TerraMaster Official Forum

Dear Support,

is it possible to grant SFTP access to users without granting them access to a SSH terminal connection?

Best regards,
Frank

Yes, it is possible.

Great news!

Could you/someone please give a little more information on how to get it done (device is a new F4-210 with updated firmware)?

Many thanks in advance
Frank

Hi, as for the permission of SSH access, you can uncheck the box "allow SSH access" as the following picture shows when creating or editing the user, then the user could not SSH access your TNAS. With FTP service enabled at TOS Control panel, the user could log in and access the authorized folders with FTP client such as FileZilla.

Thanks.

This does limit ssh access but only enables the ftp service instead of the safer sftp service.
So my initial question remains : how to grant sftp to the shares without granting ssh terminal access?

Best regards,
Frank

Just enable the SFTP as the attached image, and and access the authorized folders with FTP client such as FileZilla.

From your screenshot, I see that I have to enable ssh in order to use sftp. My initial question: How to grant sftp access only?

I checked with devices from Asus and Synology: ssh and sftp can be configured independently. There must be ways to get it to work on Terramaster devices as well. I'm thinking of adding a "match group" rule to the sshd configuration file. Could this have unwanted side effects?

Also, when I enable sftp, users' access is not limited to their home directory and their shares (which I would expect) but they can CD into any directory. Again, this is different from other vendors. Is this really intended? How can this be secured?

Thanks
Frank

hi digdug,
We will check again with tech team and come back to you soon.

May I ask what the status is? We need to provide safe sftp access for some projects to our partners soon...

Thanks
Frank

Sorry, this feature is not ready yet. It may take another one month.