My project needs me to disable sftp for some users, but those users still need to connect over ssh. Does anyone know how to implement this?
I've seen suggestions to change the file at /etc/ssh/sshd_config, but I'm not sure what to change.
Ssh – How to disable sftp for some users, but keep ssh enabled
sftpssh
Related Topic
- Linux SFTP – Allow SFTP but Disallow SSH
- SSH – cannot start sftp-server when trying to force internal sftp
- Ssh – OpenSSH anything like ‘internal-sftp’ but for SCP
- Ubuntu – Is it possible to allow key based authentication for sshd_config chroot sftp users
- Iptables – Unable to SFTP (but can SSH) – Using port other than 22
- Ssh – SFTP permission denied but SSH works fine
- Ssh – How to disable sftp access to user with ssh already disabled (user shell = /bin/false, but connection still works with sftp)
- Linux – How to disable sftp temporarily without reloading the service
Best Answer
In general doing this is bad security practice for reasons that others have listed. However, the point of your assignment, I think, is to teach you that you can have conditional config sections based on various criteria.
The way to do this is using a
Matchconditional block*.See
sshd_config(5)under theMatchsection for more information, and matching onGroup.*There's more than one way to do it.