How ca I make CentOS 7 accept SSH while denying SCP?

ssh scp sftp

Solution 1:

It wouldn't help you because the user could trivially do:

ssh user@host "cat /path/to/file" > /local/path/to/file
cat /local/path/to/file | ssh user@host "cat - > /path/to/file"

to copy files down and up respectively.

Solution 2:

Yes, you can.

To disable sftp, find the line that starts with Subsystem sftp in the /etc/ssh/sshd_config file (by default, it's near the very end of the file). Comment it out (put a # at the beginning of the line) and restart sshd.

SCP has no such configuration, the client scp program simply expects the remote scp executable to be in the user's path. So, just delete the scp binary to disable it. (And then you have to remember to delete it again every time you update your SSH package.)

But, as other people have said, this is not going to stop the users from uploading and downloading files. It just makes it ever-so-slightly more difficult. So, if you're doing this for security reasons, you really need to reconsider.

Related

Specifying wildcard paths for PowerShell
in Apple OSX how to move the window control buttons to the right side
SSL certificate not valid because wildcard doesn't match subdomain with hyphen?
Microsoft word 2010 text wrap in table
Can't connect to server over HTTPS in WSL
Remove array of entries from another array
keyboard shortcut to jump to favorited-in-dock application's windows
Making bootable Ubuntu USBstick: fat32 or vfat?
How can I install the release version of Ubuntu 21.10 after I have installed the beta of 21.10
Where can I find the Ubuntu drivers for a Dell 1700 printer.
how to fix wine not being able to install vcrun2019 with this error: "not supported on this system"?
Cannot play Amazon Prime Video content on Opera