SSH shell

This article describes server behavior when the client connects to the server using an SSH client (using e.g. PuTTY) and related configuration options.

SSH shell modes

The server supports three modes of behavior for SSH shells.

These can be configured in the configuration file, using web administration or (per user) using burusftp user update command.

none

No shell (except for minimal shell when SCP is enabled) will be available. File system access will be restricted to user’s path mapping. This is the default option.

terminal

Shell process (e.g. cmd.exe, PowerShell) will be spawned.

legacy

Same as none, with SSH aliases support. This corresponds to sshShell.enabled: true in earlier versions.

SSH terminal mode

Since version 2.5 clients may use SSH to connect to their favourite shell (cmd.exe, PowerShell, bash, etc.), with similar experience as when connecting to a Linux machine. The shell executable and home directory can be configured globally with the possibility of per-user override.

The shell process runs under the service’s user account, unless the user has Windows impersonation enabled (in which case uses the associated Windows account).

The server needs to run using a privileged account (e.g. SYSTEM) in order to spawn impersonated processes.

Terminal mode relies on Windows’ ConPTY API, which is available only on new platforms: Windows 10 version 1809 and newer, Windows Server 2019 and newer. Impersonation is available in Pro edition only.

SSH exec

Clients may ask to execute a command directly, using SSH ’exec’ command (overriding the default shell), which is useful for executing commands which do not require a shell session.

Putty example configuration: