Any users with SSH access also automatically have access to SFTP, which stands for SSH File Transfer Protocol. However, if you are using an FTP service such as vsftpd and don’t want your FTP users to have SFTP access as well, you can disable this.
Method 1 – Disable SSH
If the FTP user doesn’t need SSH shell access, you can set PasswordAuthentication
in the config file to no
. This method will prevent a particular user or users from connecting via SSH and thus SFTP.
sudo nano /etc/ssh/sshd_config
Paste this to the bottom of the file. Replace user1, user2,
etc with your own usernames.
Match User user1,user2,user3,user4
PasswordAuthentication no
Save file and exit. (Press CTRL
+ X
, press Y
and then press ENTER
)
Now restart the SSH service.
sudo service ssh restart
Now when you try to connect via SFTP, you should receive the following error.
Error: Disconnected: No supported authentication methods available (server sent: publickey)
Error: Could not connect to server
Method 2 – Disable the SFTP Subsystem
This isn’t intended as a secure method of preventing SFTP from being used by anyone with shell access to the server. It’s just a way to disable it from external visibility. This method might make it less convenient to use SFTP but there’s no way to prevent a user who can run arbitrary commands from using those commands to make file transfers.
To disable the SFTP subsystem, edit the SSH config file.
sudo nano /etc/ssh/sshd_config
At the bottom of this file, look for the line Subsystem sftp /usr/lib/openssh/sftp-server
and comment it out so it looks like this:
#Subsystem sftp /usr/lib/openssh/sftp-server
Save file and exit. (Press CTRL
+ X
, press Y
and then press ENTER
)
Now restart the SSH service.
sudo service ssh restart
Let me know if this helped. Follow me on Twitter, Facebook and YouTube, or 🍊 buy me a smoothie.