5.1.5. HOWTO Enable SFTP Restricted Accounts

This section describes the method for restricting an account to SSH File Transfer Protocol (SFTP) access only.

5.1.5.1. Add a User

Create a user account based on the following example.

user { "foo":
  uid   => <UID>,
  gid   => <GID>,
  shell => '/usr/libexec/openssh/sftp-server'
}

5.1.5.2. Modify /etc/shells

To allow your user to use the sftp-server application as a shell, you will need to add custom shell to useradd::shells in Hiera as shown below.

useradd::shells:
  - /usr/libexec/openssh/sftp-server