cancel
Showing results for 
Search instead for 
Did you mean: 

SSH and Secure FTP (SFTP)

 
SOLVED
Go to solution
CharliePuyol
Advisor

SSH and Secure FTP (SFTP)

It looks like that ssh and sftp are bonded. But I need some hosts to use the ssh only, and some hosts use ssh and sftp.

Is there a way to implement that? How?
6 REPLIES
Patrick Wallek
Honored Contributor

Re: SSH and Secure FTP (SFTP)

I'm not sure I understand what you are looking for.

Yes, SSH and SFTP utilize the same network port and both are part of the SSH package.

I don't quite understand what you mean when you say "...I need some hosts to use the ssh only, and some hosts use ssh and sftp."

Are you saying you want some hosts to only allow ssh connections into them and NOT sftp, and other hosts allow both ssh and sftp connection?

If that is the case you might be able to do something with the "subsystem" configuration option of the sshd_config file. See 'man sshd_config' for more information.
CharliePuyol
Advisor

Re: SSH and Secure FTP (SFTP)

Yes, from one host ssh and sftp. And on the other host is just ssh.
Patrick Wallek
Honored Contributor
Solution

Re: SSH and Secure FTP (SFTP)

I just did a quick test on one of my Linux servers and modifying the 'subsystem' section of sshd_config can prevent sftp logins.

Here's what I did:

Found the sshd_config file (You will have to look for yours)

Edit the sshd_ocnfig file in vi

Look for the "subsystem" section. The file should contain a section similar to this:

# override default of no subsystems
Subsystem sftp /usr/lib64/ssh/sftp-server

This tells sshd to start the sftp-server program when it received sftp requests. Comment out the 'subsystem' line so it looks like:

# override default of no subsystems
#Subsystem sftp /usr/lib64/ssh/sftp-server

Then save the file and stop and restart the SSH daemon.

Now when you SFTP you should get something like:

$ sftp hqtas14t
Connecting to hqtas14t...
Request for subsystem 'sftp' failed on channel 0
Couldn't read packet: Connection reset by peer


On the servers that need sftp to work, don't change the sshd_config file and it should stay working.
Patrick Wallek
Honored Contributor

Re: SSH and Secure FTP (SFTP)

Are you talking about OUTGOING or INCOMING connections.

Above you said "from one host" and "on the other host."

So do you mean you don't want people to EXECUTE SFTP on "the other host?"

If that is the case, you could remove execute permissions from SFTP, or write a wrapper script that disallows SFTP.

CharliePuyol
Advisor

Re: SSH and Secure FTP (SFTP)

Incoming, the escenario is the following:

One HP-UX 11.11 server got Secure Shell Installed.

One PC needs to access to the HP-UX server using ssh and transfer files by Secure FTP

Other PC needs to access to the HP-UX server using ssh, but no need of Secure FTP (must be disabled).
Patrick Wallek
Honored Contributor

Re: SSH and Secure FTP (SFTP)

>>Other PC needs to access to the HP-UX server using ssh, but no need of Secure FTP (must be disabled).

This is a bird of a different color......

I do not know if there is a way to allow incoming ssh and sftp from one PC, but allow ssh only from another PC.

For the 2nd PC, you could just rename the sftp executable.