Question

Can I restrict a user to be allowed only sftp transfers? And disallow any other login (ie shell, Windows)?

Answer

With UCs 4.3 Univention has changed account types.

• Normal accounts containing all features
  These users can login through all configured ways (Windows, sftp, …).
• Simple authentication accounts
  These can only connect to LDAP servers, but have no possibility to log in elsewhere.
• Address book entries for maintaining contact information
  No logon is possible at all.

To enable a user for sftp transfer you have to create a “normal account” which can not be restricted to dedicated services.

.