Find the answer to your Linux question:
Results 1 to 3 of 3
Like Tree1Likes
  • 1 Post By Irithori
Can anyone please advise that how can i restrict specific ssh users from doing sftp or disabling winscp to download files to their systems. As the systems are already hardened ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Feb 2014
    Posts
    1

    How to Disable sftp and winscp ...


    Can anyone please advise that
    how can i restrict specific ssh users from doing sftp or disabling winscp to download files to their systems.

    As the systems are already hardened therefore user are not able to use any other shell except bash using ssh protocol.

    As all above mentioned protocols (ssh, sftp & winscp) are using port 22 therefore my boss wants that the users cannot perform sftp or winscp operations.

    Can anyone please advise that how can i filter sftp and winscp for some specific users only.

    Regards
    Asim

  2. #2
    Trusted Penguin Irithori's Avatar
    Join Date
    May 2009
    Location
    Munich
    Posts
    3,391
    Hi and welcome,

    It is possible to match a user or a group of users and set the sftp subsystem to something bogus in sshd_config and therefore disable sftp.
    However, this approach is entirely useless.

    A shell access is much more than file access.
    Even without sftp it is trivial to copy files via a ssh channel. Think: cat, echo, netcat, bash redirection, etctetcetc.

    If there are files that shall not be reachable by this group, then ensure this via e.g. permissions.
    Last edited by Irithori; 02-06-2014 at 12:06 PM.
    IsaacKuo likes this.
    You must always face the curtain with a bow.

  3. #3
    Linux Guru Rubberman's Avatar
    Join Date
    Apr 2009
    Location
    I can be found either 40 miles west of Chicago, in Chicago, or in a galaxy far, far away.
    Posts
    11,592
    As Irithori said, once a user has ssh permission to access a system, then nothing will keep them from copying files using scp - which is just a subset of ssh. Use either file system permissions to restrict what they can access, or enable SELinux and access control lists (ACL's) to do that.
    Sometimes, real fast is almost as good as real time.
    Just remember, Semper Gumbi - always be flexible!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •