Prevent Linux user from connecting with WinSCP

Question

How can I stop a user from logging on to Linux machine with WinSCP ?

I have set a user up so that when they login via Putty they are presented with an interactive CLI (using Python) and no bash shell.

Answer 1

in your sshd_config

Find line that read as follows:

Subsystem sftp /usr/lib/openssh/sftp-server

Remove or comment out line by prefixing #:

# Subsystem sftp /usr/lib/openssh/sftp-server

Save and close the file. Restart sshd service:

# /etc/init.d/sshd restart

if that does not work then

replace :

Subsystem sftp /usr/lib/openssh/sftp-server

with :

Subsystem sftp /bin/false

Answer 2

That does not make sense.

If you allow a shell access to the server, you give the user ability to do (almost) anything he/she wants. Blocking WinSCP won't not help and it's not easy anyway.

You can disable the "sftp" subsystem mapping, as shown in the answer by @Dimi. But the user can easily circumvent that by specifying a full path to the sftp-server binary in WinSCP session options.

Even if you make any precautions to block user from running the sftp-server binary, the user can still revert to the SCP protocol.

Even if you block the scp binary too, the user can still modify the files with other methods.

You should better explain us what is your intent, to get better answers.