With the rise of security risks on Websites that process credit cards, some PCI compliance companies, like Trustwave are requiring FTP to be shut off and a different method of uploading and downloading files be used. In order to accommodate these PCI compliance requirements, you can use SFTP or SCP to copy files from your local computer to your server.
What is SFTP and SCP?
SFTP is SSH File Transfer Protocol, Secure File Transfer Protocol, or Secure FTP. An SFTP connection uses port 22 through the command line or another SFTP client. SFTP connects securely so the data is encrypted over the network. You can restrict certain IP addresses and allow certain IP addresses making the SSH port 22 open only to specific users.
SCP is Secure copy based off of the Secure Shell Protocol (SSH). SCP is a Secure connection over port 22 that allows only certain IP addresses to access the server the same as SFTP.
Why would I want to use SCP and SFTP?
If you are running a website that requires credit card payment transactions, you will need to follow PCI compliance standards. This is to ensure that the site will not be compromised by hackers trying to steal personal information. Website owners run PCI compliance scans on their server to find any potential risks to website attacks. When the server fails to pass the PCI scan due to FTP port 21 being open, the web developer is forced to use a different method to upload and download files from the server. This is where SCP and SFTP come in. SFTP and SCP allow the developer to connect to your server on a secure connection.
How do I connect / use SCP and SFTP?
You can use SSH Secure Shell, PuTTy, FileZilla or another program to connect to your server using SFTP. WinSCP can connect to your server using SCP protocol. You can even use some HTML editors to connect with SFTP like DreamWeaver.
Connecting with SFTP with FileZilla
- Open FileZilla.
- Click the site manager button at the top right of the FileZilla client.
- Set your connection to the following settings, but keep in mind for the Host option you could also use your server’s IP address or your server’s hostname (this can be viewed in AMP).
Protocol: SFTP (SSH File transfer Protocol)
Logon type: Normal
User: The cPanel username
Password: The cPanel password Account: Leave blankImportant! You must have your local IP address added to your server Firewall through the WHM.
- Click the Connect button.
Connecting with SCP with WinSCP
- Open WinSCP.
- Set your connection to the following settings.
Host name: your-server.com (you could also use your server’s IP address or your server’s hostname (this can be viewed in AMP).)
Port number: 22
File Protocol: SCP
User name: The cPanel username
Password: cPanel passwordImportant! You must have your local IP address added to your server Firewall through the WHM.
- Click the Login button.
Congratulations, now you know how to connect to your server with SCP and SFTP. Check out our VPS Security guide to learn how to harden your server security.
Thoughts on “Connecting with SCP and SFTP”
I would recommend adding a section that explains you need to add the private key, by default labeled id_rsa, from wherever you generated your SSH keys to the SFTP/SCP program in order to connect successfully.
Thanks for the input, Brad! We will add this to our update list.
I’m getting mixed signals from InMotion Hosting… Is it true that only the root user of the VPS can have SFTP access? Is it true that the FTP Accounts I have created for other users on the account CANNOT access the server with SFTP? It doesn’t seem to make sense that the server would allow FTP access from accounts I have allowed, yet not permit them to use SFTP.
As long as the user’s IP address is added to the firewall and they are using the correct settings, they should be able to connect via SFTP. We also allow SFTP for Shared hosting accounts as well.
Just a note – if you are using a private/public key and have switched off password login for SSH, you can’t use SFTP. You can use standard FTP and set the encryption to Use: Require explicit FTP over TLS.
I’ve tried with FireFTP and Filezilla.
On FireFTP : Authentication failed
On FileZilla : No supported authentication methods available (server sent: publickey,gssapi-keyex,gssapi-with-mic).
So, there is no way to connect with SFTP, please can you help? Thanks
This may depend on the kind of account you have. If you are using a shared account, you’ll want to make sure you have SSH access. If you are in a VPS/Dedicated server, you will want to make sure that the cPanel account you’re using to connect has SSH access as well. If you are using a standard FTP account, or using port 21, the connection will fail.
Thank you!!! After hours of searching, this was the easiest, more straightforward way to understand and connect!