sftp-server.openssh - SFTP server subsystem
sftp-server [-ehR] [-d start_directory] [-f log_facility] [-l log_level] [-P blacklisted_requests] [-p whitelisted_requests] [-u umask] sftp-server -Q protocol_feature
SFTP-SERVER(8) System Manager's Manual SFTP-SERVER(8) NAME sftp-server - SFTP server subsystem SYNOPSIS sftp-server [-ehR] [-d start_directory] [-f log_facility] [-l log_level] [-P blacklisted_requests] [-p whitelisted_requests] [-u umask] sftp-server -Q protocol_feature DESCRIPTION sftp-server is a program that speaks the server side of SFTP protocol to stdout and expects client requests from stdin. sftp-server is not intended to be called directly, but from sshd(1M) using the Subsystem option. Command-line flags to sftp-server should be specified in the Subsystem declaration. See sshd_config(4) for more information. Valid options are: -d start_directory specifies an alternate starting directory for users. The path- name may contain the following tokens that are expanded at run- time: %% is replaced by a literal '%', %d is replaced by the home directory of the user being authenticated, and %u is replaced by the username of that user. The default is to use the user's home directory. This option is useful in conjunction with the sshd_config(4) ChrootDirectory option. -e Causes sftp-server to print logging information to stderr instead of syslog for debugging. -f log_facility Specifies the facility code that is used when logging messages from . The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. The default is AUTH. -h Displays sftp-server usage information. -l log_level Specifies which messages will be logged by . The possible val- ues are: QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3. INFO and VERBOSE log transactions that sftp-server performs on behalf of the client. DEBUG and DEBUG1 are equivalent. DEBUG2 and DEBUG3 each specify higher levels of debugging output. The default is ERROR. -P blacklisted_requests Specify a comma-separated list of SFTP protocol requests that are banned by the server. sftp-server will reply to any black- listed request with a failure. The -Q flag can be used to determine the supported request types. If both a blacklist and a whitelist are specified, then the blacklist is applied before the whitelist. -p whitelisted_requests Specify a comma-separated list of SFTP protocol requests that are permitted by the server. All request types that are not on the whitelist will be logged and replied to with a failure mes- sage. Care must be taken when using this feature to ensure that requests made implicitly by SFTP clients are permitted. -Q protocol_feature Query protocol features supported by . At present the only fea- ture that may be queried is ``requests'', which may be used for black or whitelisting (flags -P and -p respectively). -R Places this instance of sftp-server into a read-only mode. Attempts to open files for writing, as well as other operations that change the state of the filesystem, will be denied. -u umask Sets an explicit umask(2) to be applied to newly-created files and directories, instead of the user's default mask. On some systems, sftp-server must be able to access /dev/log for log- ging to work, and use of sftp-server in a chroot configuration there- fore requires that syslogd(8) establish a logging socket inside the chroot directory. ATTRIBUTES See attributes(5) for descriptions of the following attributes: +---------------+--------------------------+ |ATTRIBUTE TYPE | ATTRIBUTE VALUE | +---------------+--------------------------+ |Availability | network/openssh | +---------------+--------------------------+ |Stability | Pass-through uncommitted | +---------------+--------------------------+ SEE ALSO sftp(1), ssh(1), sshd_config(4), sshd(1M) S. Lehtinen and T. Ylonen, SSH File Transfer Protocol, draft-ietf- secsh-filexfer-02.txt, October 2001, work in progress material. HISTORY sftp-server first appeared in OpenBSD 2.8 . AUTHORS Markus Friedl <Mt markus@openbsd.org> NOTES This software was built from source available at https://java.net/projects/solaris-userland. The original community source was downloaded from http://mirrors.sonic.net/pub/Open- BSD/OpenSSH/portable/openssh-7.4p1.tar.gz Further information about this software can be found on the open source community website at http://www.openssh.org/. December 11 2014 SFTP-SERVER(8)