How to: Turning off SFTP server under Linux / UNIX cpanel server

Q. I’ve CentOS Linux cpanel server. I’d like to turn off SFTP server but only allow SSH for root user. How do I trun off sftp server?

A. OpenSSH / sshd reads configuration data from /etc/ssh/sshd_config. The file contains keyword-argument pairs, one per line. Lines starting with ‘#’ and empty lines are interpreted as comments. Configures an external subsystem such file transfer daemon (SFTP) done through this file only. Arguments should be a subsystem name and a command to execute upon subsystem request. The command sftp-server implements the “sftp” file transfer subsystem. sftp-server is a program that speaks the server side of SFTP protocol. sftp-server is not intended to be called
directly, but from sshd using the Subsystem option.

Disable / Turn off sftp server

Open /etc/ssh/sshd_config file:
# vi /etc/ssh/sshd_config
Find line that read as follows:
Subsystem sftp /usr/lib/openssh/sftp-server
Remove or comment out line by prefixing #:
# Subsystem sftp /usr/lib/openssh/sftp-server
Save and close the file. Restart sshd service:
# /etc/init.d/sshd restart


🐧 Get the latest tutorials on Linux, Open Source & DevOps via RSS feed or Weekly email newsletter.

🐧 9 comments so far... add one


CategoryList of Unix and Linux commands
Disk space analyzersdf duf ncdu pydf
File Managementcat cp mkdir tree
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Modern utilitiesbat exa
Network UtilitiesNetHogs dig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg glances gtop jobs killall kill pidof pstree pwdx time vtop
Searchingag grep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
9 comments… add one
  • Kilian Jun 23, 2011 @ 18:35

    so its gonn abe normal FTP then? cause SFTP was so slow I couldnt work on it

  • Marc Dec 5, 2011 @ 14:52

    No it doesn’t. Not much support on how to enable normal (non secure) FTP ;p

  • Nenad Marjanovic Jan 8, 2013 @ 20:15

    Better solution is to replace :

    Subsystem sftp /usr/lib/openssh/sftp-server

    Replace with :

    Subsystem sftp /bin/false

    • Jon Jun 2, 2014 @ 17:39

      Why is that a better solution?

      • ovi Jun 12, 2014 @ 13:27

        because that one works…

        • argon Jun 11, 2015 @ 13:29

          Yup, he is right, .. its better coz it works. Tried on Ubuntu also.
          Thanks ovi.

  • Dhruva Apr 16, 2016 @ 5:40

    Hi,

    I read your answer for disabling sftp in server. But my problem is I am having “Subsystem sftp /usr/libexec/openssh/sftp-server” instead of “Subsystem sftp /usr/lib/openssh/sftp-server” what you have said.

    And also I have commented out(#) that line and restarted sshd, but it’s not working for me. Please help me.

    Thanks.

  • Garima Jain Jun 21, 2016 @ 8:37

    Is there a way to run only SFTP on port 22 and ssh on a different port? SSH should not respond on 22.

    -Garima Jain.

  • igor Sep 23, 2016 @ 1:05

    Comment out the line that says Subsystem sftp /usr/libexec/openssh/sftp-server with a #, so it looks like:
    # Subsystem sftp /usr/libexec/openssh/sftp-server
    And add a line just below like this:
    Subsystem sftp /bin/false

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre> for code samples. Still have questions? Post it on our forum