Cerberus FTP Server FAQ
Yes, Cerberus FTP Server 2.0 and higher fully support explicit TLSv1/SSLv3 encryption over FTP (FTPES).
Cerberus FTP Server 4.0 and higher supports FTP, FTPES (Explicit encryption), FTPS (Implicit encryption), and SFTP (SSH2 File Transfer Protocol). Support for the SFTP protocol is only available in the Professional edition.
Cerberus FTP Server 5.0 and higher supports FTP, FTPES (Explicit encryption), FTPS (Implicit encryption), SFTP (SSH2 File Transfer Protocol), and HTTP/S. Support for the HTTP/S protocol is only available in the Enterprise edition.
According to the specification of URL formats, RFC 1738, an FTP URL is of the form:
so that some or all of the parts user
/path may be excluded.
The components obey the following rules:
- user – a username (user id) on the host
- password – the password corresponding to the username; note: if the user and password field in a URL contains character
/, the character must be encoded
- host – the fully qualified domain name of a network host, or its IP address
- port – the port number to connect to; it omitted, defaults to 21
- path – path specification of the form cwd1
Security Note: You should generally avoid using FTP URL syntax for anything other than anonymous FTP access. Including a password is a security risk. On most browsers, it will be visible as you type it, and it will be retained by your history file. The host is usually the external IP address that your ISP has assigned to you. Cerberus FTP Server will attempt to detect it and display is as the WAN IP Address on startup.
For more information check out: FTP URLs
Cerberus FTP Server is automatically installed and started as a Windows Service when the installer is run. If you would like to remove it for some reason or install it as a service again after removing it, you can do so from the Advanced page of the Server Manager. We recommend always running Cerberus FTP Server as a Windows Service. You can install or uninstall Cerberus as a Windows Service by going to the Advanced page of the Server Manager and selecting or unselecting the Install As A Service checkbox. See the image below:
If you haven’t enabled Remote Access from the Remote tab of the Server Manager then you will be prompted to enable it now. Remote access is necessary for the user interface to communicate with the server when Cerberus is running as a Windows Service. When you select “Install as a Windows Service” you will be prompted to set a remote access password. This password will be encrypted and later used by the user interface to connect to the service when you start the Cerberus GUI.
NOTE: You must give the process permission to install the service after pressing OK. You will require an account that has permission to install a Windows Service. This should normally be an Administrator account. On some operating systems you will be prompted for the credentials to an Administrator account, similar to the dialog below:
NOTE: This only installs Cerberus FTP Server as a Window Service. You have to either close the currently running instance of Cerberus FTP Server and start it again from the Service Control Panel or restart the computer to have Cerberus run as a Windows Service.
A client being able to change its password was not supported in the original FTP specification, but Cerberus supports client password changes via the FTP ‘SITE’ extensions command. The syntax is:
First, make sure you’ve configured Cerberus FTP Server to be visible on the Internet. Assuming you are connecting through the Internet through a router, you will need to use your router IP address. Cerberus will automatically detect it and display it at startup as the ‘WAN IP’ address in the screen log. It should be the first thing listed when Cerberus FTP Server starts up, assuming you have ‘Detect WAN IP at Startup’ enabled from the ‘General’ tab of the Server Manager.
An interface is simply an IP address that the FTP server is listening on. It can be an IPv4 or IPv6 address. The “Default” interface represents the settings that will be applied for newly detected interface of a particular type. When a new interface is detected, the new interface it assigned the values of the “Default” interface at the time of detection. There is a Default interface for each type of protocol (currently, FTP, FTPS, SFTP, HTTP, and HTTPS).
For example, If the “Default FTP” interface was defined to be on port 21, then when a new IP address is detected in the system (the administrator added a new network card or an IP address changed) an FTP interface with that new IP would be added and receive the port value of 21. Those settings then become the settings for the newly detected interface. Note that the new interface’s settings are not linked to the “Default” interface in any way. The “Default” interface simply represents the values that newly detected interfaces will be initialized with. Changing the values of the “Default” interface wouldn’t change any values on existing or previously detected interfaces.
When you first install Cerberus FTP Server, the “Default FTP” interface is set to port 21 (the default FTP listening port) and all interfaces detected during the first start will receive that value. If you later change the “Default FTP” interface value that change will have no effect on existing interfaces. The same rules apply to the Default FTPS, SFTP, HTTP, and HTTPS interfaces.
It is also worth noting that Cerberus remembers the settings for interfaces that were previously detected but might have changed. For servers that have dynamic addresses that constantly change or cycle between a range of addresses, Cerberus will “remember” the old values and apply those instead of the “Default” settings if that interface address is later detected again.
For Cerberus FTP Server 4.0.6 and above you can backup the entire server configuration to a single archive using the menu and selecting the Tools -> Backup Users and Settings option. The backup can later be restored using the Tools -> Restore Settings and Users option.
Note, the backup does not include your actual server file structure. Versions of Cerberus FTP Server prior to 7.0.5 also do not contain any client SSH public keys that you may have associated with an account. Cerberus FTP Server 7.0.5 and higher will move client SSH public keys to the Cerberus data folder and include them in any server backups.
For Cerberus FTP Server 4.0.5 and below there is a fairly simple and straightforward method of backing up and restoring all users and settings. Just copy the “Cerberus FTP Server” folder and subfolders located at:
- C:\ProgramData\Cerberus LLC\Cerberus FTP Server on Windows Vista and above or
- C:\Documents and Settings\All Users\Application Data\Cerberus LLC\Cerberus FTP Server on Windows 2003 and below
and you will have backed up all of the users and settings for a complete install of Cerberus FTP Server. Restoring everything just requires pasting the files back to that location.
Q8: How do disable public sharing for the Global Home or Global Home\%USER% default mapping option for AD or LDAP authentication?
You can switch to using the Use Default Group Directories for the default virtual directory mapping mode and then create a group with the %USER% variable in the virtual directory path to mimic the previous default option.
For example, let’s assume your Global Home was set to C:\ftproot.
You would create a new Cerberus group and add a virtual directory called home to the group’s directory list (you can actually name it anything). Make the path for that directory C:\ftproot\%USER%. You can then control the permissions on that directory like you would for any group’s virtual directory.
When the user logs in the username will be substituted for the %USER% part of the path or name. If you enable “Is Simple Directory” mode for this group and switch the default AD virtual directory mapping mode to this group then you’ve just duplicated the “Global Home\%USER%” default AD mapping mode. You also now get control over high-level permissions on the group (still subject to AD user ACLs).
Q9: How do I switch the virtual directories for all of my users and groups to another drive or base folder?
The quickest way to change everyone’s root directory at once is a simple find/replace on the actual users and groups XML settings files.
- Exit the Cerberus desktop admin UI by going to the File menu and selecting Exit.
- Stop the Cerberus FTP Server Windows Service. You can stop the Cerberus service by going to the Services control panel in Windows (go to the Control Panel and select Administrative Tools), selecting the service named Cerberus FTP Server, and then selecting the Stop option for the service. This step is important or your changes will not be detected by the server and will get overwritten the next time the service is restarted.
- Edit the users_3.0.xml file and change everyone’s root drive or directory with a find/replace. The file is in: C:\ProgramData\Cerberus LLC\Cerberus FTP Server\users_3.0.xml. Note, the version number on the file may be different depending on your version of Cerberus FTP Server. When multiple versioned files are present, use the highest version numbered file.
- Edit the groups_3.0.xml file and change everyone’s root drive or directory with a find/replace. The file is in C:\ProgramData\Cerberus LLC\Cerberus FTP Server\groups_3.0.xml
- Start the Cerberus FTP Server Windows Service up again from the Services control panel.
That’s it. Note the C:\ProgramData file path above is usually hidden by default. Substitute C:\Documents and Settings\All Users\Application Data for C:\ProgramData on Windows 2003 R2 and older operating systems.