This section describes the method for restricting an account to SSH File Transfer Protocol (SFTP) access only.
Create a user account based on the following example.
user { "foo":
uid => <UID>,
gid => <GID>,
shell => '/usr/libexec/openssh/sftp-server'
}To allow your user to use the sftp-server application as a shell, you will need to add custom shell to useradd::shells in Hiera as shown below.
useradd::shells:
- /usr/libexec/openssh/sftp-server