| .\" $OpenBSD: sftp-server.8,v 1.25 2013/10/14 14:18:56 jmc Exp $ |
| .\" |
| .\" Copyright (c) 2000 Markus Friedl. All rights reserved. |
| .\" |
| .\" Redistribution and use in source and binary forms, with or without |
| .\" modification, are permitted provided that the following conditions |
| .\" are met: |
| .\" 1. Redistributions of source code must retain the above copyright |
| .\" notice, this list of conditions and the following disclaimer. |
| .\" 2. Redistributions in binary form must reproduce the above copyright |
| .\" notice, this list of conditions and the following disclaimer in the |
| .\" documentation and/or other materials provided with the distribution. |
| .\" |
| .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR |
| .\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES |
| .\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. |
| .\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, |
| .\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
| .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
| .\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
| .\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
| .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
| .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| .\" |
| .Dd $Mdocdate: October 14 2013 $ |
| .Dt SFTP-SERVER 8 |
| .Os |
| .Sh NAME |
| .Nm sftp-server |
| .Nd SFTP server subsystem |
| .Sh SYNOPSIS |
| .Nm sftp-server |
| .Bk -words |
| .Op Fl ehR |
| .Op Fl d Ar start_directory |
| .Op Fl f Ar log_facility |
| .Op Fl l Ar log_level |
| .Op Fl P Ar blacklisted_requests |
| .Op Fl p Ar whitelisted_requests |
| .Op Fl u Ar umask |
| .Ek |
| .Nm |
| .Fl Q Ar protocol_feature |
| .Sh DESCRIPTION |
| .Nm |
| is a program that speaks the server side of SFTP protocol |
| to stdout and expects client requests from stdin. |
| .Nm |
| is not intended to be called directly, but from |
| .Xr sshd 8 |
| using the |
| .Cm Subsystem |
| option. |
| .Pp |
| Command-line flags to |
| .Nm |
| should be specified in the |
| .Cm Subsystem |
| declaration. |
| See |
| .Xr sshd_config 5 |
| for more information. |
| .Pp |
| Valid options are: |
| .Bl -tag -width Ds |
| .It Fl d Ar start_directory |
| specifies an alternate starting directory for users. |
| The pathname may contain the following tokens that are expanded at runtime: |
| %% is replaced by a literal '%', |
| %h is replaced by the home directory of the user being authenticated, |
| and %u is replaced by the username of that user. |
| The default is to use the user's home directory. |
| This option is useful in conjunction with the |
| .Xr sshd_config 5 |
| .Cm ChrootDirectory |
| option. |
| .It Fl e |
| Causes |
| .Nm |
| to print logging information to stderr instead of syslog for debugging. |
| .It Fl f Ar log_facility |
| Specifies the facility code that is used when logging messages from |
| .Nm . |
| The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2, |
| LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. |
| The default is AUTH. |
| .It Fl h |
| Displays |
| .Nm |
| usage information. |
| .It Fl l Ar log_level |
| Specifies which messages will be logged by |
| .Nm . |
| The possible values are: |
| QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3. |
| INFO and VERBOSE log transactions that |
| .Nm |
| performs on behalf of the client. |
| DEBUG and DEBUG1 are equivalent. |
| DEBUG2 and DEBUG3 each specify higher levels of debugging output. |
| The default is ERROR. |
| .It Fl P Ar blacklisted_requests |
| Specify a comma-separated list of SFTP protocol requests that are banned by |
| the server. |
| .Nm |
| will reply to any blacklisted request with a failure. |
| The |
| .Fl Q |
| flag can be used to determine the supported request types. |
| If both a blacklist and a whitelist are specified, then the blacklist is |
| applied before the whitelist. |
| .It Fl p Ar whitelisted_requests |
| Specify a comma-separated list of SFTP protocol requests that are permitted |
| by the server. |
| All request types that are not on the whitelist will be logged and replied |
| to with a failure message. |
| .Pp |
| Care must be taken when using this feature to ensure that requests made |
| implicitly by SFTP clients are permitted. |
| .It Fl Q Ar protocol_feature |
| Query protocol features supported by |
| .Nm . |
| At present the only feature that may be queried is |
| .Dq requests , |
| which may be used for black or whitelisting (flags |
| .Fl P |
| and |
| .Fl p |
| respectively). |
| .It Fl R |
| Places this instance of |
| .Nm |
| into a read-only mode. |
| Attempts to open files for writing, as well as other operations that change |
| the state of the filesystem, will be denied. |
| .It Fl u Ar umask |
| Sets an explicit |
| .Xr umask 2 |
| to be applied to newly-created files and directories, instead of the |
| user's default mask. |
| .El |
| .Pp |
| For logging to work, |
| .Nm |
| must be able to access |
| .Pa /dev/log . |
| Use of |
| .Nm |
| in a chroot configuration therefore requires that |
| .Xr syslogd 8 |
| establish a logging socket inside the chroot directory. |
| .Sh SEE ALSO |
| .Xr sftp 1 , |
| .Xr ssh 1 , |
| .Xr sshd_config 5 , |
| .Xr sshd 8 |
| .Rs |
| .%A T. Ylonen |
| .%A S. Lehtinen |
| .%T "SSH File Transfer Protocol" |
| .%N draft-ietf-secsh-filexfer-02.txt |
| .%D October 2001 |
| .%O work in progress material |
| .Re |
| .Sh HISTORY |
| .Nm |
| first appeared in |
| .Ox 2.8 . |
| .Sh AUTHORS |
| .An Markus Friedl Aq Mt markus@openbsd.org |