diff --git a/map.jinja b/map.jinja
index b7c11de..a8152a0 100644
--- a/map.jinja
+++ b/map.jinja
@@ -1,87 +1,102 @@
 {% set dirs = salt['grains.filter_by']({
     'Debian': {
         'etc': '/etc',
         'bin': '/usr/bin',
         'include': '/usr/include',
         'lib': '/usr/lib',
         'man': '/usr/share/man',
         'sbin': '/usr/sbin',
     },
     'FreeBSD' : {
         'etc': '/usr/local/etc',
         'bin': '/usr/local/bin',
         'include': '/usr/local/include',
         'lib': '/usr/local/lib',
         'man': '/usr/local/man',
         'sbin': '/usr/local/sbin',
     },
 }, default='Debian') %}
 
 {% set services = salt['grains.filter_by']({
     'Debian': {
         'manager': 'systemd',
     },
     'FreeBSD' : {
         'manager': 'rc',
     },
 }, default='Debian') %}
 
 {% set shells = salt['grains.filter_by']({
     'Debian': {
         'bash': '/bin/bash',
         'fish': '/usr/bin/fish',
         'tcsh': '/usr/bin/tcsh',
     },
     'FreeBSD' : {
         'bash': '/usr/local/bin/bash',
         'fish': '/usr/local/bin/fish',
         'tcsh': '/bin/tcsh',
     },
 }, default='Debian') %}
 
+{% set paths = salt['grains.filter_by']({
+    'FreeBSD': {
+        'sftp': '/usr/libexec/sftp-server',
+    },
+    'Debian': {
+        'sftp': '/usr/lib/openssh/sftp-server',
+    },
+    'RedHat': {
+        'sftp': '/usr/libexec/openssh/sftp-server',
+    },
+    'Arch': {
+        'sftp': '/usr/lib/ssh/sftp-server',
+    },
+}, default='FreeBSD') %}
+
 {% set packages = salt['grains.filter_by']({
     'Debian' : {
         'ag': 'silversearcher-ag',
         'aspell-fr': 'aspell-fr',
         'certbot': 'certbot',
         'cppunit': 'libcppunit-dev',
         'emacs': 'emacs-nox',
         'mariadb': 'mariadb-server',
         'sphinx': 'python3-sphinx',
         'tcltls': 'tcl-tls',
         'varnish': 'varnish',
     },
     'RedHat': {
         'ag': 'the_silver_searcher',
         'aspell-fr': 'aspell-fr',
         'certbot': 'python2-certbot',
         'cppunit': 'cppunit-devel',
         'emacs': 'emacs-nox',
         'mariadb': 'mariadb-server',
         'sphinx': 'python3-sphinx',
         'tcltls': 'tcltls',
         'varnish': 'varnish',
     },
     'Arch': {
         'ag': 'the_silver_searcher',
         'aspell-fr': 'aspell-fr',
         'certbot': 'certbot',
         'cppunit': 'cppunit',
         'emacs': 'emacs-nox',
         'mariadb': 'mariadb',
         'sphinx': 'python-sphinx',
         'tcltls': 'tcltls',
         'varnish': 'varnish',
     },
     'FreeBSD' : {
         'ag': 'the_silver_searcher',
         'aspell-fr': 'fr-aspell',
         'certbot': 'py27-certbot',
         'cppunit': 'cppunit',
         'emacs': 'emacs-nox11',
         'mariadb': 'mariadb101-server',
         'sphinx': 'py27-sphinx',
         'tcltls': 'tcltls',
         'varnish': 'varnish5',
     },
 }, default='Debian') %}
diff --git a/roles/core/sshd/files/sshd_config b/roles/core/sshd/files/sshd_config
index 4cd29fa..d4e5dc3 100644
--- a/roles/core/sshd/files/sshd_config
+++ b/roles/core/sshd/files/sshd_config
@@ -1,32 +1,32 @@
 #   -------------------------------------------------------------
 #   OpenSSH configuration
 #   - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 #   Project:        Nasqueron
 #   Created:        2017-02-28
 #   License:        Trivial work, not eligible to copyright
 #   Source file:    roles/core/sshd/files/sshd_config
 #   -------------------------------------------------------------
 #
 #   <auto-generated>
 #       This file is managed by our rOPS SaltStack repository.
 #
 #       Changes to this file may cause incorrect behavior
 #       and will be lost if the state is redeployed.
 #   </auto-generated>
 
 # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
 # but this is overridden so installations will only check .ssh/authorized_keys
 AuthorizedKeysFile	.ssh/authorized_keys
 
 # Nasqueron servers authentication should only occur through SSH keys
 # but PAM can offer extra capabilities if needed like OTP.
 PasswordAuthentication no
 ChallengeResponseAuthentication no
 UsePAM yes
 
 # Misc options
 PrintMotd no
 AcceptEnv LANG LC_*
 
 # SFTP
-Subsystem	sftp	/usr/lib/openssh/sftp-server
+Subsystem	sftp	{{ sftp }}
diff --git a/roles/core/sshd/init.sls b/roles/core/sshd/init.sls
index b484679..b8cc88b 100644
--- a/roles/core/sshd/init.sls
+++ b/roles/core/sshd/init.sls
@@ -1,30 +1,35 @@
 #   -------------------------------------------------------------
 #   Salt — OpenSSH configuration
 #   - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 #   Project:        Nasqueron
 #   Created:        2017-02-28
 #   License:        Trivial work, not eligible to copyright
 #   -------------------------------------------------------------
 
+{% from "map.jinja" import paths with context %}
+
 #   -------------------------------------------------------------
 #   OpenSSH
 #   -------------------------------------------------------------
 
 /etc/ssh/sshd_config:
   file.managed:
     - source: salt://roles/core/sshd/files/sshd_config
+    - template: jinja
+    - context:
+        sftp: {{ paths.sftp }}
 
 #   -------------------------------------------------------------
 #   PAM
 #   -------------------------------------------------------------
 
 # T1194 - Debian offers a nologin pam module avoiding people
 # to log in when /run/nologin exists. OS can pop this file,
 # for example at shutdown time or when systemd boot hasn't
 # finished.
 
 pam_disable_nologin:
   file.comment:
     - name: /etc/pam.d/sshd
     - regex: ^account.*pam_nologin\.so
     - backup: None