Using SFTP(Secure FTP) in Plesk
Secure FTP is more secure than FTP since it uses the SSH protocol. Shell access must be enabled for each Plesk user for each account.
In the setup page select /bin/bash(chrooted) under the Shell access to server with FTP user’s credentials. This user will now be able to login over SFTP. Remember to change the port in your FTP client. If you are sure you don’t want users to login over standard FTP you can also block this port via the Firewall module in Plesk
The following rules would apply:
Deny incoming from all on ports 21/tcp, 21/udp
You can further secure your FTP server if you have a static IP by allowing access only from that IP. If the static IP is 10.1.1.2 your rules would be:
Allow incoming from 10.1.1.2
Deny incoming from all others
How to set the MTU for network interface
The MTU can be set by editing the configuration file for the device. To see the devices you have use the ifconfig command:
$
ifconfig -a
eth0 Link encap:Ethernet HWaddr 08:00:27:7d:bd:61
inet addr:10.0.2.15 Bcast:10.0.2.255 Mask:255.255.255.0
inet6 addr: fe80::a00:27ff:fe7d:bd61/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:153050 errors:54 dropped:0 overruns:0 frame:0
TX packets:86060 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:168036386 (168.0 MB) TX bytes:9165208 (9.1 MB)
Interrupt:10 Base address:0xd020
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:480 (480.0 B) TX bytes:480 (480.0 B)
Alternatively, you can use the ip command:
$ ip link list
1: lo: mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
link/ether 08:00:27:7d:bd:61 brd ff:ff:ff:ff:ff:ff
The interface eth0 has an MTU set to 1500 bytes. To change the setting temporarily (to 1200 in this example) issue the following command as root:
ip link set dev eth0 mtu 1200
To make the setting permanent for eth0, edit the configuration file /etc/sysconfig/network-scripts/ifcfg-eth0 and add the line MTU=1200
Routing Table
To display the routing table in numerical addresses, one would use the “route -n” command:
$ route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.0.2.0 0.0.0.0 255.255.255.0 U 1 0 0 eth0
With iproute, the equivalent command is “ip route show”:
$ ip route show
10.0.2.0/24 dev eth0 proto kernel scope link src 10.0.2.15 metric 1
default via 10.0.2.2 dev eth0 proto static
Add or delete static routes from the Linux IP routing table.
You need to know the network/subnet you wish to reach, also the interface you wish this route to be added to, i.e., which interface to use to reach the subnet.
How to reach another network, 10.20.30.0/24, that is reachable via a router on the 192.168.1.0/24 network, 192.168.1.254.
The following ip route command would add the desired route to the kernel routing table:
ip route add 10.20.30.0/24 via 192.168.1.254 dev eth1
Note: eth1 is connected to 192.168.1.0/24
Determine which network interface card (NIC)Postfix is running on?
The netstat command allows querying of IP addresses and interfaces that the Postfix daemon is listening. By default, Postfix listens on TCP port 25.
By using the netstat and grep commands for port 25, IP addresses that Postfix are listening to can be found by issuing the following command:
netstat -an | grep :25 | grep tcp
Example:
$ netstat -an | grep :25 | grep tcp
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
Here, Postfix is only listening on the IP address 127.0.0.1.
In order to list each interface’s assigned IP address, issue the following command as root:
