Hi,
Does disabling SSH access also disable SFTP access? I believe it does but I wanted to make sure. Thanks.
A Carafe of Ubuntu
Hi,
Does disabling SSH access also disable SFTP access? I believe it does but I wanted to make sure. Thanks.
<--- Run xman to see that window.
It depends. If you disable the ssh-server completely, then yes.
If you need anything more complex, the man page explains.
man sshd_config
Check out the "Match" section. I have never done what you are trying, just providing leads here.
Boot, Backup, and Security questions. Std Linux Sys Maint..
Why LTS release? Mark Thread SOLVED.
Use "code tags".
A Carafe of Ubuntu
Good point that it depends, let me clarify, does limiting SSH access using "AllowUsers" in the sshd_config file also limit SFTP access to only users that are listed?Originally Posted by TheFu
Ubuntu Member
AllowUsers and AllowGroups will also affect subsystems like SFTP.
Ubuntu Member
If you have physical access to the machine so you are not worried about getting locked out, you can experiment. Make a backup copy of sshd_config first and then make whatever changes you want to test. If you stop the server you can then run it in debug mode which will be good for one session.
That second line will allow one SSH sesssion and output what the server has to say about it to the screen. It can be very usefu.Code:sudo service ssh stop /usr/sbin/sshd -d
Then to try another login session, run "sshd -d" again.
To restore normal operations of the ssh server, restore the configuration file from backup and then run "sudo service ssh start"
A Carafe of Ubuntu
Thanks to both of you.
Gee! These Aren't Roasted!
Disabling the sftp subsystem denied sftp access to anyone in my test:
In /etc/ssh/sshd_config:
Restart sshd:Code:#Subsystem sftp /usr/lib/openssh/sftp-server
Try a sftp connection:Code:sudo service ssh restart
Debug code after successful authentication:Code:sftp host
Then you could place a Match term at the end of the file allowing certain users (like the mighty yourselfCode:debug1: Sending subsystem: sftp debug2: channel 0: request subsystem confirm 1 debug2: callback done debug2: channel 0: open confirm rwindow 0 rmax 32768 debug2: channel_input_status_confirm: type 100 id 0 subsystem request failed on channel 0 Couldn't read packet: Connection reset by peer) sftp access.
Some people say that sftp and scp should also be removed from the system, but I haven't tried that.
Posting Permissions
Adv Reply
Bookmarks