Running ispconfig 3.1.6 on Debian Jessie Just noticed that by default an SSH user can log in via plain FTP with the same credentials even with no ftp users defined. Is this by design? This is unexpected and undesirable from our standpoint. We can of course disable ftp entirely but it would be useful to know if there's another way to prevent SSH users from using FTP (and sending their credentials in cleartext). Thanks
Some search give: https://www.howtoforge.com/how-to-configure-pureftpd-to-accept-tls-sessions-on-ubuntu-10.10
Take a look into the directory /etc/pure-ftpd/auth/, there you should find 3 auth files, the mysql one is for ISPConfig FTP users, check the one for unix and pam and if one of these contains 'yes', try to set it to 'no' and restart pure ftpd.