How to: Turning off SFTP server under Linux / UNIX cpanel server

last updated October 10, 2007 in CentOS, Debian / Ubuntu, HP-UX Unix, Networking, OpenBSD, RedHat and Friends, Security, Solaris-Unix, Ubuntu Linux, UNIX

Q. I’ve CentOS Linux cpanel server. I’d like to turn off SFTP server but only allow SSH for root user. How do I trun off sftp server?

A. OpenSSH / sshd reads configuration data from /etc/ssh/sshd_config. The file contains keyword-argument pairs, one per line. Lines starting with â€˜#â€™ and empty lines are interpreted as comments. Configures an external subsystem such file transfer daemon (SFTP) done through this file only. Arguments should be a subsystem name and a command to execute upon subsystem request. The command sftp-server implements the â€œsftpâ€ file transfer subsystem. sftp-server is a program that speaks the server side of SFTP protocol. sftp-server is not intended to be called
directly, but from sshd using the Subsystem option.

Disable / Turn off sftp server

Open /etc/ssh/sshd_config file:
# vi /etc/ssh/sshd_config
Find line that read as follows:
Subsystem sftp /usr/lib/openssh/sftp-server
Remove or comment out line by prefixing #:
# Subsystem sftp /usr/lib/openssh/sftp-server
Save and close the file. Restart sshd service:
# /etc/init.d/sshd restart

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin, DevOps engineer, and a trainer for the Linux operating system/Unix shell scripting. Get the latest tutorials on SysAdmin, Linux/Unix and open source topics via RSS/XML feed or weekly email newsletter.

9 comment

Kilian says:
June 23, 2011 at 6:35 pm
so its gonn abe normal FTP then? cause SFTP was so slow I couldnt work on it
Marc says:
December 5, 2011 at 2:52 pm
No it doesn’t. Not much support on how to enable normal (non secure) FTP ;p
Nenad Marjanovic says:
January 8, 2013 at 8:15 pm
Better solution is to replace :
Subsystem sftp /usr/lib/openssh/sftp-server
Replace with :
Subsystem sftp /bin/false
1. Jon says:
  June 2, 2014 at 5:39 pm
  Why is that a better solution?
  1. ovi says:
    June 12, 2014 at 1:27 pm
    because that one works…
    1. argon says:
      June 11, 2015 at 1:29 pm
      Yup, he is right, .. its better coz it works. Tried on Ubuntu also.
      Thanks ovi.
Dhruva says:
April 16, 2016 at 5:40 am
Hi,
I read your answer for disabling sftp in server. But my problem is I am having “Subsystem sftp /usr/libexec/openssh/sftp-server” instead of “Subsystem sftp /usr/lib/openssh/sftp-server” what you have said.
And also I have commented out(#) that line and restarted sshd, but it’s not working for me. Please help me.
Thanks.
Garima Jain says:
June 21, 2016 at 8:37 am
Is there a way to run only SFTP on port 22 and ssh on a different port? SSH should not respond on 22.
-Garima Jain.
igor says:
September 23, 2016 at 1:05 am
Comment out the line that says Subsystem sftp /usr/libexec/openssh/sftp-server with a #, so it looks like:
# Subsystem sftp /usr/libexec/openssh/sftp-server
And add a line just below like this:
Subsystem sftp /bin/false

Have a question? Post it on our forum!

Tagged as: centos linux, configuration data, cpanel, disable sftp-server, openssh, root user, sftp server, ssh, sshd, UNIX