How to Access FTP on a Server with PEM Certificate Based SSH Login

Our reader Edward read our guide on How to Enable PEM Certificate-Based SSH Login and successfully hardened the SSH login system of his server. The next day he discovered that he can not log in via FileZilla as the root user. He can log in as the newly created user for SSH login. But, he can not find the way to run the sudo su command in FileZilla to become the root user. The website files on his server belong to the root user. WinSCP has a good guide for this kind of situation:

The setup we have described in that previous tutorial leaves no way to solve this issue. But we can have offer few solutions for this kind of situations.

Open the SSH configuration file:

Find the line PermitRootLogin and set it to yes:

restart the service:

Now, you’ll unable to SSH as the root user and also can use FileZilla. This is not a secure method but we will use the system for 15 minutes to an hour or so. After our work on SSH is completed, we will revert it:

Do not keep any SSH session open from the root user account:

Find the line PermitRootLogin and set it to no:

restart the service:

This is insecure because the FTP protocol will forward the password as plain text.

You can copy the files you want to download inside the public directory (such as /var/www/html) and wget from your computer. Later, delete the files on the server which you have copied. If you want to upload any file, upload it on GitHub as a gist or on Dropbox or any CDN. Then wget it from your server.

This is secure and uncomplicated since we are not using the FTP protocol at all.

It is a complicated method since the initial server configuration was for the root user. Ideally, we should add first add a user for the public directory content, remove the root user’s login for SSH, and then install the server components. We are not describing this method in this guide since it is long.

The methods we describe for server setup, configuration are intended for single webmaster.