Feature #792
Setup an SFTP User on FreeBSD
Description
This is a simple guide for setting up a user that only has sftp access on FreeBSD. This is useful for file transfers over SSH, instead of using scp.
Create a SFTP only group¶
- This is the group where the SFTP only users will be added.
pw groupadd sftp
Configure SSH¶
- Open the sshd_config file:
vi /etc/ssh/sshd_config
- Add these lines at the bottom of the file and change the chroot directory to your needs.
Match Group sftp ChrootDirectory /home/%u X11Forwarding no AllowTcpForwarding no ForceCommand internal-sftp
- Add these lines at the bottom of the file and change the chroot directory to your needs.
Add a new SFTP user¶
- Add a new user to your system and set the login group to sftponly.
adduser
- Example output:
Username: bob Full name: SFTP user Uid (Leave empty for default): Login group [bob]: sftp Login group is sftp. Invite bob into other groups? []: Login class [default]: Shell (sh csh tcsh bash rbash nologin) [sh]: Home directory [/home/bob]: Home directory permissions (Leave empty for default): Use password-based authentication? [yes]: Use an empty password? (yes/no) [no]: Use a random password? (yes/no) [no]: Enter password: Enter password again: Lock out the account after creation? [no]: Username : bob Password : ***** Full Name : SFTP user Uid : 1006 Class : Groups : sftp Home : /home/bob Home Mode : root Shell : /bin/sh Locked : no OK? (yes/no): yes adduser: INFO: Successfully added (bob) to the user database.
- Example output:
- The chroot directory needs to be owned by root so that the user/group can log in:
chown root:sftp /home/bob
- Create a new directory within the users home directory where files can be uploaded and change the ownership of this directory to the new user and the sftp group.
mkdir /home/bob/files chown bob:sftp /home/bob/files
- Restart the SSH server
service sshd restart
Resources¶
Updated by Daniel Curtis about 8 years ago
- Status changed from New to Resolved
- % Done changed from 0 to 100