To allow some users to use sftp or ftp l wan to install vsftpd on my Debian 10 server. How to install and configure vsftpd to ISPConfig 3 on Production Very urgent for me. I did not found this procedure in Ispconfig Manual.
ISPConfig supports SFTP and FTP out of the box using pure-ftpd and SSHD on any setup that followed our perfect server install instructions or was installed using the auto installer, so no need to install vsftpd. Vsftpd won't work here anyway, as it has a very limited feature set and does not even support virtual users.
Hello, Mr. Till, you are quite right; sometimes it happens that we ask certain questions when we have the impression that nothing is working! Indeed ISPConfig supports SFTP and FTP out of the box using pure-ftpd and SSHD there is no need to install Vsftpd and you are right. Indeed on my Ispconfig 3 I created an ftp account for a website with which I cannot connect with FileZilla. I searched without success.. What other configuration remains to be done once the ftp account has been created for a user so that he can connect? Why can't I log in with this account? THANKS
How shall we say that when you do not provide any details on your issue, like log files of the FTP client etc. Maybe you used the wrong username (missed entering the full name incl. prefix) or the wrong password? Or you don't know the difference between FTP and SFTP - which is quite likely as you referred to vsftpd as a solution, which does not support SFTP at all (SFTP is not FTP, SFTP is SSH, and if you want to connect with SFTP/SSH, you must use a shell user account for login not an FTP user). Or you closed passive ports used by FTP in a firewall or router.
Hello, My system is Debian 10 with Ispconfig 3 I changed in the file /etc/pure-ftpd/pure-ftpd.conf the port 21 ftp by default by a port number 2xx3 and I put the rule ufw allow … I did service pure-ftpd-mysql restart But I do netstat -tnulp | grep pure-ftpd tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 19530/pure-ftpd (SE tcp6 0 0 :::21 :::* LISTEN 19530/pure-ftpd (SE It is always ftp port 21 that always appears; how to configure Ispconfig to take into account the port change from 21 to 2114 for example? Should I disable ftp port 21 by ufw deny 21? With FileZilla for example I have to specify the new ftp port 2114 or is it automatic? Last question how to use SFTP instead of and FTP THANKS
That's not ISPConfig specific. On Debian, you set the port for pure-ftd in the file /etc/pure-ftpd/conf/Bind and not /etc/pure-ftpd/pure-ftpd.conf See also: https://forum.howtoforge.com/threads/how-change-pure-ftpd-port-21-to.43452/ If you don't want to use a port, then you can close it in the firewall. It's automatic as long as you do not change the port. So by changing the port, which is not recommended but you want to do it nonetheless, FileZilla will fail to connect automatically due to your custom FTP port and you must specify the port each time you connect. That's explained in post #4 in this thread already. To use SFTP (Shell Transfer protocol), you create a shell user in ISPConfig and use that user to connect.
Thanks Till, Your answers gave me more light on these ftp aspects. You say it is not advisable to change ftp port 21 Ok. But according to various information it seems that for security reasons it is necessary to change certain ports, in particular the ssh port 22. So for port 21 it is therefore not advisable to change and I think my ftp connection problems come from there and I will no longer change the port ftp. Thanks for your advices.
It is not necessary as all services are protected against brute-force password attacks with Fail2ban out of the box. So insteadvof changing ports, better take care to use long and complex passwords, this will add way more protection to your system than altering a port. But if you prefer to do security by obscurity, then you can change the port of cause. Anyone who wants to hack your system can find the changed ports easily within a few seconds with a port scan. You may change any port, but by not using the well known port, you just make your own life more difficult. And as you seem not to be a professional admin, you should consider that its better for you to have a working system than one that you configured with many custom settings that you do not fully understand yet.
