How to: Turning off SFTP server under Linux / UNIX cpanel server

last updated October 10, 2007 in CentOS, Debian / Ubuntu, HP-UX Unix, Networking, OpenBSD, RedHat and Friends, Security, Solaris-Unix, Ubuntu Linux, UNIX

Q. I’ve CentOS Linux cpanel server. I’d like to turn off SFTP server but only allow SSH for root user. How do I trun off sftp server?

A. OpenSSH / sshd reads configuration data from /etc/ssh/sshd_config. The file contains keyword-argument pairs, one per line. Lines starting with â€˜#â€™ and empty lines are interpreted as comments. Configures an external subsystem such file transfer daemon (SFTP) done through this file only. Arguments should be a subsystem name and a command to execute upon subsystem request. The command sftp-server implements the â€œsftpâ€ file transfer subsystem. sftp-server is a program that speaks the server side of SFTP protocol. sftp-server is not intended to be called
directly, but from sshd using the Subsystem option.

Disable / Turn off sftp server

Open /etc/ssh/sshd_config file:
# vi /etc/ssh/sshd_config
Find line that read as follows:
Subsystem sftp /usr/lib/openssh/sftp-server
Remove or comment out line by prefixing #:
# Subsystem sftp /usr/lib/openssh/sftp-server
Save and close the file. Restart sshd service:
# /etc/init.d/sshd restart

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin, DevOps engineer, and a trainer for the Linux operating system/Unix shell scripting. Get the latest tutorials on SysAdmin, Linux/Unix and open source topics via RSS/XML feed or weekly email newsletter.

Your support makes a big difference:

I have a small favor to ask. More people are reading the nixCraft. Many of you block advertising which is your right, and advertising revenues are not sufficient to cover my operating costs. So you can see why I need to ask for your help. The nixCraft takes a lot of my time and hard work to produce. If everyone who reads nixCraft, who likes it, helps fund it, my future would be more secure. You can donate as little as $1 to support nixCraft:

Become a Supporter Make a contribution via Paypal/Bitcoin

9 comment

Kilian says:
June 23, 2011 at 6:35 pm
so its gonn abe normal FTP then? cause SFTP was so slow I couldnt work on it
Marc says:
December 5, 2011 at 2:52 pm
No it doesn’t. Not much support on how to enable normal (non secure) FTP ;p
Nenad Marjanovic says:
January 8, 2013 at 8:15 pm
Better solution is to replace :
Subsystem sftp /usr/lib/openssh/sftp-server
Replace with :
Subsystem sftp /bin/false
1. Jon says:
  June 2, 2014 at 5:39 pm
  Why is that a better solution?
  1. ovi says:
    June 12, 2014 at 1:27 pm
    because that one works…
    1. argon says:
      June 11, 2015 at 1:29 pm
      Yup, he is right, .. its better coz it works. Tried on Ubuntu also.
      Thanks ovi.
Dhruva says:
April 16, 2016 at 5:40 am
Hi,
I read your answer for disabling sftp in server. But my problem is I am having “Subsystem sftp /usr/libexec/openssh/sftp-server” instead of “Subsystem sftp /usr/lib/openssh/sftp-server” what you have said.
And also I have commented out(#) that line and restarted sshd, but it’s not working for me. Please help me.
Thanks.
Garima Jain says:
June 21, 2016 at 8:37 am
Is there a way to run only SFTP on port 22 and ssh on a different port? SSH should not respond on 22.
-Garima Jain.
igor says:
September 23, 2016 at 1:05 am
Comment out the line that says Subsystem sftp /usr/libexec/openssh/sftp-server with a #, so it looks like:
# Subsystem sftp /usr/libexec/openssh/sftp-server
And add a line just below like this:
Subsystem sftp /bin/false

Have a question? Post it on our forum!

Tagged as: centos linux, configuration data, cpanel, disable sftp-server, openssh, root user, sftp server, ssh, sshd, UNIX