pleskian

    15
    35%
    Joined:
    Mar 2, 2013
    Messages:
    188
    Likes Received:
    0
    Location:
    Truckee, CA
    Thanks, Johnathan. I've also changed the setting to Require Explicit FTP over TLS:
    Code:
    Are clients required to use FTP over TLS?
    TLSRequired yes
    ...and everything seems to work as expected. :)
     
Loading...