Q. I’ve CentOS Linux cpanel server. I’d like to turn off SFTP server but only allow SSH for root user. How do I trun off sftp server?
A. OpenSSH / sshd reads configuration data from /etc/ssh/sshd_config. The file contains keyword-argument pairs, one per line. Lines starting with ‘#’ and empty lines are interpreted as comments. Configures an external subsystem such file transfer daemon (SFTP) done through this file only. Arguments should be a subsystem name and a command to execute upon subsystem request. The command sftp-server implements the “sftp” file transfer subsystem. sftp-server is a program that speaks the server side of SFTP protocol. sftp-server is not intended to be called
directly, but from sshd using the Subsystem option.
Disable / Turn off sftp server
Open /etc/ssh/sshd_config file:
# vi /etc/ssh/sshd_config
Find line that read as follows:
Subsystem sftp /usr/lib/openssh/sftp-server
Remove or comment out line by prefixing #:
# Subsystem sftp /usr/lib/openssh/sftp-server
Save and close the file. Restart sshd service:
# /etc/init.d/sshd restart
🐧 9 comments so far... add one ↓
| Category | List of Unix and Linux commands |
|---|---|
| File Management | cat |
| Firewall | Alpine Awall • CentOS 8 • OpenSUSE • RHEL 8 • Ubuntu 16.04 • Ubuntu 18.04 • Ubuntu 20.04 |
| Network Utilities | dig • host • ip • nmap |
| OpenVPN | CentOS 7 • CentOS 8 • Debian 10 • Debian 8/9 • Ubuntu 18.04 • Ubuntu 20.04 |
| Package Manager | apk • apt |
| Processes Management | bg • chroot • cron • disown • fg • jobs • killall • kill • pidof • pstree • pwdx • time |
| Searching | grep • whereis • which |
| User Information | groups • id • lastcomm • last • lid/libuser-lid • logname • members • users • whoami • who • w |
| WireGuard VPN | Alpine • CentOS 8 • Debian 10 • Firewall • Ubuntu 20.04 |
so its gonn abe normal FTP then? cause SFTP was so slow I couldnt work on it
No it doesn’t. Not much support on how to enable normal (non secure) FTP ;p
Better solution is to replace :
Subsystem sftp /usr/lib/openssh/sftp-server
Replace with :
Subsystem sftp /bin/false
Why is that a better solution?
because that one works…
Yup, he is right, .. its better coz it works. Tried on Ubuntu also.
Thanks ovi.
Hi,
I read your answer for disabling sftp in server. But my problem is I am having “Subsystem sftp /usr/libexec/openssh/sftp-server” instead of “Subsystem sftp /usr/lib/openssh/sftp-server” what you have said.
And also I have commented out(#) that line and restarted sshd, but it’s not working for me. Please help me.
Thanks.
Is there a way to run only SFTP on port 22 and ssh on a different port? SSH should not respond on 22.
-Garima Jain.
Comment out the line that says Subsystem sftp /usr/libexec/openssh/sftp-server with a #, so it looks like:
# Subsystem sftp /usr/libexec/openssh/sftp-server
And add a line just below like this:
Subsystem sftp /bin/false