Feature #792

Updated by Daniel Curtis over 4 years ago

This is a simple guide for setting up a user that only has sftp access on FreeBSD. This is useful for file transfers over SSH, instead of using scp.

h2. Create a SFTP only group

* This is the group where the SFTP only users will be added.
pw groupadd sftp

h2. Configure SSH

* Open the sshd_config file:
vi /etc/ssh/sshd_config
#* Add these lines at the bottom of the file and change the chroot directory to your needs.
Match Group sftp sftponly
ChrootDirectory /home/%u
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp

h2. Add a new SFTP user

* Add a new user to your system and set the login group to sftponly.
#* _Example output_:
Username: bob
Full name: SFTP user
Uid (Leave empty for default):
Login group [bob]: sftp
Login group is sftp. Invite bob into other groups? []:
Login class [default]:
Shell (sh csh tcsh bash rbash nologin) [sh]:
Home directory [/home/bob]:
Home directory permissions (Leave empty for default):
Use password-based authentication? [yes]:
Use an empty password? (yes/no) [no]:
Use a random password? (yes/no) [no]:
Enter password:
Enter password again:
Lock out the account after creation? [no]:
Username : bob
Password : *****
Full Name : SFTP user
Uid : 1006
Class :
Groups : sftp sftponly
Home : /home/bob
Home Mode : root
Shell : /bin/sh
Locked : no
OK? (yes/no): yes
adduser: INFO: Successfully added (bob) to the user database.

* The chroot directory needs to be owned by root so that the user/group can log in:
chown root:sftp /home/bob

* Create a new directory within the users home directory where files can be uploaded and change the ownership of this directory to the new user and the sftp group.
mkdir /home/bob/files
chown bob:sftp /home/bob/files

* Restart the SSH server
service sshd restart

h2. Resources