sftp with anonymous user

How I can set a anonymous sftp user ?

I generate the ssh keys pair, set /usr/lib/sftp-server as shell in /etc/password and share the private key (id_rsa) and with this command the users get access

 sftp -oIdentityFile=id_rsa public_sftp@host

is a good idea ?


You can't.

sftp logs you in via ssh - there has to be an account that you log into.
You can share the account (create multiple keypairs, or just pass out the private key to everyone who needs access), but there is no equivalent of plain-old-FTP's "anonymous" user and no password.

You could use FTPS (Plain old FTP, wrapped in SSL) to do this though.


SFTP does not have the same anonymous access method as FTP, but it is possible to enable anonymous access without authentication.

The SFTP protocol works over the SSH2 transport layer, and authentication is also done using SSH2 protocol. SSH Tectia Server can be configured to allow a named user, for instance "anonymous", to log in without any authentication. It is also possible to restrict the login to a certain range of IP addresses, or to a certain interface on the server (see server admin manual for details).

It is possible to restrict the access for this user by chrooting the sftp session and denying terminal, command, and tunneling access. The user's ability to download and upload files depends on the operating system level permissions on files and directories. If upload is permitted, it is recommended to have the directories with write access on a separate file system, so that it is not possible for the anonymous user to harm the system by filling up file systems that are used by the system or by other users.