Ubuntu: How to disable SFTP for an FTP user

Any users with SSH access also automatically have access to SFTP, which stands for SSH File Transfer Protocol, or Secure File Transfer Protocol. It’s a separate protocol packaged with SSH that works in a similar way to FTP over a secure connection.

Method 1 – Disable SSH

If the FTP user doesn’t need SSH shell access, you can set PasswordAuthentication in the config file to no. This method will prevent a particular user or users from connecting via SSH and thus SFTP.

sudo nano /etc/ssh/sshd_config

Paste this to the bottom of the file. Replace user1, user2, etc with your own usernames.

/etc/ssh/sshd_config
Match User user1,user2,user3,user4
    PasswordAuthentication no

Save file and exit. (Press CTRL + X, press Y and then press ENTER)

Now restart the SSH service.

sudo service ssh restart

Now when you try to connect via SFTP, you should receive the following error.

Error:	Disconnected: No supported authentication methods available (server sent: publickey)
Error:	Could not connect to server

Method 2 – Disable the SFTP Subsystem

This isn’t intended as a secure method of preventing SFTP from being used by anyone with shell access to the server. It’s just a way to disable it from external visibility. This method might make it less convenient to use SFTP but there’s no way to prevent a user who can run arbitrary commands from using those commands to make file transfers.

To disable the SFTP subsystem, edit the SSH config file.

sudo nano /etc/ssh/sshd_config

At the bottom of this file, look for the line Subsystem sftp /usr/lib/openssh/sftp-server and comment it out so it looks like this:

/etc/ssh/sshd_config
#Subsystem sftp /usr/lib/openssh/sftp-server

Save file and exit. (Press CTRL + X, press Y and then press ENTER)

Now restart the SSH service.

sudo service ssh restart

Let me know in the comments if this helped. Follow me @DevAnswers or buy me a beer 🍺

Feedback

Your email address will not be published. Required fields are marked *

We use Markdown to style comments, like on Github and Reddit.
To do a line break, type two spaces after the sentence.
You can add inline code by wrapping it in backticks: `code here`

    To do an entire block of code  
    type four spaces before the line
    and it will appear in a block like this.
    <-- four empty spaces