from small one page howto to huge articles all in one place
poll results
Last additions:
May 25th. 2007:
April, 26th. 2006:
|
You are here: manpages
SFTP-SERVER
Section: Maintenance Commands (8) Index
Return to Main Contents
BSD mandoc
NAME
sftp-server
- SFTP server subsystem
SYNOPSIS
sftp-server
-words
[- ehR
]
[- d start_directory
]
[- f log_facility
]
[- l log_level
]
[- P blacklisted_requests
]
[- p whitelisted_requests
]
[- u umask
]
sftp-server
- Q protocol_feature
DESCRIPTION
sftp-server
is a program that speaks the server side of SFTP protocol
to stdout and expects client requests from stdin.
sftp-server
is not intended to be called directly, but from
sshd(8)
using the
Subsystem
option.
Command-line flags to
sftp-server
should be specified in the
Subsystem
declaration.
See
sshd_config5
for more information.
Valid options are:
- -d start_directory
-
specifies an alternate starting directory for users.
The pathname may contain the following tokens that are expanded at runtime:
%% is replaced by a literal '%',
%d is replaced by the home directory of the user being authenticated,
and %u is replaced by the username of that user.
The default is to use the user's home directory.
This option is useful in conjunction with the
sshd_config5
ChrootDirectory
option.
- -e
-
Causes
sftp-server
to print logging information to stderr instead of syslog for debugging.
- -f log_facility
-
Specifies the facility code that is used when logging messages from
.
The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2,
LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
The default is AUTH.
- -h
-
Displays
sftp-server
usage information.
- -l log_level
-
Specifies which messages will be logged by
.
The possible values are:
QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3.
INFO and VERBOSE log transactions that
sftp-server
performs on behalf of the client.
DEBUG and DEBUG1 are equivalent.
DEBUG2 and DEBUG3 each specify higher levels of debugging output.
The default is ERROR.
- -P blacklisted_requests
-
Specify a comma-separated list of SFTP protocol requests that are banned by
the server.
sftp-server
will reply to any blacklisted request with a failure.
The
-Q
flag can be used to determine the supported request types.
If both a blacklist and a whitelist are specified, then the blacklist is
applied before the whitelist.
- -p whitelisted_requests
-
Specify a comma-separated list of SFTP protocol requests that are permitted
by the server.
All request types that are not on the whitelist will be logged and replied
to with a failure message.
Care must be taken when using this feature to ensure that requests made
implicitly by SFTP clients are permitted.
- -Q protocol_feature
-
Query protocol features supported by
.
At present the only feature that may be queried is
``requests''
which may be used for black or whitelisting (flags
-P
and
-p
respectively).
- -R
-
Places this instance of
sftp-server
into a read-only mode.
Attempts to open files for writing, as well as other operations that change
the state of the filesystem, will be denied.
- -u umask
-
Sets an explicit
umask(2)
to be applied to newly-created files and directories, instead of the
user's default mask.
On some systems,
sftp-server
must be able to access
/dev/log
for logging to work, and use of
sftp-server
in a chroot configuration therefore requires that
syslogd(8)
establish a logging socket inside the chroot directory.
SEE ALSO
sftp(1),
ssh(1),
sshd_config5,
sshd(8)
-
T. Ylonen
S. Lehtinen
"SSH File Transfer Protocol"
draft-ietf-secsh-filexfer-02.txt
October 2001
work in progress material
HISTORY
sftp-server
first appeared in
Ox 2.8 .
AUTHORS
An Markus Friedl Aq Mt markus@openbsd.org
Index
- NAME
-
- SYNOPSIS
-
- DESCRIPTION
-
- SEE ALSO
-
- HISTORY
-
- AUTHORS
-
|