LinuxQuestions.org - Deny SSH but allow SFTP

- Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)

- - Deny SSH but allow SFTP (https://www.linuxquestions.org/questions/linux-newbie-8/deny-ssh-but-allow-sftp-4175736119/)

lq_win

04-17-2024 01:58 AM

Deny SSH but allow SFTP

Hi all,

We deny ssh access to our server but we want to allow SFTP, as far as I know SFTP uses the same port 22 like SSH, how to deny the SSH but allow the SFTP?

scasey

04-17-2024 02:19 AM

searching for "allow sftp but not ssh" yields many helpful links. Please review some of those and come back if you have any questions.

lq_win

04-17-2024 02:55 AM

I followed the instruction on: https://www.server-world.info/en/not...ux_9&p=ssh&f=5

/etc/ssh/sshd_config

Subsystem sftp internal-sftp

Match Group sftp_users
X11Forwarding no
AllowTcpForwarding no
ChrootDirectory /home
ForceCommand internal-sftp

Include /etc/ssh/ssh_config.d/*.conf

and usermod -aG sftp_users gogo

but user gogo still able to access SSH

what I missed?

lq_win

04-17-2024 03:10 AM

please ignore.. this is my bad!..I did wrong config.
it works now, thank you, but how about if we also want to give them access to other folder like /var/www/html and /home/public?

need your advice/

thanks

Turbocapitalist

04-17-2024 03:32 AM

You might consider a bind mount of the other directories into the accounts' chroot directories.

All times are GMT -5. The time now is 07:38 PM.