Is it possible to disable scp and sftp and have only SSH access?


New Member
Feb 28, 2022
Reaction score
I'm a linux administrator and I don't want people to download files stored on my server. However, users can login to the server via ssh to work on it. I don't know how to solve this problem. Please help me.

cp my_private_files* /path/to/private_directory
chown -R myuser:myuser /path/to/private_directory
chmod 700 /path/to/private_directory

But they would still be able to scp to their home directory (you can make home directories each a small disk partition, say 100k or so) and likely /tmp. You could disable swap /tmp also.
Keep in mind, if you did this, you couldn't sftp either.

You could remove this line from /etc/ssh/sshd_config
Subsystem sftp /usr/libexec/openssh/sftp-server

But even if you did this, I could still "cat somefile" to the stdout screen output
then copy and paste that output to my local computer.
Last edited:
On server where users can scp to.
root@lx-rocky ~]# which scp

[root@lx-rocky ~]# ls -l /usr/bin/scp
-rwxr-xr-x. 1 root root 105264 Oct 11 03:18 /usr/bin/scp
[root@lx-rocky ~]# chmod 700 /usr/bin/scp

[root@lx-rocky ~]# ls -l /usr/bin/scp
-rwx------. 1 root root 105264 Oct 11 03:18 /usr/bin/scp
From client trying to scp to server.
scp testfile tux@lx-rocky:
tux@lx-rocky's password:
bash: /usr/bin/scp: Permission denied
lost connection

ssh tux@lx-rocky
tux@lx-rocky's password:
Last login: Tue Feb 22 17:54:40 2022

sftp tux@lx-rocky
tux@lx-rocky's password:
Connected to lx-rocky.
sftp> put testfile
Uploading copyfile to /home/tux/testfile
copyfile                      100%    0     0.0KB/s   00:00
ssh to system where scp is disabled and check home directory.
ssh tux@lx-rocky
tux@lx-rocky's password:
Last login: Mon Feb 28 08:42:39 2022 from
[tux@lx-rocky ~]$ ls -l ~/testyfile
total 0
-rw-r--r--. 1 tux tux 0 Feb 28 08:41 testfile
Last edited:

Members online