Any users with SSH access also automatically have access to SFTP, which stands for SSH File Transfer Protocol. However, if you are using an FTP service such as vsftpd and don’t want your FTP users to have SFTP access as well, you can disable this.
Method 1 – Disable SSH
If the FTP user doesn’t need SSH shell access, you can set PasswordAuthentication in the config file to no. This method will prevent a particular user or users from connecting via SSH and thus SFTP.
sudo nano /etc/ssh/sshd_configPaste this to the bottom of the file. Replace user1, user2, etc with your own usernames.
Match User user1,user2,user3,user4
PasswordAuthentication noSave file and exit. (Press CTRL + X, press Y and then press ENTER)
Now restart the SSH service.
sudo service ssh restartNow when you try to connect via SFTP, you should receive the following error.
Error: Disconnected: No supported authentication methods available (server sent: publickey)
Error: Could not connect to serverMethod 2 – Disable the SFTP Subsystem
This isn’t intended as a secure method of preventing SFTP from being used by anyone with shell access to the server. It’s just a way to disable it from external visibility. This method might make it less convenient to use SFTP but there’s no way to prevent a user who can run arbitrary commands from using those commands to make file transfers.
To disable the SFTP subsystem, edit the SSH config file.
sudo nano /etc/ssh/sshd_configAt the bottom of this file, look for the line Subsystem sftp /usr/lib/openssh/sftp-server and comment it out so it looks like this:
#Subsystem sftp /usr/lib/openssh/sftp-serverSave file and exit. (Press CTRL + X, press Y and then press ENTER)
Now restart the SSH service.
sudo service ssh restartLet me know if this helped. Follow me on Twitter, Facebook and YouTube, or 🍊 buy me a smoothie.
