Prevent ssh shell access for sftp user

In Linux it is not easily apparent as to how to prevent someone from having ssh shell access into a machine you intend to give them SFTP access to. This is because both of these services utilize port 22 and SSL encryption. The default shell for a user is /bin/bash, which is set at user account creation time as the default.

This will need to be modified to ensure that a user only has SFTP access. The command should look something like this

usermod -s /usr/libexec/openssh/sftp-server someuser

This will set the shell of “someuser” to the sftp-server that comes with open ssh. This way, when a user logs in, they are provided secure access to files and not a whole shell. If you want to add secure access to an online cloud, we recommend to check now the new services just like

If you have trouble finding where this sftp-server may be on your server you can us the locate command

locate sftp-server

Be the first to comment

Leave a Reply