burusftp user add
NAME
burusftp user add <username>
- Add user to the user database.
OPTIONS
--impersonate (on | off)
- Enables or disables file system impersonation (using SFTP or SCP) when
--win-account
is set. This feature is available in Pro edition only. See User authentication for more details.
- Enables or disables file system impersonation (using SFTP or SCP) when
--keys <public_key_file1 | key1> <public_key_file2 | key2> <...>
- User public key files or keys. Can be used for authentication instead of password. Also sets
key-auth
to required.
- User public key files or keys. Can be used for authentication instead of password. Also sets
--key-auth (enabled | disabled | required)
- Enables, disables or makes public key authentication mandatory. Combine with
--password-auth
to enforce two-factor authentication.
- Enables, disables or makes public key authentication mandatory. Combine with
-p
- Securely prompts for password, sets
password-auth
to required andpassword-auth-mode
tolocal
.
- Securely prompts for password, sets
--password <password>
- Sets password, sets
password-auth
to required andpassword-auth-mode
tolocal
.
- Sets password, sets
--password-auth (enabled | disabled | required)
- Enables, disables or makes password authentication mandatory. Combine with
--key-auth
to enforce two-factor authentication. This value defaults torequired
when--impersonate on
is set.
- Enables, disables or makes password authentication mandatory. Combine with
--password-auth-mode (local | windowsNetwork | windowsInteractive)
- Specifies how password is verified - either using local storage (in conjuction with
--password
or-p
) or using Windows authentication (--win-account
also must be set). The two Windows options specify whetherLOGON32_LOGON_NETWORK_CLEARTEXT
orLOGON32_LOGON_INTERACTIVE
method shall be used. Default islocal
when password is set andwindowsNetwork
when Windows account is set. Windows authentication options are available in Pro edition only.
- Specifies how password is verified - either using local storage (in conjuction with
--password-hash (salt-first|password-first),<password hash hex>,<salt hex>
- Specifies password hash and salt and password-salt order, sets
password-auth
to required andpassword-auth-mode
tolocal
. Currently supported are SHA1, SHA2 and MD5 hashes. - Example:
--password-hash salt-first,0x1055d3e698d289f2af8663725127bd4b,0xa0392fed
- MD5 hash (0x1055...
), 4-byte salt (0xa0e392fed
), hash computed as MD5(salt+password) (salt-first
)
- Specifies password hash and salt and password-salt order, sets
--read-only
- Read-only access
--root-dir
- Root directory to be used for the user. Use path command to specify more virtual path mappings.
--shell-type (none | terminal | legacy)
- Shell behavior.
none
- Only minimal shell will be presented (when SCP is enabled). File system traversal is restricted to virtual path settings.legacy
- Same asnone
, with support for SSH aliasesterminal
- Real shell will be presented (cmd.exe
by default). File system traversal is only restricted by Windows access permissions. Virtual path settings are ignored.
--shell-path <path>
- Path to shell executable. Only applicable for
terminal
shell type. Default:%WINDIR%\System32\cmd.exe
- Path to shell executable. Only applicable for
--shell-home <path>
- Home directory. Only applicable for
terminal
shell type. Default:%WINDIR%\..
- Home directory. Only applicable for
--web-admin (enable | disable)
- Allows user to access web administration tool (if installed)
--win-account <windows account name>
- Windows account associated with the user used for Windows authentication. Also sets
password-auth
torequired
,password-auth-mode
towindowsNetwork
,impersonation
toon
. This feature is available in Pro edition only.
- Windows account associated with the user used for Windows authentication. Also sets
EXAMPLES
# Add user 'guybrush' with home directory at 'C:\Users\guybrush' and password 'elaine'.
# Guybrush will use password authentication and will have access to web administration.
burusftp user add guybrush --root-dir "C:\Users\guybrush" --password "elaine" --web-admin enable
# Add user 'lechuck' with public key stored in 'C:\Users\lechuck\rsa.pub'.
# LeChuck will use public key authentication
burusftp user add lechuck --root-dir "C:\Users\lechuck" --keys "C:\Users\lechuck\rsa.pub"
# Add user 'lechuck' and with Ed25519 public key.
# LeChuck will use public key authentication.
burusftp user add lechuck --keys "ssh-ed25519 AAAAC3...wondiGXo6J"
# Add user 'elaine' using Windows account `MI\elaine` for password validation.
# This feature is available in Pro edition only.
burusftp user add elaine --root-dir "C:\Users\elaine" --win-account "MI\elaine"