login about faq

How to set up SFTP-accessible directories using Tectia Server 5.x for Windows

asked Dec 23 '10 at 16:52

SSH%20KB's gravatar image


SFTP functionality can be configured via the 'Services' page in the Tectia Server Configuration tool. Chapter 4, "Configuring Tectia Server", in the Tectia Server 5.0 Administrator Manual has more information on configuration options. Tectia Server 5.0 has a new, dynamic and robust configuration which enables administrators to have different connection parameters, authentication method chains, and services for different user groups based on certain user information. In the Services page of the Tectia Server Configuration tool the first list is Groups. That refers groups defined in the Tectia Server with selectors, not groups in the operating system (although those can be used in selectors). The next parameter is Rules where services are assigned to Tectia groups. Services are defined as the functions provided by Tectia Server (terminal, sftp, tunneling, remote command execution). To restrict access to one set of directories via sftp to a group named 'sftpusers' and allow access to all drives and services to all other users, please do the following:

Define group

In the Services page 'Add' a group:
  1. Name: sftpusers (please note that in the names of the connection/authentication/groups/rules elements it is not allowed to have spaces)
  2. Then 'Add' selector
  3. Choose the selector and 'Add' attributes for it. For example type in the name field the username if you select the 'User' as selector type.
  4. click 'OK' and 'OK'
Note: If you add a selector but do not add any attributes for it, the selector will match all users. Also ensure that sftpusers is before any other groups in services as only the first matching group is used for the user.

Define services

Next, delete the default (unnamed) Rule. Next 'Add' a new one. A 'Rule' dialog will open: 1) In the name field type the name of the group to which this rule set applies. In this example, the sftpusers group is defined, and only SFTP access is allowed.
  1. Go to 'Commands' tab > click 'Add' > choose Action 'Deny'
  2. Go to 'Local Tunnels' tab > click 'Add' > choose Action 'Deny'
  3. Go to 'Remote Tunnels' tab > click 'Add' > choose Action 'Deny'
  4. Go to 'Terminal' tab > uncheck 'Allow terminal'
  5. Go to 'Subsystems' tab > click 'Add'
  6. Type: sftp
  7. leave 'Allowed' checked
  8. Application: sft-server-g3.exe
  9. 'Add' Attribute
  10. In the attribute Name: virtual-folder
  11. In the attribute Value: C:=C:
  12. 'Add' new attribute for every virtual folder you want to make available for this group.
2) Once all desired virtual folders have been added, click 'OK' The application default rule that allows all services and in case of sftp adds all drives as Accessible Directories is used for all other users that do not match to the 'sftpusers'. Remember to click 'Apply' to save the changes made to the configuration. Restart the SSH Tectia Server to ensure the configuration changes become effective.

answered Dec 23 '10 at 16:58

Alan%20-%20Tectia%20Support's gravatar image

Alan - Tectia Support

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or __italic__
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported



Asked: Dec 23 '10 at 16:52

Seen: 7,726 times

Last updated: Mar 03 '11 at 23:22

All user contributed content licensed under the cc-by-sa license.
Powered by OSQA.