Share FTP Credentials

Send FTP or SFTP login details securely. Self-destructs after being viewed once.

Why secure share ftp credentials matters

FTP, defined in RFC 959, still moves files daily across publishing pipelines, prepress drop folders, broadcast playout systems, and legacy ERP integrations that outlived their vendors. The control channel runs on port 21 in cleartext: USER, PASS, and every directory listing traverse the wire as plain ASCII. A coffee-shop attacker running tcpdump captures the login on the first PASV transfer.

The two non-plaintext alternatives are not interchangeable, and conflating them is one reason credentials leak. SFTP is a subsystem of OpenSSH, runs over a single TCP port (22), and authenticates against sshd's `Subsystem sftp` directive. FTPS bolts TLS onto the original protocol — implicit FTPS on 990, explicit FTPS via AUTH TLS on 21 — and inherits FTP's dual-channel mess, so firewalls routinely break the data connection.

PasteOnce fits the moment a freelance retoucher, a stringer uploading footage from the field, or a consultant migrating files between two `vsftpd` boxes needs host, username, and password without sticking around in chat history. Pair the handoff with a `chroot_local_user=YES` jail, a per-user account, and rotation the moment the engagement closes.

What goes wrong when share ftp credentials is shared insecurely

Plaintext credentials on the wire. An attacker on the same Wi-Fi as the FTP client reads USER and PASS commands directly. Hotel networks and coworking spaces expose port-21 sessions in their first three packets, and PCAPs surface on dump-trading sites.
Anonymous FTP misconfiguration. Shodan indexes tens of thousands of `vsftpd` and `proftpd` servers with `anonymous_enable=YES` left on from defaults. If the upload directory permits writes, attackers stage warez, malware, and phishing kits there — your bandwidth bill and IP reputation absorb the consequences.
Shared `ftp` admin account. Many small studios and print shops run a single `ftp` or `admin` user that every freelancer logs in with. The password sits in onboarding wikis for years, and a single ex-contractor retains access to every job folder on the server.
FTPS data-channel firewall breakage. Explicit FTPS encrypts the control channel but the PASV data port is negotiated dynamically. Stateful firewalls inspecting plaintext FTP cannot read the encrypted PASV reply, so the data connection silently fails — and operators 'fix' it by disabling encryption.

Share FTP Credentials

Client-side encrypted. We can't see your data.

Press Ctrl/⌘ + Enter to send0 characters

Expires in:

End-to-End Encrypted

Your data is encrypted in your browser before it leaves your device.

Self-Destructing

Messages are automatically deleted after being read once.

Zero Knowledge

We never see your data. Only encrypted blobs pass through our servers.

One-Time View

Links work exactly once. Refresh the page and it's gone forever.

How does share ftp credentials work on PasteOnce?

Client-Side Encryption

Your sensitive data is encrypted in your browser using AES-256-GCM. The encryption key is generated randomly and never sent to our servers.

Secure Storage

Only the encrypted blob is stored in our database, with an automatic expiration time. We literally cannot read your data.

One-Time Read

When your recipient opens the link, the encrypted data is fetched and immediately deleted from our servers using an atomic Redis GETDEL. The key in the URL hash decrypts the message in their browser.

Best practices for share ftp credentials

Migrate to OpenSSH SFTP where you can

OpenSSH's SFTP subsystem reuses port 22, supports key auth via `~/.ssh/authorized_keys`, and confines users with `ChrootDirectory` plus `ForceCommand internal-sftp`. No second port range, no certificate dance, no cleartext fallback. FileZilla and Cyberduck both speak it natively.

Provision per-user accounts on the daemon

In `vsftpd`, set `local_enable=YES` with PAM-backed accounts; in `proftpd`, use `<Limit LOGIN>` blocks per user; in `pure-ftpd`, run `pure-pw useradd` to create a virtual user mapped to a single home. Never reuse a credential across freelancers.

Lock users into chroot jails

Add `chroot_local_user=YES` and `allow_writeable_chroot=YES` to `vsftpd.conf`, or `DefaultRoot ~` in `proftpd.conf`. A jailed user cannot `cd /etc` to read `/etc/passwd` or pivot up the tree. Pair with ACLs limiting reach to one project folder.

Rotate and audit the access list weekly

Run `pure-pw list` or grep your `vsftpd` userlist after every project handoff. Disable accounts the day the contract closes. Tail `/var/log/vsftpd.log` for unfamiliar IPs and feed the log into Wazuh or a basic Loki query.

Related Secure Sharing Tools

Share API Key Securely Share SSH Private Key Share .env Variables Share Database Credentials Share Software License Key Share Encryption Keys Share VPN Credentials Share Private Keys Securely

Real situations this is built for

Magazine sending TIFFs to the printer

A monthly magazine ships CMYK page proofs to a commercial printer that operates a `proftpd` drop folder behind their corporate firewall. The print rep PasteOnces host, username, and a one-month-rotating password to the production designer, who imports the credentials directly into Cyberduck.

Freelance editor uploading dailies to a broadcaster

A regional news bureau requires segment uploads via FTPS to their playout server. The traffic coordinator generates a per-correspondent virtual user in `pure-ftpd`, sends the host, port 990, and certificate fingerprint through PasteOnce, and the correspondent imports it into FileZilla.

Migrating a legacy ERP integration off port 21

An accounting team pulls nightly EDI batches from a 2009 `vsftpd` server. The migration consultant receives the cleartext credentials via PasteOnce, mirrors the directory tree to an SFTP-only host, and rotates the original account before decommissioning.

Studio bringing on a temp retoucher

A photography studio hires a retoucher for a one-week catalog shoot. The producer creates a chrooted `vsftpd` account scoped to that one client folder, PasteOnces host plus password, and removes the user with `userdel` once final files are delivered.

Frequently Asked Questions

Is FTP still safe to use in 2026?

Cleartext FTP on port 21 is not safe over any untrusted network. It survives only inside isolated LANs or over a VPN. For anything crossing the public internet, use SFTP or implicit FTPS on port 990 with a valid certificate. If a vendor still requires plaintext FTP, route through a `stunnel` wrapper.

What is the difference between SFTP and FTPS?

SFTP is a subsystem of SSH, runs on port 22, and uses SSH keys for auth. FTPS is the original FTP protocol with TLS layered on top, uses two ports, and uses X.509 certificates. SFTP is friendlier to firewalls; FTPS is friendlier to legacy clients.

How do I disable anonymous FTP on vsftpd?

Edit `/etc/vsftpd.conf`, set `anonymous_enable=NO`, restart with `systemctl restart vsftpd`, then verify by logging in as `anonymous` remotely — the server should refuse with `530 Permission denied`. Audit `/var/log/vsftpd.log` for prior sessions.

Can I send a FileZilla site export through PasteOnce?

Yes — paste the XML contents directly. FileZilla's `sitemanager.xml` stores passwords reversibly by default, so tell the recipient to import then enable a master password under Edit > Settings > Interface so the credential is not left in cleartext on disk.

Why secure share ftp credentials matters

What goes wrong when share ftp credentials is shared insecurely

Plaintext credentials on the wire. An attacker on the same Wi-Fi as the FTP client reads USER and PASS commands directly. Hotel networks and coworking spaces expose port-21 sessions in their first three packets, and PCAPs surface on dump-trading sites.

Anonymous FTP misconfiguration. Shodan indexes tens of thousands of `vsftpd` and `proftpd` servers with `anonymous_enable=YES` left on from defaults. If the upload directory permits writes, attackers stage warez, malware, and phishing kits there — your bandwidth bill and IP reputation absorb the consequences.

Shared `ftp` admin account. Many small studios and print shops run a single `ftp` or `admin` user that every freelancer logs in with. The password sits in onboarding wikis for years, and a single ex-contractor retains access to every job folder on the server.

FTPS data-channel firewall breakage. Explicit FTPS encrypts the control channel but the PASV data port is negotiated dynamically. Stateful firewalls inspecting plaintext FTP cannot read the encrypted PASV reply, so the data connection silently fails — and operators 'fix' it by disabling encryption.

How does share ftp credentials work on PasteOnce?

Client-Side Encryption

Your sensitive data is encrypted in your browser using AES-256-GCM. The encryption key is generated randomly and never sent to our servers.

Secure Storage

Only the encrypted blob is stored in our database, with an automatic expiration time. We literally cannot read your data.

One-Time Read

When your recipient opens the link, the encrypted data is fetched and immediately deleted from our servers using an atomic Redis GETDEL. The key in the URL hash decrypts the message in their browser.

Best practices for share ftp credentials

Migrate to OpenSSH SFTP where you can

Provision per-user accounts on the daemon

Lock users into chroot jails

Rotate and audit the access list weekly

Real situations this is built for

Magazine sending TIFFs to the printer

Freelance editor uploading dailies to a broadcaster

Migrating a legacy ERP integration off port 21

Studio bringing on a temp retoucher

Frequently Asked Questions

Is FTP still safe to use in 2026?

What is the difference between SFTP and FTPS?

How do I disable anonymous FTP on vsftpd?

Can I send a FileZilla site export through PasteOnce?