1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

sFTP/SCP

Discussion in 'Plesk for Linux - 8.x and Older' started by swardell, Apr 27, 2007.

  1. swardell

    swardell Guest

    0
     
    Is it currently possible to config 8.1 (for Linux) to use sFTP or SCP and when will be it a standard feature?
     
  2. 105547111

    105547111 Silver Pleskian

    32
    30%
    Joined:
    Jul 13, 2006
    Messages:
    643
    Likes Received:
    2
    By SFTP I assume you mean FTP over SSH?

    If so it works now, here's how.

    Turn on for your domain user:
    /bin/bash (chrooted)

    Now your domain admin can connect via SFTP.

    You then can go further and block port 21 on the firewall, therefore forcing them to use SFTP.

    Cheers,

    David
     
  3. swardell

    swardell Guest

    0
     
    but that requires enabling and allowing the users shell access which I dont want to do, any other way?

    and, of course, an fully integrated method in the panel would be nice
     
  4. 105547111

    105547111 Silver Pleskian

    32
    30%
    Joined:
    Jul 13, 2006
    Messages:
    643
    Likes Received:
    2
    Nope :(

    But what is the difference? the ftp user id / password they can delete a hell of a lot of stuff. Also the shell its chrooted anyway.
     
  5. matt.simpson

    matt.simpson Basic Pleskian

    25
     
    Joined:
    Sep 12, 2001
    Messages:
    94
    Likes Received:
    0
    There's definitely a difference. Chrooted shells can be broken through various exploits, scp is a better option IMHO.

    We've installed SCPOnly, works well. We just manually added the SCPOnly option to one of the tables in the PSA database to get it to show up in the Plesk interface.

    http://sublimation.org/scponly

    ~Matt
     
  6. huck

    huck Guest

    0
     
    Sftp-server

    You can add:

    /usr/libexec/openssh/sftp-server


    To /etc/shells

    And then select this in the account as their shell. This will give them access to only sftp with not additional software required.
     
  7. s.molinari

    s.molinari Guest

    0
     
    Hello Matt,

    could you please elaborate on this some more?

    "We just manually added the SCPOnly option to one of the tables in the PSA database"

    Which table do you mean and how did you do this? I'd also like to make file transfers to our server a bit more secure than with plain FTP (which is really insecure). I would like to get SCP working, but need to know a bit more. Hope you can help and TIA.

    Scott
     
  8. 105547111

    105547111 Silver Pleskian

    32
    30%
    Joined:
    Jul 13, 2006
    Messages:
    643
    Likes Received:
    2
    Re: Sftp-server

    So huck if I simply edit /etc/shells and add /usr/libexec/openssh/sftp-server

    And select that for the users shell access thats all?

    Cheers,
    David
     
  9. thewolf

    thewolf Regular Pleskian

    25
    57%
    Joined:
    Mar 11, 2004
    Messages:
    231
    Likes Received:
    0
    I wonder why Plesk doesn't offer a SFTP only shell option out-of-the box!
     
  10. matt.simpson

    matt.simpson Basic Pleskian

    25
     
    Joined:
    Sep 12, 2001
    Messages:
    94
    Likes Received:
    0
    Good question.
     
  11. CruzMark

    CruzMark Basic Pleskian

    24
    23%
    Joined:
    Mar 6, 2006
    Messages:
    84
    Likes Received:
    0
    Re: Sftp-server

    WARNING

    This works, BUT the user is not chrooted, so they can traverse the entire filesystem!
     
Loading...