How to: Turning off SFTP server under Linux / UNIX cpanel server

Q. I’ve CentOS Linux cpanel server. I’d like to turn off SFTP server but only allow SSH for root user. How do I trun off sftp server?

A. OpenSSH / sshd reads configuration data from /etc/ssh/sshd_config. The file contains keyword-argument pairs, one per line. Lines starting with ‘#’ and empty lines are interpreted as comments. Configures an external subsystem such file transfer daemon (SFTP) done through this file only. Arguments should be a subsystem name and a command to execute upon subsystem request. The command sftp-server implements the “sftp” file transfer subsystem. sftp-server is a program that speaks the server side of SFTP protocol. sftp-server is not intended to be called
directly, but from sshd using the Subsystem option.

Disable / Turn off sftp server

Open /etc/ssh/sshd_config file:
# vi /etc/ssh/sshd_config
Find line that read as follows:
Subsystem sftp /usr/lib/openssh/sftp-server
Remove or comment out line by prefixing #:
# Subsystem sftp /usr/lib/openssh/sftp-server
Save and close the file. Restart sshd service:
# /etc/init.d/sshd restart

🐧 If you liked this page, please support my work on Patreon or with a donation.
🐧 Get the latest tutorials on SysAdmin, Linux/Unix, Open Source/DevOps topics:
CategoryList of Unix and Linux commands
File Managementcat
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network Utilitiesdig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
9 comments… add one
  • Kilian Jun 23, 2011 @ 18:35

    so its gonn abe normal FTP then? cause SFTP was so slow I couldnt work on it

  • Marc Dec 5, 2011 @ 14:52

    No it doesn’t. Not much support on how to enable normal (non secure) FTP ;p

  • Nenad Marjanovic Jan 8, 2013 @ 20:15

    Better solution is to replace :

    Subsystem sftp /usr/lib/openssh/sftp-server

    Replace with :

    Subsystem sftp /bin/false

    • Jon Jun 2, 2014 @ 17:39

      Why is that a better solution?

      • ovi Jun 12, 2014 @ 13:27

        because that one works…

        • argon Jun 11, 2015 @ 13:29

          Yup, he is right, .. its better coz it works. Tried on Ubuntu also.
          Thanks ovi.

  • Dhruva Apr 16, 2016 @ 5:40

    Hi,

    I read your answer for disabling sftp in server. But my problem is I am having “Subsystem sftp /usr/libexec/openssh/sftp-server” instead of “Subsystem sftp /usr/lib/openssh/sftp-server” what you have said.

    And also I have commented out(#) that line and restarted sshd, but it’s not working for me. Please help me.

    Thanks.

  • Garima Jain Jun 21, 2016 @ 8:37

    Is there a way to run only SFTP on port 22 and ssh on a different port? SSH should not respond on 22.

    -Garima Jain.

  • igor Sep 23, 2016 @ 1:05

    Comment out the line that says Subsystem sftp /usr/libexec/openssh/sftp-server with a #, so it looks like:
    # Subsystem sftp /usr/libexec/openssh/sftp-server
    And add a line just below like this:
    Subsystem sftp /bin/false

Leave a Reply

Your email address will not be published. Required fields are marked *

Use HTML <pre>...</pre>, <code>...</code> and <kbd>...</kbd> for code samples.