• We did not send an email asking for donations - please read this post.

Is it possible to disable scp and sftp and have only SSH access?

Upon

New Member
Joined
Feb 28, 2022
Messages
1
Reaction score
0
Credits
12
I'm a linux administrator and I don't want people to download files stored on my server. However, users can login to the server via ssh to work on it. I don't know how to solve this problem. Please help me.
 


Condobloke

Well-Known Member
Joined
Apr 30, 2017
Messages
5,150
Reaction score
4,320
Credits
30,328

dos2unix

Well-Known Member
Joined
May 3, 2019
Messages
1,571
Reaction score
1,191
Credits
10,043
cp my_private_files* /path/to/private_directory
chown -R myuser:myuser /path/to/private_directory
chmod 700 /path/to/private_directory

But they would still be able to scp to their home directory (you can make home directories each a small disk partition, say 100k or so) and likely /tmp. You could disable swap /tmp also.
Keep in mind, if you did this, you couldn't sftp either.

You could remove this line from /etc/ssh/sshd_config
Subsystem sftp /usr/libexec/openssh/sftp-server

But even if you did this, I could still "cat somefile" to the stdout screen output
then copy and paste that output to my local computer.
 
Last edited:

f33dm3bits

Gold Member
Gold Supporter
Joined
Dec 11, 2019
Messages
4,994
Reaction score
3,640
Credits
36,403
On server where users can scp to.
Code:
[email protected] ~]# which scp
/usr/bin/scp

[[email protected] ~]# ls -l /usr/bin/scp
-rwxr-xr-x. 1 root root 105264 Oct 11 03:18 /usr/bin/scp
[[email protected] ~]# chmod 700 /usr/bin/scp

[[email protected] ~]# ls -l /usr/bin/scp
-rwx------. 1 root root 105264 Oct 11 03:18 /usr/bin/scp
From client trying to scp to server.
Code:
scp testfile [email protected]:
[email protected]'s password:
bash: /usr/bin/scp: Permission denied
lost connection

ssh [email protected]
[email protected]'s password:
Last login: Tue Feb 22 17:54:40 2022

sftp [email protected]
[email protected]'s password:
Connected to lx-rocky.
sftp> put testfile
Uploading copyfile to /home/tux/testfile
copyfile                      100%    0     0.0KB/s   00:00
ssh to system where scp is disabled and check home directory.
Code:
ssh [email protected]
[email protected]'s password:
Last login: Mon Feb 28 08:42:39 2022 from 11.22.13.1
[[email protected] ~]$ ls -l ~/testyfile
total 0
-rw-r--r--. 1 tux tux 0 Feb 28 08:41 testfile
 
Last edited:
$100 Digital Ocean Credit
Get a free VM to test out Linux!

Linux.org Hosting Donations
Consider making a donation

Members online


Top