I've set up a user with chroot that has access to only 1 directory through sshd's sftp so that one of my coworkers can upload certain kinds of files. I'm then going to make a way to trigger a command through HTTP that will run a long process on the files, and I need to disable sftp while the process is being run.
Is there a command I can use to disable sftp without having to change the sshd_config file and reload the service? I was thinking of doing port blocking, but I still need access to ssh.
I read about disabling the user account with passwd -l, but if it's already logged in through sftp it would still allow modification.
Any suggestions?
Edit:
After some more dabbling I found out that I could do ps -axl | grep $user@notty and send a kill -9 to the PID to disconnect the user from It's current session and then either do passwd -l username to prevent the user from logging in again or as Martin suggested remove the symlink to the sftp-server binary.
But in the end I took Mike's advice and just moved the files somewhere else instead of running the process in the chroot directory.
Best Answer
You can temporarily remove write permissions to the folder.
If you want to disable SFTP completely, you can create a symlink to
sftp-serverbinary. And configure the user to use that symlink as SFTP binary. Then you can just temporarily remove the symlink, what will effectively disable the SFTP.Note that removing the symlink won't terminate existing SFTP sessions. You have to kill all user-owned processes of
sftp-server.