sftp-server.0 - platform/external/openssh - Git at Google

 SFTP-SERVER(8)              System Manager's Manual             SFTP-SERVER(8)

 NAME
      sftp-server M-bM-^@M-^S SFTP server subsystem

 SYNOPSIS
      sftp-server [-ehR] [-d start_directory] [-f log_facility] [-l log_level]
                  [-P blacklisted_requests] [-p whitelisted_requests]
                  [-u umask]
      sftp-server -Q protocol_feature

 DESCRIPTION
      sftp-server is a program that speaks the server side of SFTP protocol to
      stdout and expects client requests from stdin.  sftp-server is not
      intended to be called directly, but from sshd(8) using the Subsystem
      option.

      Command-line flags to sftp-server should be specified in the Subsystem
      declaration.  See sshd_config(5) for more information.

      Valid options are:

      -d start_directory
              specifies an alternate starting directory for users.  The
              pathname may contain the following tokens that are expanded at
              runtime: %% is replaced by a literal '%', %d is replaced by the
              home directory of the user being authenticated, and %u is
              replaced by the username of that user.  The default is to use the
              user's home directory.  This option is useful in conjunction with
              the sshd_config(5) ChrootDirectory option.

      -e      Causes sftp-server to print logging information to stderr instead
              of syslog for debugging.

      -f log_facility
              Specifies the facility code that is used when logging messages
              from sftp-server.  The possible values are: DAEMON, USER, AUTH,
              LOCAL0, LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
              The default is AUTH.

      -h      Displays sftp-server usage information.

      -l log_level
              Specifies which messages will be logged by sftp-server.  The
              possible values are: QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG,
              DEBUG1, DEBUG2, and DEBUG3.  INFO and VERBOSE log transactions
              that sftp-server performs on behalf of the client.  DEBUG and
              DEBUG1 are equivalent.  DEBUG2 and DEBUG3 each specify higher
              levels of debugging output.  The default is ERROR.

      -P blacklisted_requests
              Specify a comma-separated list of SFTP protocol requests that are
              banned by the server.  sftp-server will reply to any blacklisted
              request with a failure.  The -Q flag can be used to determine the
              supported request types.  If both a blacklist and a whitelist are
              specified, then the blacklist is applied before the whitelist.

      -p whitelisted_requests
              Specify a comma-separated list of SFTP protocol requests that are
              permitted by the server.  All request types that are not on the
              whitelist will be logged and replied to with a failure message.

              Care must be taken when using this feature to ensure that
              requests made implicitly by SFTP clients are permitted.

      -Q protocol_feature
              Query protocol features supported by sftp-server.  At present the
              only feature that may be queried is M-bM-^@M-^\requestsM-bM-^@M-^], which may be used
              for black or whitelisting (flags -P and -p respectively).

      -R      Places this instance of sftp-server into a read-only mode.
              Attempts to open files for writing, as well as other operations
              that change the state of the filesystem, will be denied.

      -u umask
              Sets an explicit umask(2) to be applied to newly-created files
              and directories, instead of the user's default mask.

      On some systems, sftp-server must be able to access /dev/log for logging
      to work, and use of sftp-server in a chroot configuration therefore
      requires that syslogd(8) establish a logging socket inside the chroot
      directory.

 SEE ALSO
      sftp(1), ssh(1), sshd_config(5), sshd(8)

      T. Ylonen and S. Lehtinen, SSH File Transfer Protocol, draft-ietf-secsh-
      filexfer-02.txt, October 2001, work in progress material.

 HISTORY
      sftp-server first appeared in OpenBSD 2.8.

 AUTHORS
      Markus Friedl <markus@openbsd.org>

 OpenBSD 5.7                    December 11, 2014                   OpenBSD 5.7
	SFTP-SERVER(8) System Manager's Manual SFTP-SERVER(8)

	NAME
	sftp-server M-bM-^@M-^S SFTP server subsystem

	SYNOPSIS
	sftp-server [-ehR] [-d start_directory] [-f log_facility] [-l log_level]
	[-P blacklisted_requests] [-p whitelisted_requests]
	[-u umask]
	sftp-server -Q protocol_feature

	DESCRIPTION
	sftp-server is a program that speaks the server side of SFTP protocol to
	stdout and expects client requests from stdin. sftp-server is not
	intended to be called directly, but from sshd(8) using the Subsystem
	option.

	Command-line flags to sftp-server should be specified in the Subsystem
	declaration. See sshd_config(5) for more information.

	Valid options are:

	-d start_directory
	specifies an alternate starting directory for users. The
	pathname may contain the following tokens that are expanded at
	runtime: %% is replaced by a literal '%', %d is replaced by the
	home directory of the user being authenticated, and %u is
	replaced by the username of that user. The default is to use the
	user's home directory. This option is useful in conjunction with
	the sshd_config(5) ChrootDirectory option.

	-e Causes sftp-server to print logging information to stderr instead
	of syslog for debugging.

	-f log_facility
	Specifies the facility code that is used when logging messages
	from sftp-server. The possible values are: DAEMON, USER, AUTH,
	LOCAL0, LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
	The default is AUTH.

	-h Displays sftp-server usage information.

	-l log_level
	Specifies which messages will be logged by sftp-server. The
	possible values are: QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG,
	DEBUG1, DEBUG2, and DEBUG3. INFO and VERBOSE log transactions
	that sftp-server performs on behalf of the client. DEBUG and
	DEBUG1 are equivalent. DEBUG2 and DEBUG3 each specify higher
	levels of debugging output. The default is ERROR.

	-P blacklisted_requests
	Specify a comma-separated list of SFTP protocol requests that are
	banned by the server. sftp-server will reply to any blacklisted
	request with a failure. The -Q flag can be used to determine the
	supported request types. If both a blacklist and a whitelist are
	specified, then the blacklist is applied before the whitelist.

	-p whitelisted_requests
	Specify a comma-separated list of SFTP protocol requests that are
	permitted by the server. All request types that are not on the
	whitelist will be logged and replied to with a failure message.

	Care must be taken when using this feature to ensure that
	requests made implicitly by SFTP clients are permitted.

	-Q protocol_feature
	Query protocol features supported by sftp-server. At present the
	only feature that may be queried is M-bM-^@M-^\requestsM-bM-^@M-^], which may be used
	for black or whitelisting (flags -P and -p respectively).

	-R Places this instance of sftp-server into a read-only mode.
	Attempts to open files for writing, as well as other operations
	that change the state of the filesystem, will be denied.

	-u umask
	Sets an explicit umask(2) to be applied to newly-created files
	and directories, instead of the user's default mask.

	On some systems, sftp-server must be able to access /dev/log for logging
	to work, and use of sftp-server in a chroot configuration therefore
	requires that syslogd(8) establish a logging socket inside the chroot
	directory.

	SEE ALSO
	sftp(1), ssh(1), sshd_config(5), sshd(8)

	T. Ylonen and S. Lehtinen, SSH File Transfer Protocol, draft-ietf-secsh-
	filexfer-02.txt, October 2001, work in progress material.

	HISTORY
	sftp-server first appeared in OpenBSD 2.8.

	AUTHORS
	Markus Friedl <markus@openbsd.org>

	OpenBSD 5.7 December 11, 2014 OpenBSD 5.7