Q&A: Can I Restrict a User to sftp?

Question

Can I restrict a user to be allowed only sftp transfers? And disallow any other login (ie shell, Windows)?

Answer

With UCs 4.3 Univention has changed account types.

  • Normal accounts containing all features
    These users can login through all configured ways (Windows, sftp, …).
  • Simple authentication accounts
    These can only connect to LDAP servers, but have no possibility to log in elsewhere.
  • Address book entries for maintaining contact information
    No logon is possible at all.

To enable a user for sftp transfer you have to create a “normal account” which can not be restricted to dedicated services.

.