1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Plesk 7.5.3 - SFTP Server?

Discussion in 'Plesk for Linux - 8.x and Older' started by md3vxx, Jun 13, 2005.

  1. md3vxx

    md3vxx Guest

    0
     
    In the release notes for Plesk 7.5.3 is lists:

    26. [+] sftp-server is added in chrooted environment.

    Does this mean SFTP is supported natively in PSA 7.5.3 now?

    We have upgraded one of our test boxes to 7.5.3 but do not see it listed as a shell option.

    We are using SCP-Only at the moment for SFTP type services but would prefer an integrated solution should Plesk have provided one.
     
  2. BoXie

    BoXie Guest

    0
     
    If you enable the 'chrooted-shell access option' for a domain in the control panel, chrooted SFTP is also added for that domain.

    You should use SFTP instead of the 'older' SCP. And disable 'protocol 1' in 'sshd_config'.
     
  3. md3vxx

    md3vxx Guest

    0
     
    I see no such option in the CP - can you outline where you see it located?
     
  4. jamesyeeoc

    jamesyeeoc Guest

    0
     
    Login to your control panel. Click on Domains. Click on the domain you wish to set for chroot.

    Click on Setup.

    Under the FTP Login info, look for line which says 'Shell access to server with FTP user's credentials', pull down list, select '/bin/bash (chrooted)', then save changes.

    If you do not see the chrooted option in the list, then check your /etc/shells file to see if it has /usr/local/psa/bin/chrootsh listed.
     
  5. md3vxx

    md3vxx Guest

    0
     
    SFTP

    Hi,

    We do not want to provide shell access only SFTP. A chrooted shell will provide shell access...

    I guess Plesk has yet to provide a solution for this so we will continue to use SCP-Only.
     
  6. BoXie

    BoXie Guest

    0
     
    SFTP is integrated in SSH. So i think it is obvious that it comes with shell access.

    However .. nothing is wrong with the chrooted shell access Plesk offers. One can't do very much harm with the few commands that are supported.
     
  7. philby

    philby Guest

    0
     
    BoXie -- are you certain that not much harm can be done with Plesk SSH? I've been asking our server provider for some secure FTP access to our server (we're resellers) for 2 years now, and they've consistently said "never", because it was "much too dangerous".
    Now that we're about to upgrade to our own server at about 4x the cost, I would *really* like to have some sort of secure FTP access to our domains; changing FTP passwords after one had to upload files while in a public WLAN is really becoming silly.

    TIA for any infos on the matter :)
     
  8. dm__@

    dm__@ Guest

    0
     
    Actually, SSH protocol does not require to provide shell acces when it's need to provide SFTP (as opposite to SCP, which does require shell), but I don't know whether OpenSSH implementation allows such a setup.
     
  9. jamesyeeoc

    jamesyeeoc Guest

    0
     
    With OpenSSH, the same executable can be called for either shell access:

    "C:\Program Files\SSH Communications Security\SSH Secure Shell\SshClient.exe"

    or for sftp:

    "C:\Program Files\SSH Communications Security\SSH Secure Shell\SshClient.exe" /f

    So if you or your client's set it up so the program is always called with the /f option, then they will immediately see the sftp window instead of the shell access window.
     
  10. dm__@

    dm__@ Guest

    0
     
    LOL. I'm talking about server-side setup. SSH protocol defines several core subsystems: X11 forwarding, port forwarding, shell excution, command execution, and optional subsystems, and SFTP is the one of this. Nothing prevents the authors of SSH server to add the option to selectively prohibit any of this subsystems (and for X11 forwarding and port forwarding the options are surely present in OpenSSH).

    SCP works through the command execution subsystem executing the 'scp' utulity on the other end to transfer files, while SFTP is the different subsystem and nothing prevents from making it only one available subsystem.

    Anyway, it is the matter of patching OpenSSH, or, if we are lucky, just adding to the Plesk code that properly configures OpenSSH on the server side.
     
  11. atomicturtle

    atomicturtle Golden Pleskian

    29
     
    Joined:
    Nov 20, 2002
    Messages:
    2,110
    Likes Received:
    7
    Location:
    Washington, DC
    A better way would be to just bind someones SSH key (and you are using keys right?) to sftp.
     
  12. dm__@

    dm__@ Guest

    0
     
    Hmm... Seems to be usable. But... It's possible to make a port forwading in such a situation, which may be too dangerous.
     
  13. atomicturtle

    atomicturtle Golden Pleskian

    29
     
    Joined:
    Nov 20, 2002
    Messages:
    2,110
    Likes Received:
    7
    Location:
    Washington, DC
    thats all configurable in sshd_conf, down to the user level. I wouldnt classify port forwarding in a single node configuration as dangerous in any way. At best you might be able to connect to the system as localhost, or relay to another server. perl, or cgi-bin apps pose a much greater risk to the host in terms of direct vectors for unauthorized access.
     
  14. fishnyc22

    fishnyc22 Guest

    0
     
    hey everyone. Quick question.

    I am the only user on my server. I've read the regular FTP is very insecure and I'm better off using sFTP. Since I'm the only user on the box, Is there any risk in setting the domains "shell access to server with FTP users credientials" to: /bin/bash (chrooted) ?

    Thanks!
     
Loading...