SFTP Users
SFTP users get chrooted access to a site's directory. SftpUserManager creates system users and writes SSH Match blocks so that specified users can only use the SFTP subsystem and are chrooted to the site root. No shell access is granted.
Key file
app/Services/Sftp/SftpUserManager.php
createSftpUser(Site, username, password, description?, allowedIps?)— Ensures system user exists, configures SFTP access (authorized_keys / Match block), createsFtpUserrecord.deleteSftpUser(FtpUser)— Removes SSH config for user, optionally deletes system user (if not the site's mainos_user), deletes FtpUser.resetPassword(FtpUser, newPassword)— Updates password in SSH config and model.
SSH configuration
Snippets are written to wphoster.paths.sshd_config_snippets (e.g. /etc/ssh/sshd_config.d/). Each SFTP user gets a Match block that:
- Matches the username (and optionally IP)
- Sets
ChrootDirectoryto the site root - Forces
ForceCommand internal-sftp(SFTP only, no shell)
Ensure sshd_config includes: Include /etc/ssh/sshd_config.d/*.conf. Reload SSH daemon after adding/removing users.
Model
app/Models/FtpUser.php — Belongs to Site; fields include username, password (stored for SSH config updates), description, allowed_ips (JSON), is_active.
Config
| Key | Purpose |
|---|---|
wphoster.paths.sshd_config_snippets | Directory for SSH Match block snippets (e.g. /etc/ssh/sshd_config.d) |
Prerequisites
Panel needs permission to create users and write to the SSH config directory. See README sudoers section for useradd, userdel, chown, chmod, and editing files under sshd_config.d. After changes, run sudo systemctl reload sshd (or equivalent).