Articles in this section

See more

Adding a New User

Avatar
Dana Anderson
  • Updated
Follow

Users can be added and modified in the Cerberus FTP Server user database by opening up the User Manager and selecting the Users tab. 

2019-11-06_9-47-58.jpg

The Cerberus FTP Server User Manager- New User Account
 
To add a user, click the New button from the button group along the right side of the page. A new user popup will appear. All usernames must be unique and are case insensitive. Once you have entered the new username, continue filling out the remaining fields. The user can then be configured by clicking on the additional buttons above the details.
 
The additional buttons (Profile, Constraints, Authentication and Allowed Protocols) The most commonly used of these properties are as followed:
 

Profile

 

2019-11-06_9-47-58.jpg

Password The Password for the user. 

Group A Cerberus FTP Server Group that this user belongs to.

 

Constraints

 

2019-11-06_10-57-36.jpg

 

Anonymous If checked, the user password is ignored and the user can be logged in using any password.

Disabled Determines whether the account can log in or not. A disabled account cannot log in to the server.

Max Logins The maximum number of connections this user can make to the server at the same time.

Disable Date If a date is set here then the account will become disabled after the date specified.
Note: The granularity of the timer is 30 minutes. The account will be disabled within 30 minutes of the time set.

Max Upload Filesize This field can be used to limit the maximum size of an uploaded file. This value defaults to unlimited. The file size is specified in bytes. Specify 0 or any non-positive value to reset the maximum file size to unlimited.

Allowed IP Addresses A comma-separated list of IP addresses that this user can log in from. If no IP addresses are specified then no per-user IP address filtering is enforced. IP addresses can be specified as a single IP, a range of IP addresses separated by a dash, e.g. 192.168.0.100 - 192.168.0.150, or a CIDR-formatted IP address range. Multiple formats can be combined, with each single IP or range separated by a comma. Note, global IP address deny lists or allow lists are always enforced first, regardless of this setting.

 

Authentication

 

2019-11-06_11-00-05.jpg

 

SSH Authentication Method Determines the authentication requirements for logging into an SFTP interface. Valid options are:

Password Only: Require only a password for authentication.
Public Key Only: Require only a valid public key for authentication
Public Key and Password: Require both a valid public key and a valid password for authenticating a user

Multifactor Authentication (2FA) Determines if Two Factor authentication is allowed or required.

Allow 2 Factor: This option allows users to set up 2FA if they choose to
Require 2 Factor for HTTP/S: This makes 2FA a requirement when using the HTTP/S web client.
Do not allow SSH SFTP logins (No 2FA): This option will not allow users to login via SSH SFTP when 2FA is enabled.
Do not allow FTP/S logins (No 2FA): This option will not allow users to login via FTP/S when 2FA is enabled.

2 Factor Authentication Status

Enabled User has enabled 2FA for their account. Once two-factor authentication is enabled for a user account you can disable it at any time by pressing Disable 2FA

Disabled User does not have 2FA enabled for their account. 

 

Allowed Protocols

 

2019-11-06_11-10-12.jpg


Permitted Login Protocols Controls which protocols a user is allowed to log in with. If a protocol is not checked then the user will not be allowed to log in using that protocol.

FTP Only Settings:

Require Secure Control If enabled, this user can only log in to the server using a secure TLS/SSL encrypted connection.

Require Secure Data  If enabled, file transfers will only be allowed over secure TLS/SSL encrypted connections.

 

 

 

 

 

 


 

 

 

Related articles

Comments

3 comments

Sort by Date Votes
  • Avatar
    Graham Measures

    How do you setup a user to a specific port for FTPS explicit over TLS . eg port 989

    0
    Comment actions Permalink
  • Avatar
    Dana Anderson

    Hello, Graham. 

    While you can't specify the port, you can controls which protocols a user is allowed to log in with.

    If you wanted your user to use only FTPS:

    Click on constraints 
    From here you can enable/disable the protocols you wish for the end-user to use. In your case, Only "AllowFTPS" would be checked.
     

    0
    Comment actions Permalink
  • Avatar
    Joachim Reckers

    We use the "allowed IP addresses" field as an extra security measure to only allow connections for that user from that IP adresses.

    We also add those IP adresses in the IP Manager as allowed IP.

    This works fine, but we now have an user with an IPv6 IP address. The IPv6 can be configured in the IP Manager, but not in the "allowed IP addresses" field under a user. We get the error message "Please enter one of more comma separated valid networkk addresses in doc-decimal, CIDR, or range notation.".

    Is it possible to configure an IPv6 IP address in the "allowed IP addresses" field under an user? Or do we need to convert them to IPv4?

    We use Cerberus Professional 11.3.5.0.


    0
    Comment actions Permalink

Please sign in to leave a comment.

 

Download Free Trial Now
Privacy Policy
Disclaimer
Products
Features
Licensing
Release Notes
Screen Shots
End User License
Download
Official Release
Development
Installation
Upgrading
Uninstalling
Support
FAQ
Online Help
Tutorial
Submit a Request
Forum
Contact Us
Request a Quote
About Cerberus, LLC
Mailing Lists
Feedback
Resellers