How to configure SSH access
This guide shows how to configure SSH shell access — shell type, terminal executable, and home directory — through the Web Admin or config.yaml. For background on the available shell types and their implications, see SSH Access.
Enabling the terminal shell type gives SSH users an interactive shell that runs under the server's service account. They are not restricted by their virtual path mappings and can read, modify, or execute anything the service account is allowed to. Only enable it for trusted users, and run the server under a dedicated service account with limited NTFS permissions — never as SYSTEM. See Security considerations.
By default, the server uses the none shell type — a minimal shell limited to SCP transfers within the user's path mappings. The steps below show how to switch to a full interactive terminal either globally or for a single user.
Configure via the Web Admin
Change the server-wide default
- Log in to the Web Administration and navigate to the Server configuration ⇒ SSH shell section.
- Under Default SSH shell behavior, uncheck Use default and select Terminal shell. (The other options are No shell — the default minimal shell — and Legacy shell — minimal shell with SSH aliases.)
- Fill in the Terminal settings:
- Default shell executable path — e.g.,
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe. - Default shell home directory — the working directory for new sessions.
- Allow terminal process running under SYSTEM account — only tick this if you understand the security implications.
- Default shell executable path — e.g.,
- Click Save and restart to apply the changes.
Change per user
- Navigate to Users and click the user you want to modify.
- Under SSH shell settings, uncheck Use server default and select the desired shell type.
- If you selected Terminal shell, fill in Shell path and Home directory, or leave them empty to inherit the server-wide defaults.
- Click Update user.
Configure via CLI
Change the server-wide default
The server-wide defaults are defined in the sshShell section of config.yaml:
sshShell:
defaultShellType: terminal
defaultShellPath: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe'
defaultHomeDirectory: 'C:\Users\Public'
allowSystemAccount: falseEnclose Windows paths containing colons (:) or spaces in single quotes to avoid YAML parsing errors.
Restart the service
Restart the Buru SFTP service for the changes to take effect:
services.msc, find Rebex Buru SFTP Server, right-click and select Restart.burusftp svc restartnet stop RebexBuruSftp && net start RebexBuruSftpRestart-Service RebexBuruSftpChange per user
Per-user overrides are set with burusftp user add or burusftp user update:
# Give an existing user a PowerShell terminal
burusftp user update alice --shell-type terminal --shell-path "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" --shell-home "C:\Users\alice"
# Keep the server default but pin a custom home directory
burusftp user update bob --shell-home "D:\work"Omitting --shell-path or --shell-home falls back to the server-wide defaults.
See also
- SSH Access — shell types, terminal settings, and security considerations
sshShellreference — all shell configuration options- Enable SSH/SFTP — configure endpoints and host keys
- Manage Users (Web Admin), Manage Users (CLI) — full user management