CWP: How To Create An FTP Account

This article explains how you can create FTP accounts in CWP.

There are different types of users (accounts):

System (Linux) Users

System users are the user names created for individual client accounts. Such Linux accounts are created from the CWP Admin left menu –> User Accounts.

These also appear in the user control panel and you can see this as the default user in this screenshot:

ftp accounts

Each user account you create in CWP.admin can be also used for FTP login.

CWP FTP Configuration

You can log in to FTP by using the access details of these client users, as displayed on the CWP User Panel

  • User name of client account
  • Password: the same you use for log-in
  • Host name: name of the server e. g. web01.saadhost.com
  • Port: 21

Virtual Users

Additional (virtual) users are users created from the CWP User Panel (see the second user on the above screenshot).

Virtual users have the same permissions as the main user of the account.

With Virtual users you have the possibility to create unlimited number of FTP accounts for the same user account.

When logged in, users are chroot-ed into the folder listed under “Path”.

Click on Add new FTP Account:

add new ftp account cwp client

Fill out the details and press Save.

You have options to Delete the account and to Change Password.

Creating Users In CWP Admin Panel

Once such virtual user FTP accounts are created, they will also appear in the Admin Panel:

cwp admin ftp list

Under File Management > FTP Manager v2, you have the ability to add, remove, change password and see active sessions.

CWP FTP Ports & Protocols

There are different types of FTP connections:

FTP (port 21)
Plain, unencrypted FTP that defaults over port 21.

FTP is a very well-established protocol, developed in the 1970s to allow two computers to transfer data over the internet. One computer acts as the server to store information and the other acts as the client to send or request files from the server. The FTP protocol typically uses port 21 as its main means of communication. An FTP server will listen for client connections on port 21.

The conversation between client and server is performed in plain text—all communication between the two parties is sent unprotected, over the internet. This makes FTP very unsecure; it would not be difficult for a third party, such as a Man-in-the-Middle Attacker (MITMA), to steal users’ credentials.

FTPES (port 21)
FTP Explicit Secure – over SSL/TLS. This starts out as plain FTP over port 21, but is upgraded to TLS/SSL encryption before the user credentials are sent over the connection. FTPES is a somewhat newer form of encrypted FTP, and is considered the preferred way to establish encrypted connections because it can be more firewall friendly. None of the major web browsers support FTPES, but FTP clients like FileZilla do.

FTPES FileZilla

SFTP (port 22 or custom SSH port)
SFTP (Secure File Transfer Protocol) runs over SSH, but because of that it has a problem that you can’t restrict users into the home folder. Because of that, it is disabled for regular users (otherwise they would be able to browse system files/folders). Only use SFTP through as the administrator, using your root account as FTP.

FTPS (port 990)
(File Transfer Protocol over SSL) Implicit SSL/TLS encrypted FTP that works just like HTTPS. Security is enabled with SSL as soon as the connection starts. The default FTPS port is 990. This protocol was the first version of encrypted FTP available, and while considered deprecated, is still widely used. None of the major web browsers support FTPS.

Port 990 is Implicit FTPS, while port 21 is Explicit FTPES. If a client connects to an FTPS server on port 990, the assumption is that the client intends to perform SSL. Therefore, the SSL handshake takes place immediately; it is referred to as Implicit because the port number implies security.  FTP clients who connect on port 21 and intend to use SSL for security will need to take the extra step to explicitly state their intentions by sending an AUTH SSL or AUTH TLS command to the server. Once the server receives this command, the two parties perform an SSL handshake and enter a secure state—hence why port 21 is referred to as Explicit. This allows the client the opportunity to activate greater security when necessary, or speed the process up on less security-sensitive file transfers.

>> Back to CWP Features <<