The default copy of CrushFTP ships very secure. There are no default usernames, or passwords, etc. The default ciphers are relatively secure, but not as secure as they could be just for compatibility for people starting out using a potentially older browser for example. We also have some default ports that you may not need or want for file transfer that allow for insecure connections (FTP / HTTP).

So to secure the server, follow these steps:

1.) Login to the WebInterface, Admin, Preferences.
2.) Remove the FTP port on port 21, or click on advanced and enable require encryption.
3.) Remove the HTTP port on 8080 and 9090, or change the IP from "lookup" to be making them inaccessible.
4.) Go to Encryption, SSL. Click the link to disable insecure ciphers.
5.) On the IP / Servers tab, right click on the HTTPS port, and restart it for the prior change to take effect.

If you need data at rest encryption:
1.) Go to the User Manager, default user.
2.) Do a quick filter on "pgp".
3.) Configure a public and private key for the PGP encryption. Doing it here on the default will automatically apply to all users.

(Do not try to disable or remove the default user as the user cannot be used for logins and is just for applying settings.)

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-2) was last changed on 29-Dec-2020 05:25 by Ben Spink
G’day (anonymous guest)
CrushFTP10 | What's New