What is your distro? It might be good to put it in your profile
>My first question is how do I totally disable the standard ftp access and force everyone to use sftp?
vsftpd is usually run by xinetd.
grep -H "vsftpd" /etc/xinetd.d/*
will give you the filename. Edit it, change/insert
disable=yes
Restart xinetd ( depends on distro, in RH it is /etc/rc.d/init.d/xinetd restart )
>My second question is regarding the html interface. Users can access the ftp page by typing
ftp://user@mydomain.com in the url bar. Since the sftp protocol is not a standard protocol it does not work like ftp did in the example above. Believe me-I tried it. Is there a way to get around this?
No. SFTP is a subsystem of the SSH suite and sftp requests are tunneled thru the SSH port. That means, you have to have SSH ( Secure Shell a standalone service on port 22. see
www.openssh.org). Even if you have sshd running, none of the browsers that I know of can forward an sftp request to the right port. SFTP cannot be anonymous. Most part of the security comes from who you're gonna login as!! As of now, to use SFTP, you have to use an sftp client such as the one that comes with the openssh suite or the putty set of tools for windows.
>Also, if anyone sees a way of setting up this SECURE ftp server in a different way, your input would be greatly appreciated.
You can enhance the security of one of the exitsting ftp daemons by using chroot jails etc, but the password will always be transmitted in cleartext, since it was a protocol designed for the decades with not much snooping going around.
