SFTP without SSH

SMB, NFS, AFP, FTP, web file manager and Rsync server.
User avatar
digdug
Posts: 7
Joined: 06 May 2020, 18:39

SFTP without SSH

Post by digdug »

Dear Support,

is it possible to grant SFTP access to users without granting them access to a SSH terminal connection?

Best regards,
Frank
User avatar
TMroy
TerraMaster Team
Posts: 2578
Joined: 10 Mar 2020, 14:04
China

Re: SFTP without SSH

Post by TMroy »

Yes, it is possible.
To contact our team, please send email to following addresses, remember to replace (at) with @:
Support team: support(at)terra-master.com (for technical support only)
Service team: service(at)terra-master.com (for purchasing, return, replacement, RMA service)
User avatar
digdug
Posts: 7
Joined: 06 May 2020, 18:39

Re: SFTP without SSH

Post by digdug »

Great news!

Could you/someone please give a little more information on how to get it done (device is a new F4-210 with updated firmware)?

Many thanks in advance
Frank
User avatar
TMSupport
TerraMaster Team
Posts: 2314
Joined: 13 Dec 2019, 15:15

Re: SFTP without SSH

Post by TMSupport »

Hi, as for the permission of SSH access, you can uncheck the box "allow SSH access" as the following picture shows when creating or editing the user, then the user could not SSH access your TNAS.
SSH.png
SSH.png (21.48 KiB) Viewed 11192 times
With FTP service enabled at TOS Control panel, the user could log in and access the authorized folders with FTP client such as FileZilla.
ftp.png
To contact our team, please send email to following addresses, remember to replace (at) with @
Technical team: support(at)terra-master.com (for technical support)
Service team: service(at)terra-master.com (for purchasing, return, replacement, RMA service)
User avatar
digdug
Posts: 7
Joined: 06 May 2020, 18:39

Re: SFTP without SSH

Post by digdug »

Thanks.

This does limit ssh access but only enables the ftp service instead of the safer sftp service.
So my initial question remains : how to grant sftp to the shares without granting ssh terminal access?

Best regards,
Frank
User avatar
TMroy
TerraMaster Team
Posts: 2578
Joined: 10 Mar 2020, 14:04
China

Re: SFTP without SSH

Post by TMroy »

Just enable the SFTP as the attached image, and and access the authorized folders with FTP client such as FileZilla.
sftp.png
To contact our team, please send email to following addresses, remember to replace (at) with @:
Support team: support(at)terra-master.com (for technical support only)
Service team: service(at)terra-master.com (for purchasing, return, replacement, RMA service)
User avatar
digdug
Posts: 7
Joined: 06 May 2020, 18:39

Re: SFTP without SSH

Post by digdug »

From your screenshot, I see that I have to enable ssh in order to use sftp. My initial question: How to grant sftp access only?

I checked with devices from Asus and Synology: ssh and sftp can be configured independently. There must be ways to get it to work on Terramaster devices as well. I'm thinking of adding a "match group" rule to the sshd configuration file. Could this have unwanted side effects?

Also, when I enable sftp, users' access is not limited to their home directory and their shares (which I would expect) but they can CD into any directory. Again, this is different from other vendors. Is this really intended? How can this be secured?

Thanks
Frank
User avatar
TMroy
TerraMaster Team
Posts: 2578
Joined: 10 Mar 2020, 14:04
China

Re: SFTP without SSH

Post by TMroy »

hi digdug,
We will check again with tech team and come back to you soon.
To contact our team, please send email to following addresses, remember to replace (at) with @:
Support team: support(at)terra-master.com (for technical support only)
Service team: service(at)terra-master.com (for purchasing, return, replacement, RMA service)
User avatar
digdug
Posts: 7
Joined: 06 May 2020, 18:39

Re: SFTP without SSH

Post by digdug »

May I ask what the status is? We need to provide safe sftp access for some projects to our partners soon...

Thanks
Frank
User avatar
TMroy
TerraMaster Team
Posts: 2578
Joined: 10 Mar 2020, 14:04
China

Re: SFTP without SSH

Post by TMroy »

Sorry, this feature is not ready yet. It may take another one month.
To contact our team, please send email to following addresses, remember to replace (at) with @:
Support team: support(at)terra-master.com (for technical support only)
Service team: service(at)terra-master.com (for purchasing, return, replacement, RMA service)
Locked