sftp-server.8

.\" $OpenBSD: sftp-server.8,v 1.27 2014/12/11 04:16:14 djm Exp $
.\"
.\" Copyright (c) 2000 Markus Friedl.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in the
.\"    documentation and/or other materials provided with the distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: December 11 2014 $
.Dt SFTP-SERVER 8
.Os
.Sh NAME
.Nm sftp-server
.Nd SFTP server subsystem
.Sh SYNOPSIS
.Nm sftp-server
.Bk -words
.Op Fl ehR
.Op Fl d Ar start_directory
.Op Fl f Ar log_facility
.Op Fl l Ar log_level
.Op Fl P Ar blacklisted_requests
.Op Fl p Ar whitelisted_requests
.Op Fl u Ar umask
.Ek
.Nm
.Fl Q Ar protocol_feature
.Sh DESCRIPTION
.Nm
is a program that speaks the server side of SFTP protocol
to stdout and expects client requests from stdin.
.Nm
is not intended to be called directly, but from
.Xr sshd 8
using the
.Cm Subsystem
option.
.Pp
Command-line flags to
.Nm
should be specified in the
.Cm Subsystem
declaration.
See
.Xr sshd_config 5
for more information.
.Pp
Valid options are:
.Bl -tag -width Ds
.It Fl d Ar start_directory
specifies an alternate starting directory for users.
The pathname may contain the following tokens that are expanded at runtime:
%% is replaced by a literal '%',
%d is replaced by the home directory of the user being authenticated,
and %u is replaced by the username of that user.
The default is to use the user's home directory.
This option is useful in conjunction with the
.Xr sshd_config 5
.Cm ChrootDirectory
option.
.It Fl e
Causes
.Nm
to print logging information to stderr instead of syslog for debugging.
.It Fl f Ar log_facility
Specifies the facility code that is used when logging messages from
.Nm .
The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2,
LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
The default is AUTH.
.It Fl h
Displays
.Nm
usage information.
.It Fl l Ar log_level
Specifies which messages will be logged by
.Nm .
The possible values are:
QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3.
INFO and VERBOSE log transactions that
.Nm
performs on behalf of the client.
DEBUG and DEBUG1 are equivalent.
DEBUG2 and DEBUG3 each specify higher levels of debugging output.
The default is ERROR.
.It Fl P Ar blacklisted_requests
Specify a comma-separated list of SFTP protocol requests that are banned by
the server.
.Nm
will reply to any blacklisted request with a failure.
The
.Fl Q
flag can be used to determine the supported request types.
If both a blacklist and a whitelist are specified, then the blacklist is
applied before the whitelist.
.It Fl p Ar whitelisted_requests
Specify a comma-separated list of SFTP protocol requests that are permitted
by the server.
All request types that are not on the whitelist will be logged and replied
to with a failure message.
.Pp
Care must be taken when using this feature to ensure that requests made
implicitly by SFTP clients are permitted.
.It Fl Q Ar protocol_feature
Query protocol features supported by
.Nm .
At present the only feature that may be queried is
.Dq requests ,
which may be used for black or whitelisting (flags
.Fl P
and
.Fl p
respectively).
.It Fl R
Places this instance of
.Nm
into a read-only mode.
Attempts to open files for writing, as well as other operations that change
the state of the filesystem, will be denied.
.It Fl u Ar umask
Sets an explicit
.Xr umask 2
to be applied to newly-created files and directories, instead of the
user's default mask.
.El
.Pp
On some systems,
.Nm
must be able to access
.Pa /dev/log
for logging to work, and use of
.Nm
in a chroot configuration therefore requires that
.Xr syslogd 8
establish a logging socket inside the chroot directory.
.Sh SEE ALSO
.Xr sftp 1 ,
.Xr ssh 1 ,
.Xr sshd_config 5 ,
.Xr sshd 8
.Rs
.%A T. Ylonen
.%A S. Lehtinen
.%T "SSH File Transfer Protocol"
.%N draft-ietf-secsh-filexfer-02.txt
.%D October 2001
.%O work in progress material
.Re
.Sh HISTORY
.Nm
first appeared in
.Ox 2.8 .
.Sh AUTHORS
.An Markus Friedl Aq Mt markus@openbsd.org