My project needs me to disable sftp for some users, but those users still need to connect over ssh. Does anyone know how to implement this?
I've seen suggestions to change the file at /etc/ssh/sshd_config
, but I'm not sure what to change.
sftpssh
My project needs me to disable sftp for some users, but those users still need to connect over ssh. Does anyone know how to implement this?
I've seen suggestions to change the file at /etc/ssh/sshd_config
, but I'm not sure what to change.
Best Answer
In general doing this is bad security practice for reasons that others have listed. However, the point of your assignment, I think, is to teach you that you can have conditional config sections based on various criteria.
The way to do this is using a
Match
conditional block*.See
sshd_config(5)
under theMatch
section for more information, and matching onGroup
.*There's more than one way to do it.