Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
SFTP-SERVER(8)		    System Manager's Manual		SFTP-SERVER(8)

       sftp-server - OpenSSH SFTP server subsystem

       sftp-server   [-ehR]   [-d   start_directory]   [-f  log_facility]  [-l
       log_level] [-P denied_requests] [-p allowed_requests] [-u umask]
       sftp-server -Q protocol_feature

       sftp-server is a	program	that speaks the	server side of	SFTP  protocol
       to  stdout  and expects client requests from stdin.  sftp-server	is not
       intended	to be called directly, but from	sshd(8)	 using	the  Subsystem

       Command-line  flags to sftp-server should be specified in the Subsystem
       declaration.  See sshd_config(5)	for more information.

       Valid options are:

       -d start_directory
	      Specifies	an alternate starting directory	for users.  The	 path-
	      name  may	contain	the following tokens that are expanded at run-
	      time: %% is replaced by a	literal	'%', %d	 is  replaced  by  the
	      home  directory  of  the user being authenticated, and %u	is re-
	      placed by	the username of	that user.  The	default	is to use  the
	      user's  home  directory.	 This  option is useful	in conjunction
	      with the sshd_config(5) ChrootDirectory option.

       -e     Causes sftp-server to print logging information  to  stderr  in-
	      stead of syslog for debugging.

       -f log_facility
	      Specifies	 the  facility code that is used when logging messages
	      from .  The possible values are: DAEMON, USER, AUTH, LOCAL0, LO-
	      CAL1,  LOCAL2,  LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.  The de-
	      fault is AUTH.

       -h     Displays sftp-server usage information.

       -l log_level
	      Specifies	which messages will be logged by .  The	possible  val-
	      BUG2, and	DEBUG3.	 INFO and VERBOSE log transactions that	 sftp-
	      server  performs	on behalf of the client.  DEBUG	and DEBUG1 are
	      equivalent.  DEBUG2 and DEBUG3 each specify higher levels	of de-
	      bugging output.  The default is ERROR.

       -P denied_requests
	      Specifies	 a comma-separated list	of SFTP	protocol requests that
	      are banned by the	server.	 sftp-server will reply	to any	denied
	      request  with  a	failure.  The -Q flag can be used to determine
	      the supported request types.  If both denied and	allowed	 lists
	      are  specified,  then  the denied	list is	applied	before the al-
	      lowed list.

       -p allowed_requests
	      Specifies	a comma-separated list of SFTP protocol	requests  that
	      are  permitted by	the server.  All request types that are	not on
	      the allowed list will be logged and replied to  with  a  failure

	      Care  must  be  taken when using this feature to ensure that re-
	      quests made implicitly by	SFTP clients are permitted.

       -Q protocol_feature
	      Queries protocol features	supported by .	At  present  the  only
	      feature  that  may be queried is ``requests'', which may be used
	      to deny or allow specific	requests  (flags  -P  and  -p  respec-

       -R     Places  this instance of sftp-server into	a read-only mode.  At-
	      tempts to	open files for writing,	as well	 as  other  operations
	      that change the state of the filesystem, will be denied.

       -u umask
	      Sets  an	explicit umask(2) to be	applied	to newly-created files
	      and directories, instead of the user's default mask.

       On some systems,	sftp-server must be able to access /dev/log  for  log-
       ging  to	 work, and use of sftp-server in a chroot configuration	there-
       fore requires that syslogd(8) establish a logging socket	inside the ch-
       root directory.

       sftp(1),	ssh(1),	sshd_config(5),	sshd(8)

       S.  Lehtinen  and  T.  Ylonen,  SSH File	Transfer Protocol, draft-ietf-
       secsh-filexfer-02.txt, October 2001, work in progress material.

       sftp-server first appeared in OpenBSD 2.8 .

       Markus Friedl <Mt>

				 July 27 2021			SFTP-SERVER(8)


Want to link to this manual page? Use this URL:

home | help