https://community.checkpoint.com/t5/Firewall-and-Security-Management/SCP-disable-SSH-open/m-p/275698#M105007 <P>Hi Folks,</P><P>I have an Open Server running Gaia R82 and some gateways. Our Security requested some hardening on the server. One question is: Can I disable scp on the server while leaving ssh open?</P><P>Thank you</P> Fri, 17 Apr 2026 14:25:21 GMT iannis12 2026-04-17T14:25:21Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/SCP-disable-SSH-open/m-p/275698#M105007 <P>Hi Folks,</P><P>I have an Open Server running Gaia R82 and some gateways. Our Security requested some hardening on the server. One question is: Can I disable scp on the server while leaving ssh open?</P><P>Thank you</P> Fri, 17 Apr 2026 14:25:21 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/SCP-disable-SSH-open/m-p/275698#M105007 iannis12 2026-04-17T14:25:21Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/SCP-disable-SSH-open/m-p/275699#M105008 <P>If your Gaia login shell is <A href="https://sc1.checkpoint.com/documents/R82/WebAdminGuides/EN/CP_R82_Gaia_AdminGuide/Content/Topics-GAG/Introduction-to-CLI.htm?tocpath=Introduction%20to%20the%20Command%20Line%20Interface%7C_____0" target="_self">Clish</A> (Default), then SCP is only possible for dedicated&nbsp;<A href="https://community.checkpoint.com/t5/Firewall-and-Security-Management/HowTo-Creating-an-scpuser-account-on-Gaia-Clish/m-p/5819/highlight/true#M211" target="_self">scponly</A> Accounts, which need to be manually created. So yes, you can disable SCP by leaving SSH open. You just need to verify that no login account has /bin/bash or /usr/bin/scponly configured as login shell. Btw, experienced linux users can transfer files via pure SSH. You can never avoid file transfers if you allow SSH.</P> Fri, 17 Apr 2026 14:41:01 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/SCP-disable-SSH-open/m-p/275699#M105008 Danny 2026-04-17T14:41:01Z