Annotation of src/usr.bin/ssh/sftp-server.8, Revision 1.31
1.31 ! jmc 1: .\" $OpenBSD: sftp-server.8,v 1.30 2020/06/22 06:36:40 jmc Exp $
1.2 deraadt 2: .\"
1.5 deraadt 3: .\" Copyright (c) 2000 Markus Friedl. All rights reserved.
1.2 deraadt 4: .\"
5: .\" Redistribution and use in source and binary forms, with or without
6: .\" modification, are permitted provided that the following conditions
7: .\" are met:
8: .\" 1. Redistributions of source code must retain the above copyright
9: .\" notice, this list of conditions and the following disclaimer.
10: .\" 2. Redistributions in binary form must reproduce the above copyright
11: .\" notice, this list of conditions and the following disclaimer in the
12: .\" documentation and/or other materials provided with the distribution.
13: .\"
14: .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15: .\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16: .\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17: .\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
18: .\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19: .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20: .\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21: .\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22: .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23: .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24: .\"
1.30 jmc 25: .Dd $Mdocdate: June 22 2020 $
1.1 markus 26: .Dt SFTP-SERVER 8
27: .Os
28: .Sh NAME
29: .Nm sftp-server
1.28 jmc 30: .Nd OpenSSH SFTP server subsystem
1.1 markus 31: .Sh SYNOPSIS
32: .Nm sftp-server
1.24 djm 33: .Bk -words
1.18 djm 34: .Op Fl ehR
1.20 djm 35: .Op Fl d Ar start_directory
1.11 djm 36: .Op Fl f Ar log_facility
37: .Op Fl l Ar log_level
1.29 djm 38: .Op Fl P Ar denied_requests
39: .Op Fl p Ar allowed_requests
1.16 djm 40: .Op Fl u Ar umask
1.24 djm 41: .Ek
42: .Nm
43: .Fl Q Ar protocol_feature
1.1 markus 44: .Sh DESCRIPTION
45: .Nm
46: is a program that speaks the server side of SFTP protocol
47: to stdout and expects client requests from stdin.
48: .Nm
49: is not intended to be called directly, but from
1.3 aaron 50: .Xr sshd 8
1.1 markus 51: using the
52: .Cm Subsystem
53: option.
1.11 djm 54: .Pp
55: Command-line flags to
56: .Nm
57: should be specified in the
58: .Cm Subsystem
59: declaration.
1.1 markus 60: See
1.10 jmc 61: .Xr sshd_config 5
1.1 markus 62: for more information.
1.11 djm 63: .Pp
64: Valid options are:
65: .Bl -tag -width Ds
1.21 jmc 66: .It Fl d Ar start_directory
1.31 ! jmc 67: Specifies an alternate starting directory for users.
1.20 djm 68: The pathname may contain the following tokens that are expanded at runtime:
69: %% is replaced by a literal '%',
1.27 djm 70: %d is replaced by the home directory of the user being authenticated,
1.20 djm 71: and %u is replaced by the username of that user.
72: The default is to use the user's home directory.
73: This option is useful in conjunction with the
74: .Xr sshd_config 5
75: .Cm ChrootDirectory
76: option.
1.17 djm 77: .It Fl e
78: Causes
79: .Nm
80: to print logging information to stderr instead of syslog for debugging.
1.11 djm 81: .It Fl f Ar log_facility
82: Specifies the facility code that is used when logging messages from
83: .Nm .
84: The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2,
85: LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
86: The default is AUTH.
1.17 djm 87: .It Fl h
88: Displays
89: .Nm
90: usage information.
1.11 djm 91: .It Fl l Ar log_level
92: Specifies which messages will be logged by
93: .Nm .
94: The possible values are:
95: QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3.
96: INFO and VERBOSE log transactions that
97: .Nm
98: performs on behalf of the client.
99: DEBUG and DEBUG1 are equivalent.
100: DEBUG2 and DEBUG3 each specify higher levels of debugging output.
101: The default is ERROR.
1.29 djm 102: .It Fl P Ar denied_requests
1.31 ! jmc 103: Specifies a comma-separated list of SFTP protocol requests that are banned by
1.24 djm 104: the server.
105: .Nm
1.29 djm 106: will reply to any denied request with a failure.
1.24 djm 107: The
108: .Fl Q
1.25 jmc 109: flag can be used to determine the supported request types.
1.29 djm 110: If both denied and allowed lists are specified, then the denied list is
111: applied before the allowed list.
112: .It Fl p Ar allowed_requests
1.31 ! jmc 113: Specifies a comma-separated list of SFTP protocol requests that are permitted
1.24 djm 114: by the server.
1.30 jmc 115: All request types that are not on the allowed list will be logged and replied
1.24 djm 116: to with a failure message.
117: .Pp
118: Care must be taken when using this feature to ensure that requests made
1.25 jmc 119: implicitly by SFTP clients are permitted.
1.24 djm 120: .It Fl Q Ar protocol_feature
1.31 ! jmc 121: Queries protocol features supported by
1.24 djm 122: .Nm .
123: At present the only feature that may be queried is
124: .Dq requests ,
1.29 djm 125: which may be used to deny or allow specific requests (flags
1.25 jmc 126: .Fl P
127: and
1.24 djm 128: .Fl p
1.25 jmc 129: respectively).
1.18 djm 130: .It Fl R
131: Places this instance of
132: .Nm
133: into a read-only mode.
134: Attempts to open files for writing, as well as other operations that change
1.19 jmc 135: the state of the filesystem, will be denied.
1.16 djm 136: .It Fl u Ar umask
137: Sets an explicit
138: .Xr umask 2
139: to be applied to newly-created files and directories, instead of the
140: user's default mask.
1.11 djm 141: .El
1.13 djm 142: .Pp
1.26 schwarze 143: On some systems,
1.13 djm 144: .Nm
145: must be able to access
1.26 schwarze 146: .Pa /dev/log
147: for logging to work, and use of
1.13 djm 148: .Nm
1.15 sobrado 149: in a chroot configuration therefore requires that
1.13 djm 150: .Xr syslogd 8
151: establish a logging socket inside the chroot directory.
1.3 aaron 152: .Sh SEE ALSO
1.6 markus 153: .Xr sftp 1 ,
1.3 aaron 154: .Xr ssh 1 ,
1.10 jmc 155: .Xr sshd_config 5 ,
1.3 aaron 156: .Xr sshd 8
1.6 markus 157: .Rs
1.8 deraadt 158: .%A T. Ylonen
159: .%A S. Lehtinen
1.6 markus 160: .%T "SSH File Transfer Protocol"
1.22 dtucker 161: .%N draft-ietf-secsh-filexfer-02.txt
162: .%D October 2001
1.6 markus 163: .%O work in progress material
164: .Re
1.1 markus 165: .Sh HISTORY
166: .Nm
167: first appeared in
168: .Ox 2.8 .
1.9 jmc 169: .Sh AUTHORS
1.23 schwarze 170: .An Markus Friedl Aq Mt markus@openbsd.org
![[BACK]](/icons/back.gif){kind=icon}
Return to sftp-server.8 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh