SSH, SFTP and FTP access

The item applies only to those folks that have “shell” access and/or personal websites hosted on exmsft.com. Those with other¬†accounts can move along … nothing to see here. (And in case you’re wondering, this is provided as a legacy service to folks who had it since “the old days”. With few exceptions we’re not setting up new shell or website accounts these days.)

Due to an increase in the number of brute force attempts to hack the exmsft.com server and the accounts thereon from various vectors, I’ve taken the security up a notch and implemented a few changes to reduce the possibility that the server or your account can be compromised.

FTP has been disabled. FTP is a troublesome protocol, the biggest issue being that it throws your password around in clear text for anyone to see. While the FTP server is running, the FTP control port (21) has been blocked at the server firewall. You should use SFTP instead. (FTPS may work, but I don’t personally support it, and it might well also go away sometime if it does.)

SSH and SFTP are on a non-standard port. An exceptionally high number of brute force attacks are targeted at trying to login to the server via SSH on its standard port (22). The SSH daemon has been moved to port 4780. When using SSH in any form (including SFTP) you’ll need to explicitly specify this port number. Please note that since I just posted it publicly the port number may change – I’ll try to send out email to shell users if it does, but check back here.

You must use a public/private key pair to login via SSH and SFTP. Password authentication in SSH has been disabled – even knowing your account’s proper password is not enough to login. Instead you must:

  • generate a public/private key pair
  • give me the public key to install on your account
  • use the private key when connecting with SSH. Remember to keep the private key secure. If it’s ever lost or compromised let me know.

I have an article from some years ago that’s still pretty accurate (this is technology that has been stable for many years) that should help you choose tools and/or set up your key pair:¬†How do I create and use Public Keys with SSH?