Managed Service FTPAdmin

FTPAdmin is a browser based tool for creating and managing FTP user accounts.

These user accounts share the following properties:

The login is restricted to the SFTP / FTP protocols
No interactive login possible (SSH)
The access can be restricted to a certain sub-directory inside the home directory

User administration

Create

When you create the user, you specify a home directory. By default, the home directory is located at /home/www-*.

For easy file sharing between multiple users, you can create multiple users that share a home directory.

Delete

If a user account is no longer required, the account can be deleted via "Edit" -> "Delete this account". The users home directory will not be deleted automatically.

Edit

User accounts can be edited via the "Edit" function in the user overview panel. The users password, login name and home directory can be changed here.

Change the admin password

The admin password can be changed with the "change password" function in the title bar.

Customize configuration with `.ftpaccess`

Similar to Apache httpd and .htaccess, the software used in the background allows the configuration to be customized via .ftpaccess files, directly in the directory structure. The configuration is being applied recursively, which means that it applies to the respective directory as well as to all subordinate directories. Please note that no <Directory> sections are required when using .ftpaccess.

Restrict access rights

Access to the directory structure can be restricted by using Limits.

Example: Restrict access to certain IP addresses

<Limit LOGIN>
  Deny from all
  Allow from 5.4.5.6
  Allow from 5.4.5.7
</Limit>

Example: Read-only access for specific user

<Limit CWD PWD DIRS READ>
  AllowUser testuser01
</Limit>

<Limit ALL>
  DenyUser testuser01
</Limit>

Access via SFTP / FTP(S)

All users set up through FTPAdmin can connect to the server both via FTP(S) and scp/SFTP.

For scp/SFTP , port 1122 must be used to connect to the server.

If you're scp on the command line, the port can be specified with -P in the command line as follows:

$ scp -P 1122 source.file user@server.nine.ch:target

SSH public key authentication is available alongside password authentication. The SSH public key must be stored in RFC4716 format in the file ~/.sftp/authorized_keys in the home directory of the specific user. The following command can be used to convert an SSH public key from OpenSSH format to RFC4716:

$ ssh-keygen -e -f .ssh/id_rsa | grep -v Comment

Important: The comment must be removed from the public key.

Windows clients

We recommend the following clients for Windows:

Mac OS

We recommend the following clients for Mac OS:

User administration​

Create​

Delete​

Edit​

Change the admin password​

Customize configuration with .ftpaccess​

Restrict access rights​

Example: Restrict access to certain IP addresses​

Example: Read-only access for specific user​

Access via SFTP / FTP(S)​

Windows clients​

Mac OS​