users

Global user and password policies. These settings control how passwords are hashed and stored, and which characters are allowed in usernames. For managing individual user accounts, see User Management.

users:
  passwordHashAlgorithm: { type: argon2id }
  passwordHashAutoUpdate: true
  usernamePattern: '^[a-zA-Z0-9_\@\-\.]{1,128}$'

users.passwordHashAlgorithm

object | "SHA256" | "SHA384" | "SHA512" = { type: SHA512, saltLength: 20 }

# Since 2.19.0 (object form):
users:
  passwordHashAlgorithm: { type: argon2id }

# Before 2.19.0 (string form):
users:
  passwordHashAlgorithm: SHA512
  passwordSaltSize: 20

Algorithm used to hash stored passwords. Accepts either a string or an object (since v2.19.0). The object form supports both simple hash algorithms and Argon2.

When not specified, SHA512 with 20-byte salt is used.

users.passwordHashAlgorithm.type

Hash algorithm. SHA-2 variants (SHA256, SHA384, SHA512) and Argon2 variants (argon2id, argon2i, argon2d) are supported. Argon2 is significantly more resistant to brute-force attacks and is recommended for new deployments, at the cost of higher memory and CPU usage per login.

Use saltLength inside passwordHashAlgorithm instead.

Salt size in bytes used by simple hash algorithms. Allowed range is 8–256.

users.usernamePattern

string = "^[a-zA-Z0-9_\@\-\.]{1,128}$"

Regular expression that validates usernames. The default allows alphanumeric characters, underscores, hyphens, @, and dots, up to 128 characters.

Buru SFTP
Server documentation

users

users.passwordHashAlgorithm

users.passwordHashAlgorithm.type

users.passwordHashAlgorithm.saltLength

Argon2-specific parameters

users.passwordHashAlgorithm.p

users.passwordHashAlgorithm.t

users.passwordHashAlgorithm.m

users.passwordHashAlgorithm.tagLength

users.passwordHashAutoUpdate

users.passwordSaltSize

users.usernamePattern

On this page