Feature #792
Updated by Daniel Curtis about 8 years ago
This is a simple guide for setting up a user that only has sftp access on FreeBSD. This is useful for file transfers over SSH, instead of using scp. h2. Create a SFTP only group * This is the group where the SFTP only users will be added. <pre> pw groupadd sftp </pre> h2. Configure SSH * Open the sshd_config file: <pre> vi /etc/ssh/sshd_config </pre> #* Add these lines at the bottom of the file and change the chroot directory to your needs. <pre> Match Group sftp sftponly ChrootDirectory /home/%u X11Forwarding no AllowTcpForwarding no ForceCommand internal-sftp </pre> h2. Add a new SFTP user * Add a new user to your system and set the login group to sftponly. <pre> adduser </pre> #* _Example output_: <pre> Username: bob Full name: SFTP user Uid (Leave empty for default): Login group [bob]: sftp Login group is sftp. Invite bob into other groups? []: Login class [default]: Shell (sh csh tcsh bash rbash nologin) [sh]: Home directory [/home/bob]: Home directory permissions (Leave empty for default): Use password-based authentication? [yes]: Use an empty password? (yes/no) [no]: Use a random password? (yes/no) [no]: Enter password: Enter password again: Lock out the account after creation? [no]: Username : bob Password : ***** Full Name : SFTP user Uid : 1006 Class : Groups : sftp sftponly Home : /home/bob Home Mode : root Shell : /bin/sh Locked : no OK? (yes/no): yes adduser: INFO: Successfully added (bob) to the user database. </pre> * The chroot directory needs to be owned by root so that the user/group can log in: <pre> chown root:sftp /home/bob </pre> * Create a new directory within the users home directory where files can be uploaded and change the ownership of this directory to the new user and the sftp group. <pre> mkdir /home/bob/files chown bob:sftp /home/bob/files </pre> * Restart the SSH server <pre> service sshd restart </pre> h2. Resources * http://bin63.com/how-to-set-up-an-sftp-user-on-freebsd