Using SFTP and SCP Instead of FTP
One simple way to improve your Linux server s security is to use SFTP or SCP instead of regular FTP.
SFTP can work with many protocols but is most commonly used with SSH to provide secure authentication. SFTP is not FTP over SSH, but instead a new protocol developed from the ground up.
SFTP differs from SCP in that it offers a GUI component that allows more remote administration, akin to a remotely accessed file system.
SFTP clients are almost exactly the same in appearance as FTP clients. The majority of them use a two pane window view, with one pane being the local filesystem and the other pane showing the server s filesystem. To send or receive files simply drag them from one pane to another.
Popular SFTP Clients
Using SCP (Secure Copy)
The SCP command can be used to send a file to a server or retrieve a file from a server. Because it uses the SSH protocol for authentication SCP is more secure than FTP which transmits passwords in plain text.
Copies the local file index.php to the directory /home/bob/public_html/ on the server as the user bob.
Copies the file index.php from its location on the server to the local directory called Downloads as the server user bob.
Wildcard File Transfers:
Copies all files ending in .php in the /home/bob/public_html directory to the local directory called Downloads.
Wildcards can be used for both sending and receiving files.
Enabling Shell Access in the WHM
If a user wishes to use SCP and SFTP on a Linux server running cPanel they will need to have shell access enabled.
Log in to your server s WHM as root and find the navigation link labeled Modify an Account. as indicated below:
On the following screen, locate the check box next to Shell Access and make sure that the box is checked. If it is not, check the box and then click the Save button.
What about FTPS?
FTPS is FTP using SSL to encrypt some or all of the transmissions between the server and client. In most cases we recommend users try SFTP before FTPS because most Linux servers will automatically support SFTP, whereas some configuration changes/additions may be necessary to start using FTPS.
Root User Access
As long as the root user is allowed to use SSH to connect to the server it can also be used to send or receive files using SFTP or SCP. Linux servers running cPanel will not let the root user connect using regular FTP because the root password would be transmitted in plain text, which should always be avoided.
If you change the port number used by SSH on your server you will need to also specify the new port number in your command.
A Word on Speed
SCP is generally faster than SFTP at transferring files because it uses a more efficient file transfer algorithm.
For more information about the many choices available when picking a file transfer client please see this handy Wikipedia comparison page.