Results 1 to 3 of 3
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 02-06-2014 #1
- Join Date
- Feb 2014
How to Disable sftp and winscp ...
how can i restrict specific ssh users from doing sftp or disabling winscp to download files to their systems.
As the systems are already hardened therefore user are not able to use any other shell except bash using ssh protocol.
As all above mentioned protocols (ssh, sftp & winscp) are using port 22 therefore my boss wants that the users cannot perform sftp or winscp operations.
Can anyone please advise that how can i filter sftp and winscp for some specific users only.
- 02-06-2014 #2
Hi and welcome,
It is possible to match a user or a group of users and set the sftp subsystem to something bogus in sshd_config and therefore disable sftp.
However, this approach is entirely useless.
A shell access is much more than file access.
Even without sftp it is trivial to copy files via a ssh channel. Think: cat, echo, netcat, bash redirection, etctetcetc.
If there are files that shall not be reachable by this group, then ensure this via e.g. permissions.
Last edited by Irithori; 02-06-2014 at 12:06 PM.You must always face the curtain with a bow.
- 03-23-2014 #3
- Join Date
- Apr 2009
- I can be found either 40 miles west of Chicago, in Chicago, or in a galaxy far, far away.
As Irithori said, once a user has ssh permission to access a system, then nothing will keep them from copying files using scp - which is just a subset of ssh. Use either file system permissions to restrict what they can access, or enable SELinux and access control lists (ACL's) to do that.Sometimes, real fast is almost as good as real time.
Just remember, Semper Gumbi - always be flexible!