Linux Tutorials - Herong's Tutorial Examples - v5.45, by Herong Yang
Disable SSH Access for FTP Users
This section provides a tutorial example on how to disable SSH login access of a user on CentOS systems and allow his/her to use FTP service only for upload and download files.
Some times, you may want to create a user and allow him/her to use the FTP service only, not allow him/her to use the SSH (Secure Shell) service to login to your CentOS system. This can be done by disabling his/her access in the sshd (SSH Daemon) configuration.
Here is what I did to create "john" as FTP user and disable his access in the sshd configuration.
1. Create "john" as a user:
herong$ sudo useradd john herong$ sudo passwd john Changing password for user john.
2. Enable FTP access for John:
herong$ sudo vi /etc/vsftpd/user_list ... herong john herong$ sudo systemctl restart vsftpd
3. Create FTP home directory for John:
sudo mkdir /home/john/ftp sudo chown nobody:nobody /home/john/ftp sudo mkdir /home/john/ftp/private sudo chown john:john /home/john/ftp/private
4. Disable SSH access for John:
herong$ sudo vi /etc/ssh/sshd_config ... # ForceCommand cvs server UseDNS no AddressFamily inet SyslogFacility AUTHPRIV PermitRootLogin yes PasswordAuthentication yes DenyUsers guest john herong$ sudo systemctl restart sshd
5. Verify SSH access. It should be denied.
herong$ ssh john@192.168.1.3 john@192.168.1.3's password: Permission denied, please try again. john@192.168.1.3's password:
Now John can upload and download files remotely on my CentOS computer. But he can not SSH login remotely.
Table of Contents
Cockpit - Web Portal for Administrator
SELinux - Security-Enhanced Linux
SSH Protocol and ssh/scp Commands
Software Package Manager on CentOS - DNF and YUM
►vsftpd - Very Secure FTP Daemon
Setup FTP Sub-Directory for Local Users
Test FTP Access Locally on CentOS
Test FTP Access Remotely on CentOS
Support FTP Over TLS on CentOS
►Disable SSH Access for FTP Users