ftp, sftp, ftps, scp? please advise

Discussion in 'Server Operation' started by ac15, Mar 24, 2015.

  1. ac15

    ac15 Member


    i've set up a ispconfig machine following the perfect server guide for wheezy. now i've got the problem that the access to pureftp is blocked by the firewall (directory listing fails due to the tls encryption). further reading indicated that ftps isn't all that great if you have a firewall, because it requires a boatload of open outgoing ports. now if i create a shell user instead, the client can access his own root folder with sftp, but he can also browse outside of it, even if i set chroot shell to "jailkit" on the ispconfig interface. i also don't want them to connect to the shell.
    could anyone recommend me a way to give my clients secure access to their webspace?

    thanks & kind regards,
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    The recommended way is to use ftps. If you use active FTP mode, then you dont have to open the passive ports. But opening the passive port range in the firewall is absolutley ok as well and not a security risk.
    ac15 likes this.
  3. ac15

    ac15 Member

    thanks for the lightning-fast answer! i'll open up the passive port range then.

Share This Page