tech11 wrote:
> Hello everyone,
>
> SSH is good to use, but it lead out one safety question, if you keep port
> '22' open, someone may use sftp to transfer data, it's not permited in our
> LAN, how to resove the question? Either if have a way to recode the data
> transfer, just like vsftpd doing, I may check the recode and get to know
> what's happening, it'll be acceptable also. Thanks for your help!


1. To disable sftp, you can eliminate the Subsystem sftp line from
your sshd_config file.

2. I always recommend moving the ssh port away from 22 just because
there are too many bots out there that attempt brute force attacks
against ssh at port 22.

3. If you want to just allow certain users/networks look at the
AllowUsers option of sshd_config.