hi, i've set up a ispconfig machine following the perfect server guide for wheezy. now i've got the problem that the access to pureftp is blocked by the firewall (directory listing fails due to the tls encryption). further reading indicated that ftps isn't all that great if you have a firewall, because it requires a boatload of open outgoing ports. now if i create a shell user instead, the client can access his own root folder with sftp, but he can also browse outside of it, even if i set chroot shell to "jailkit" on the ispconfig interface. i also don't want them to connect to the shell. could anyone recommend me a way to give my clients secure access to their webspace? thanks & kind regards, ac15
The recommended way is to use ftps. If you use active FTP mode, then you dont have to open the passive ports. But opening the passive port range in the firewall is absolutley ok as well and not a security risk.