Disable SSH Access for FTP Users

This section provides a tutorial example on how to disable SSH login access of a user on CentOS systems and allow his/her to use FTP service only for upload and download files.

Some times, you may want to create a user and allow him/her to use the FTP service only, not allow him/her to use the SSH (Secure Shell) service to login to your CentOS system. This can be done by disabling his/her access in the sshd (SSH Daemon) configuration.

Here is what I did to create "john" as FTP user and disable his access in the sshd configuration.

1. Create "john" as a user:

herong$ sudo useradd john

herong$ sudo passwd john
Changing password for user john.

2. Enable FTP access for John:

herong$ sudo vi /etc/vsftpd/user_list

herong$ sudo systemctl restart vsftpd

3. Create FTP home directory for John:

sudo mkdir /home/john/ftp
sudo chown nobody:nobody /home/john/ftp
sudo mkdir /home/john/ftp/private
sudo chown john:john /home/john/ftp/private

4. Disable SSH access for John:

herong$ sudo vi /etc/ssh/sshd_config
#  ForceCommand cvs server

UseDNS no
AddressFamily inet
SyslogFacility AUTHPRIV
PermitRootLogin yes
PasswordAuthentication yes
DenyUsers guest john

herong$ sudo systemctl restart sshd

5. Verify SSH access. It should be denied.

herong$ ssh john@
  john@'s password:
  Permission denied, please try again.
  john@'s password:

Now John can upload and download files remotely on my CentOS computer. But he can not SSH login remotely.

Table of Contents

 About This Book

 Introduction to Linux Systems

 Cockpit - Web Portal for Administrator

 Process Management

 Files and Directories

 Users and Groups

 File Systems

 Block Devices and Partitions

 LVM (Logical Volume Manager)

 Installing CentOS

 SELinux - Security-Enhanced Linux

 Network Connection on CentOS

 Internet Networking Tools

 SSH Protocol and ssh/scp Commands

 Software Package Manager on CentOS - DNF and YUM

vsftpd - Very Secure FTP Daemon

 Install vsftpd on CentOS

 vsftpd Server Configuration

 Setup FTP Sub-Directory for Local Users

 Test FTP Access Locally on CentOS

 Test FTP Access Remotely on CentOS

 Support FTP Over TLS on CentOS

Disable SSH Access for FTP Users

 LDAP (Lightweight Directory Access Protocol)

 Administrative Tasks


 Full Version in PDF/EPUB