# SFTP-Users

Sometimes "legacy" interfaces like Solfusion require access to a folder that can be accessed by SFTP from outside the server. Since Solfusion does not make use of Symfony Flysystem, this must be configured manually. In any event, SSH should be configured to prohibit password login!

Create a user \<sftp-user> and assign it to same group as the webserver.

Create a directory for use by sftp, e.g. /var/sftp. Note this must be owned by root!

<pre class="language-editorconfig"><code class="lang-editorconfig"># /etc/ssh/sshd_config
...
Subsystem       sftp    /usr/lib/openssh/sftp-server<a data-footnote-ref href="#user-content-fn-1"> -u 002</a>
...
# sftp
Match User <a data-footnote-ref href="#user-content-fn-2">&#x3C;sftp-user></a>
        ForceCommand internal-sftp
        PasswordAuthentication no
        ChrootDirectory /var/sftp
        PermitTunnel no
        AllowAgentForwarding no
        AllowTcpForwarding no
        X11Forwarding no

</code></pre>

[^1]: This important to force setting the group permissions during sftp upload

[^2]: Replace with the name of your sftp user