Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
SFTP-SERVER(8)		    System Manager's Manual		SFTP-SERVER(8)

       sftp-server - OpenSSH SFTP server subsystem

       sftp-server   [-ehR]   [-d   start_directory]   [-f  log_facility]  [-l
       log_level] [-P denied_requests] [-p allowed_requests] [-u umask]
       sftp-server -Q protocol_feature

       sftp-server is a	program	that speaks the	server side of	SFTP  protocol
       to  stdout  and expects client requests from stdin.  sftp-server	is not
       intended	to be called directly, but from	sshd(8)	 using	the  Subsystem

       Command-line  flags to sftp-server should be specified in the Subsystem
       declaration.  See sshd_config(5)	for more information.

       Valid options are:

       -d start_directory
	      specifies	an alternate starting directory	for users.  The	 path-
	      name  may	contain	the following tokens that are expanded at run-
	      time: %% is replaced by a	literal	'%', %d	 is  replaced  by  the
	      home  directory  of  the user being authenticated, and %u	is re-
	      placed by	the username of	that user.  The	default	is to use  the
	      user's  home  directory.	 This  option is useful	in conjunction
	      with the sshd_config(5) ChrootDirectory option.

       -e     Causes sftp-server to print logging information  to  stderr  in-
	      stead of syslog for debugging.

       -f log_facility
	      Specifies	 the  facility code that is used when logging messages
	      from .  The possible values are: DAEMON, USER, AUTH, LOCAL0, LO-
	      CAL1,  LOCAL2,  LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.  The de-
	      fault is AUTH.

       -h     Displays sftp-server usage information.

       -l log_level
	      Specifies	which messages will be logged by .  The	possible  val-
	      BUG2, and	DEBUG3.	 INFO and VERBOSE log transactions that	 sftp-
	      server  performs	on behalf of the client.  DEBUG	and DEBUG1 are
	      equivalent.  DEBUG2 and DEBUG3 each specify higher levels	of de-
	      bugging output.  The default is ERROR.

       -P denied_requests
	      Specify  a  comma-separated  list	of SFTP	protocol requests that
	      are banned by the	server.	 sftp-server will reply	to any	denied
	      request  with  a	failure.  The -Q flag can be used to determine
	      the supported request types.  If both denied and	allowed	 lists
	      are  specified,  then  the denied	list is	applied	before the al-
	      lowed list.

       -p allowed_requests
	      Specify a	comma-separated	list of	SFTP  protocol	requests  that
	      are  permitted by	the server.  All request types that are	not on
	      the allowed list will be logged and replied to  with  a  failure

	      Care  must  be  taken when using this feature to ensure that re-
	      quests made implicitly by	SFTP clients are permitted.

       -Q protocol_feature
	      Query protocol features supported	by .  At present the only fea-
	      ture  that  may be queried is ``requests'', which	may be used to
	      deny or allow specific requests (flags -P	and -p respectively).

       -R     Places this instance of sftp-server into a read-only mode.   At-
	      tempts  to  open	files for writing, as well as other operations
	      that change the state of the filesystem, will be denied.

       -u umask
	      Sets an explicit umask(2)	to be applied to  newly-created	 files
	      and directories, instead of the user's default mask.

       On  some	 systems, sftp-server must be able to access /dev/log for log-
       ging to work, and use of	sftp-server in a chroot	 configuration	there-
       fore requires that syslogd(8) establish a logging socket	inside the ch-
       root directory.

       sftp(1),	ssh(1),	sshd_config(5),	sshd(8)

       S. Lehtinen and T. Ylonen,  SSH	File  Transfer	Protocol,  draft-ietf-
       secsh-filexfer-02.txt, October 2001, work in progress material.

       sftp-server first appeared in OpenBSD 2.8 .

       Markus Friedl <Mt>

				 June 22 2020			SFTP-SERVER(8)


Want to link to this manual page? Use this URL:

home | help