How ca I make CentOS 7 accept SSH while denying SCP?
Solution 1:
It wouldn't help you because the user could trivially do:
ssh user@host "cat /path/to/file" > /local/path/to/file
cat /local/path/to/file | ssh user@host "cat - > /path/to/file"
to copy files down and up respectively.
Solution 2:
Yes, you can.
To disable sftp, find the line that starts with Subsystem sftp
in the /etc/ssh/sshd_config
file (by default, it's near the very end of the file). Comment it out (put a #
at the beginning of the line) and restart sshd.
SCP has no such configuration, the client scp
program simply expects the remote scp
executable to be in the user's path. So, just delete the scp
binary to disable it. (And then you have to remember to delete it again every time you update your SSH package.)
But, as other people have said, this is not going to stop the users from uploading and downloading files. It just makes it ever-so-slightly more difficult. So, if you're doing this for security reasons, you really need to reconsider.