Results 1 to 7 of 7

Thread: Ssh & sftp

  1. #1
    Join Date
    Jul 2013
    Beans
    53

    Ssh & sftp

    Hi,

    Does disabling SSH access also disable SFTP access? I believe it does but I wanted to make sure. Thanks.

  2. #2
    Join Date
    Mar 2010
    Location
    Metro-ATL; PM free zone.
    Beans
    Hidden!
    Distro
    Lubuntu 14.04 Trusty Tahr

    Re: Ssh & sftp

    It depends. If you disable the ssh-server completely, then yes.
    If you need anything more complex, the man page explains.
    man sshd_config

    Check out the "Match" section. I have never done what you are trying, just providing leads here.

  3. #3
    Join Date
    Jul 2013
    Beans
    53

    Re: Ssh & sftp

    Quote Originally Posted by TheFu View Post
    It depends. If you disable the ssh-server completely, then yes.
    If you need anything more complex, the man page explains.
    man sshd_config

    Check out the "Match" section. I have never done what you are trying, just providing leads here.
    Good point that it depends, let me clarify, does limiting SSH access using "AllowUsers" in the sshd_config file also limit SFTP access to only users that are listed?

  4. #4
    Join Date
    Sep 2006
    Beans
    7,635
    Distro
    Lubuntu Development Release

    Re: Ssh & sftp

    AllowUsers and AllowGroups will also affect subsystems like SFTP.

  5. #5
    Join Date
    Sep 2006
    Beans
    7,635
    Distro
    Lubuntu Development Release

    Re: Ssh & sftp

    If you have physical access to the machine so you are not worried about getting locked out, you can experiment. Make a backup copy of sshd_config first and then make whatever changes you want to test. If you stop the server you can then run it in debug mode which will be good for one session.

    Code:
    sudo service ssh stop
    /usr/sbin/sshd -d
    That second line will allow one SSH sesssion and output what the server has to say about it to the screen. It can be very usefu.

    Then to try another login session, run "sshd -d" again.

    To restore normal operations of the ssh server, restore the configuration file from backup and then run "sudo service ssh start"

  6. #6
    Join Date
    Jul 2013
    Beans
    53

    Re: Ssh & sftp

    Thanks to both of you.

  7. #7
    Join Date
    Apr 2013
    Beans
    120
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: Ssh & sftp

    Disabling the sftp subsystem denied sftp access to anyone in my test:

    In /etc/ssh/sshd_config:

    Code:
    #Subsystem sftp /usr/lib/openssh/sftp-server
    Restart sshd:

    Code:
    sudo service ssh restart
    Try a sftp connection:

    Code:
    sftp host
    Debug code after successful authentication:

    Code:
    debug1: Sending subsystem: sftp
    debug2: channel 0: request subsystem confirm 1
    debug2: callback done
    debug2: channel 0: open confirm rwindow 0 rmax 32768
    debug2: channel_input_status_confirm: type 100 id 0
    subsystem request failed on channel 0
    Couldn't read packet: Connection reset by peer
    Then you could place a Match term at the end of the file allowing certain users (like the mighty yourself ) sftp access.

    Some people say that sftp and scp should also be removed from the system, but I haven't tried that.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •