FTP disabled but still have access via SSH key. Is this the expected behavior?

Ben Taylor

Member
Jun 27, 2019
13
1
3
Swaziland
cPanel Access Level
Root Administrator
I wanted to disable access to FTP using password auth and only have access via an SSH key. I've setup an SSH key for FTP access and disabled local FTP server. This appears to be exactly what I want but it's a bit confusing.

I would have thought that disabling FTP would not allow access via SSH but it still lets me in.

My question is, Is this the expected behavior?
 

quietFinn

Well-Known Member
Feb 4, 2006
1,653
325
438
Finland
cPanel Access Level
Root Administrator
Even if you disable FTP you can still login using SFTP.
If you want to disable logging in using password set:
PasswordAuthentication no
in /etc/ssh/sshd_config
and restart sshd.
 
Feb 14, 2022
5
2
3
North Macedonia
cPanel Access Level
Website Owner
Keep in mind that FTP and SSH are different services, thus if you disable one - the other one will remain fully functional.
Disabling FTP would prevent you from connecting over FTP or FTPS.
Disabling SSH would prevent you from using SSH and SFTP.

The one alternative is the one that @quietFinn suggested.
The other one, if the main point is to secure your server - is to simply deny access to FTP/SSH ports via WHM -> Host Access Control and allow only the IPs that you would like to be able to reach these services. Personally, I use the first alternative but thanks to my experience with HostAdvice, I know the other way, as well.
 
  • Like
Reactions: quietFinn