Project

General

Profile

Feature #792

Updated by Daniel Curtis over 4 years ago

This is a simple guide for setting up a user that only has sftp access on FreeBSD. This is useful for file transfers over SSH, instead of using scp.

h2. Create a SFTP only group

* This is the group where the SFTP only users will be added.
<pre>
pw groupadd sftp
</pre>

h2. Configure SSH

* Open the sshd_config file:
<pre>
vi /etc/ssh/sshd_config
</pre>
#* Add these lines at the bottom of the file and change the chroot directory to your needs.
<pre>
Match Group sftp sftponly
ChrootDirectory /home/%u
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
</pre>

h2. Add a new SFTP user

* Add a new user to your system and set the login group to sftponly.
<pre>
adduser
</pre>
#* _Example output_:
<pre>
Username: bob
Full name: SFTP user
Uid (Leave empty for default):
Login group [bob]: sftp
Login group is sftp. Invite bob into other groups? []:
Login class [default]:
Shell (sh csh tcsh bash rbash nologin) [sh]:
Home directory [/home/bob]:
Home directory permissions (Leave empty for default):
Use password-based authentication? [yes]:
Use an empty password? (yes/no) [no]:
Use a random password? (yes/no) [no]:
Enter password:
Enter password again:
Lock out the account after creation? [no]:
Username : bob
Password : *****
Full Name : SFTP user
Uid : 1006
Class :
Groups : sftp sftponly
Home : /home/bob
Home Mode : root
Shell : /bin/sh
Locked : no
OK? (yes/no): yes
adduser: INFO: Successfully added (bob) to the user database.
</pre>

* The chroot directory needs to be owned by root so that the user/group can log in:
<pre>
chown root:sftp /home/bob
</pre>

* Create a new directory within the users home directory where files can be uploaded and change the ownership of this directory to the new user and the sftp group.
<pre>
mkdir /home/bob/files
chown bob:sftp /home/bob/files
</pre>

* Restart the SSH server
<pre>
service sshd restart
</pre>

h2. Resources

* http://bin63.com/how-to-set-up-an-sftp-user-on-freebsd

Back