SFTP without SSH

SMB/CIFS, NFS, AFP, FTP, HTTP file service and Rsync server.
Post Reply
User avatar
digdug
Posts: 7
Joined: 06 May 2020, 18:39

SFTP without SSH

Post by digdug » 06 May 2020, 21:18

Dear Support,

is it possible to grant SFTP access to users without granting them access to a SSH terminal connection?

Best regards,
Frank

User avatar
TMroy
Customer Service
Posts: 744
Joined: 10 Mar 2020, 14:04

Re: SFTP without SSH

Post by TMroy » 06 May 2020, 22:27

Yes, it is possible.
To contact our tech team or want a remote session, please email to support(at)terra-master.com

User avatar
digdug
Posts: 7
Joined: 06 May 2020, 18:39

Re: SFTP without SSH

Post by digdug » 07 May 2020, 01:01

Great news!

Could you/someone please give a little more information on how to get it done (device is a new F4-210 with updated firmware)?

Many thanks in advance
Frank

User avatar
TMSupport
Customer Service
Posts: 743
Joined: 13 Dec 2019, 15:15

Re: SFTP without SSH

Post by TMSupport » 07 May 2020, 14:50

Hi, as for the permission of SSH access, you can uncheck the box "allow SSH access" as the following picture shows when creating or editing the user, then the user could not SSH access your TNAS.
SSH.png
SSH.png (21.48 KiB) Viewed 717 times
With FTP service enabled at TOS Control panel, the user could log in and access the authorized folders with FTP client such as FileZilla.
ftp.png

User avatar
digdug
Posts: 7
Joined: 06 May 2020, 18:39

Re: SFTP without SSH

Post by digdug » 07 May 2020, 20:28

Thanks.

This does limit ssh access but only enables the ftp service instead of the safer sftp service.
So my initial question remains : how to grant sftp to the shares without granting ssh terminal access?

Best regards,
Frank

User avatar
TMroy
Customer Service
Posts: 744
Joined: 10 Mar 2020, 14:04

Re: SFTP without SSH

Post by TMroy » 07 May 2020, 23:14

Just enable the SFTP as the attached image, and and access the authorized folders with FTP client such as FileZilla.
sftp.png
To contact our tech team or want a remote session, please email to support(at)terra-master.com

User avatar
digdug
Posts: 7
Joined: 06 May 2020, 18:39

Re: SFTP without SSH

Post by digdug » 08 May 2020, 22:27

From your screenshot, I see that I have to enable ssh in order to use sftp. My initial question: How to grant sftp access only?

I checked with devices from Asus and Synology: ssh and sftp can be configured independently. There must be ways to get it to work on Terramaster devices as well. I'm thinking of adding a "match group" rule to the sshd configuration file. Could this have unwanted side effects?

Also, when I enable sftp, users' access is not limited to their home directory and their shares (which I would expect) but they can CD into any directory. Again, this is different from other vendors. Is this really intended? How can this be secured?

Thanks
Frank

User avatar
TMroy
Customer Service
Posts: 744
Joined: 10 Mar 2020, 14:04

Re: SFTP without SSH

Post by TMroy » 09 May 2020, 00:24

hi digdug,
We will check again with tech team and come back to you soon.
To contact our tech team or want a remote session, please email to support(at)terra-master.com

User avatar
digdug
Posts: 7
Joined: 06 May 2020, 18:39

Re: SFTP without SSH

Post by digdug » 15 Jun 2020, 14:13

May I ask what the status is? We need to provide safe sftp access for some projects to our partners soon...

Thanks
Frank

User avatar
TMroy
Customer Service
Posts: 744
Joined: 10 Mar 2020, 14:04

Re: SFTP without SSH

Post by TMroy » 15 Jun 2020, 18:58

Sorry, this feature is not ready yet. It may take another one month.
To contact our tech team or want a remote session, please email to support(at)terra-master.com

Post Reply