FTPS (FTP over SSL) possible?

danh

I just found out that I have one Account per Webhosting(?) for SSH, if its enabled.
I prefer to disable SSH Access for Customers during Security Reasons. Any opinions on that decision? Or is it safe to enable SSH? I also always disallow ssh Password AUTH via sshd_config. Would this conflict using SFTP?

Anyways, is FTPS possible? If one Site needs different FTP Accounts, they need to go on unsecure FTP?

webnestify

danh You can always choose TLS/SSL Explicit encryption

cPFence

danh I prefer to disable SSH Access for Customers during Security Reasons. Any opinions on that decision? Or is it safe to enable SSH?

Well, I’d say Enhance v12 SSH access is now safe, thanks to the Enhance team—and a big thanks to Vladimir @smitka for helping improve security on this platform. (I highly recommend checking out his blog , lots of great insights and clever posts there.)

That said, we never give SSH access, we’re paranoid about it. The only exception is if a client has a very good and convincing reason. In that case, we’d consider granting access only to him by adding a user-specific override in /etc/ssh/sshd_config instead of enabling it for everyone.

danh

Hm, what am I missing? I get Error "This security scheme is not implemented" from FTP Program. Never saw that Error Messages before. I have over 150 differenz FTP Accounts there ...

EDIT: Just saw the Changelog with recently fixed pure ftp: https://enhance.com/support/release-notes
now it at least connects. But i get Certificate Error. Hmmm
Do i use a webhosting domain or Server hostname to connect without SSL Error missmatch?

CloudyBlake

danh You should open a ticket. I was having this error and the latest update fixed it. But the cert error is something different.

Regarding your post, I was like you and would never give customers SSH access, and always used FTPS, which enhance supports also. (after fixing the things) That being said, Enhance containerizes all the sites and I feel much more comfortable using it's built in SSH for customers. So now it's no biggie.

danh

CloudyBlake thx. thought the same, since its containerized, should be fine.
I once had a big hack back in 2016.... It was incredible. Plesk + Webhosting, a Joomla 1 -.- from Customer. The Hacker breaked out and got everything ..... That was a disaster. 🙂 So i am brand marked on this topic ;p