This website is deprecated, and remains online only for historic access to old issues and docs for historic versions of Virtualmin. It has been unmaintained for several years, and should not be relied on for up-to-date information. Please visit www.virtualmin.com instead.

How to force SFTP access only

5 posts / 0 new

Topic locked

Last post

#1 Tue, 06/03/2008 - 14:05

max

How to force SFTP access only

Seems like the my only security hole left to plug is ftp. How do I set Vmin to only allow SFTP connections?

#2 Tue, 06/03/2008 - 16:39

ronald

close port 21
inform users through the sent email to use port 22 when you create a domain

#3 Tue, 06/03/2008 - 17:22

max

ya, I guess that would do it.

thanks for all of your help today ronald.

#4 Wed, 06/04/2008 - 19:46

katir

Ok so how does one close port 21? I'm a bit familiar with the Linux Firewall under Webmin. But am no expert

is it as simple as adding a rule to the IP tables

DROP

Destination TCP or UDP port -> equals -> 21

?

i see a lot of other settings there I do not understand, so I don't want to shoot my server in the foot. :-)

I can also as our

#5 Wed, 06/04/2008 - 20:01 (Reply to #4)

velvetpixel

I use this:

-A INPUT -p tcp -m tcp --dport ftp -j DROP
not sure if udp needs to be blocked too.

You can set that in the webmin/Linux Firewall module.
Create a new rule.
Action to Take - drop
Network Protocall = TCP
Destination TCP or UDP port enter ftp where you would normally enter a single port number
click save.
click apply configuration

I do not use ftp.
I only use sftp on port 22 and this works for me..

Topic locked