I got an interesting question today. Our client needs to access to the server via SFTP, but they want to disable to the access to the SSH shell. Assuming that you are fully aware of the potential issues of doing it, such ask security risk etc, here is how to do it:

#Create a user account as usual, e.g.,
sudo adduser sftpuser

#Edit the User Password Profile
sudo vipw


#Type i to switch to the editor mode

#Replace the shell of the user to the following based on your OS:
Linux: /usr/libexec/openssh/sftp-server
FreeBSD: /usr/libexec/sftp-server


#Your line will look something like this:
#Linux:
sftpuser:x:1001:1001::/home/sftpuser:/usr/libexec/openssh/sftp-server

#FreeBSD:
sftpuser:x:$XX3edc8989Ra.:1001:1001::0:0:SFTP User:/home/sftpuser:/usr/libexec/sftp-server

#Type :wq to save and quit.

You may want to include the sftp command in your shell lists, i.e.,

sudo nano /etc/shells

#Include the following (Linux):
/usr/libexec/openssh/sftp-server

#Include the following (FreeBSD):
/usr/libexec/sftp-server

That’s it!

–Derrick

Our sponsors: