0

After i removed vsftpd from my new vserver with debian5, there is still some process called sftp-server running and managing ftp-connection. How can i turn that off? Where does it came from?

Commented out following line in /etc/ssh/sshd_config now and still running:

#Subsystem sftp /usr/lib/openssh/sftp-server

netstat -tulpen output: (censored my IP through xx.xx.xxx.xxx)

Proto Recv-Q Send-Q Local Address           Foreign Address         State         User       Inode       PID/Program name
tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN      102        2331605921  1343/named
tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN      105        2331610459  1538/mysqld
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      0          2331606433  1379/apache2
tcp        0      0 xx.xx.xxx.xxx:53        0.0.0.0:*               LISTEN      102        2331605880  1343/named
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      102        2331605866  1343/named
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      0          2331612861  1595/sshd
tcp6       0      0 ::1:953                 :::*                    LISTEN      102        2331605922  1343/named
tcp6       0      0 :::53                   :::*                    LISTEN      102        2331605862  1343/named
tcp6       0      0 :::22                   :::*                    LISTEN      0          2331612863  1595/sshd
udp        0      0 xx.xx.xxx.xxx:53        0.0.0.0:*                           102        2331605867  1343/named
udp        0      0 127.0.0.1:53            0.0.0.0:*                           102        2331605864  1343/named
udp6       0      0 :::53                   :::*                                102        2331605849  1343/named
sewo
  • 13
  • 4

1 Answers1

5

sftp-server (SSH File Transfer Protocol) is not a part of ftp. It's a part of OpenSSH.
You can turn it off in your ssh-config, usually in /etc/ssh/sshd_config.

Change the binary loaded to handle the sftp-sessions:

Subsystem sftp /bin/false

Don't forget to restart your sshd after the change:

/etc/init.d/sshd restart
Bart De Vos
  • 17,911
  • 6
  • 63
  • 82
  • I commented out the line and restarted ssh and after that didn't worked whole server, but still can access through sftp-connection to server and it's still running. – sewo Feb 07 '12 at 13:24
  • I commented out this one: `#Subsystem sftp /usr/lib/openssh/sftp-server`. Forgotten anything? – sewo Feb 07 '12 at 13:24
  • Post the results from `sudo netstat -tulpen` in your opening post please. – Bart De Vos Feb 07 '12 at 13:28
  • Ok, sorry at first i edited your answer and somehow can't change it back. But output is posted in my question. – sewo Feb 07 '12 at 13:51
  • Did you restart the service after editing the settings? `/etc/init.d/sshd restart` – Bart De Vos Feb 07 '12 at 13:57
  • Yeah, like i said. At first just `ssh restart` (`sshd` doesn't exist) But no difference. (still able to login via sftp) So I restarted the whole server too, to be 100% sure everything is restarted, but still able to connect via sftp. – sewo Feb 07 '12 at 14:05
  • Ah, it dawned on me. If there is no setting for a particular option, it will use default. Instead of commenting the line out, try editing it to `Subsystem sftp /bin/false` – Bart De Vos Feb 07 '12 at 14:12
  • Ok, thank you. Now disabled. Is this now the best solution to disable the sftp-server? – sewo Feb 07 '12 at 14:29
  • Yes, you need to override the default. – Bart De Vos Feb 07 '12 at 14:36
  • Do i have to change the path for subsystem sftp if i want to use another sftp-server like vsftpd in future or how does that work then? – sewo Feb 07 '12 at 18:25
  • Look up the difference between SFTP, FTP & FTPS ;) – Bart De Vos Feb 07 '12 at 18:33