How to: Turning off SFTP server under Linux / UNIX cpanel server

Author: Vivek Gite Last updated: October 10, 2007 9 comments

Q. I’ve CentOS Linux cpanel server. I’d like to turn off SFTP server but only allow SSH for root user. How do I trun off sftp server?

A. OpenSSH / sshd reads configuration data from /etc/ssh/sshd_config. The file contains keyword-argument pairs, one per line. Lines starting with ‘#’ and empty lines are interpreted as comments. Configures an external subsystem such file transfer daemon (SFTP) done through this file only. Arguments should be a subsystem name and a command to execute upon subsystem request. The command sftp-server implements the “sftp” file transfer subsystem. sftp-server is a program that speaks the server side of SFTP protocol. sftp-server is not intended to be called
directly, but from sshd using the Subsystem option.

Disable / Turn off sftp server

Open /etc/ssh/sshd_config file:
# vi /etc/ssh/sshd_config
Find line that read as follows:
Subsystem sftp /usr/lib/openssh/sftp-server
Remove or comment out line by prefixing #:
# Subsystem sftp /usr/lib/openssh/sftp-server
Save and close the file. Restart sshd service:
# /etc/init.d/sshd restart

🐧 If you liked this page, please support my work on Patreon or with a donation.
🐧 Get the latest tutorials on SysAdmin, Linux/Unix, Open Source/DevOps topics:

RSS feed or Weekly email newsletter
Share on Twitter • Facebook • 9 comments... add one ↓

UP NEXT

Category	List of Unix and Linux commands
File Management	cat
Firewall	Alpine Awall • CentOS 8 • OpenSUSE • RHEL 8 • Ubuntu 16.04 • Ubuntu 18.04 • Ubuntu 20.04
Network Utilities	dig • host • ip • nmap
OpenVPN	CentOS 7 • CentOS 8 • Debian 10 • Debian 8/9 • Ubuntu 18.04 • Ubuntu 20.04
Package Manager	apk • apt
Processes Management	bg • chroot • cron • disown • fg • jobs • killall • kill • pidof • pstree • pwdx • time
Searching	grep • whereis • which
User Information	groups • id • lastcomm • last • lid/libuser-lid • logname • members • users • whoami • who • w
WireGuard VPN	Alpine • CentOS 8 • Debian 10 • Firewall • Ubuntu 20.04

9 comments… add one

Kilian Jun 23, 2011 @ 18:35

so its gonn abe normal FTP then? cause SFTP was so slow I couldnt work on it

Reply Link
Marc Dec 5, 2011 @ 14:52

No it doesn’t. Not much support on how to enable normal (non secure) FTP ;p

Reply Link
Nenad Marjanovic Jan 8, 2013 @ 20:15

Better solution is to replace :

Subsystem sftp /usr/lib/openssh/sftp-server

Replace with :

Subsystem sftp /bin/false

Reply Link
- Jon Jun 2, 2014 @ 17:39
  
  Why is that a better solution?
  
  Reply Link
  - ovi Jun 12, 2014 @ 13:27
    
    because that one works…
    
    Reply Link
    - argon Jun 11, 2015 @ 13:29
      
      Yup, he is right, .. its better coz it works. Tried on Ubuntu also.
      Thanks ovi.
      
      Reply Link
Dhruva Apr 16, 2016 @ 5:40

Hi,

I read your answer for disabling sftp in server. But my problem is I am having “Subsystem sftp /usr/libexec/openssh/sftp-server” instead of “Subsystem sftp /usr/lib/openssh/sftp-server” what you have said.

And also I have commented out(#) that line and restarted sshd, but it’s not working for me. Please help me.

Thanks.

Reply Link
Garima Jain Jun 21, 2016 @ 8:37

Is there a way to run only SFTP on port 22 and ssh on a different port? SSH should not respond on 22.

-Garima Jain.

Reply Link
igor Sep 23, 2016 @ 1:05

Comment out the line that says Subsystem sftp /usr/libexec/openssh/sftp-server with a #, so it looks like:
# Subsystem sftp /usr/libexec/openssh/sftp-server
And add a line just below like this:
Subsystem sftp /bin/false

Reply Link

Use HTML <pre>...</pre>, <code>...</code> and <kbd>...</kbd> for code samples.