sftp-server (8)
Leading comments
$OpenBSD: sftp-server.8,v 1.27 2014/12/11 04:16:14 djm Exp $ Copyright (c) 2000 Markus Friedl. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions ...
NAME
sftp-server - SFTP server subsystemSYNOPSIS
sftp-server -words [-ehR ] [-d start_directory ] [-f log_facility ] [-l log_level ] [-P blacklisted_requests ] [-p whitelisted_requests ] [-u umask ]
/etc/ssh/sshd_config -Q protocol_feature
DESCRIPTION
/etc/ssh/sshd_config is a program that speaks the server side of SFTP protocol to stdout and expects client requests from stdin. /etc/ssh/sshd_config is not intended to be called directly, but from sshd(8) using the Subsystem option.Command-line flags to /etc/ssh/sshd_config should be specified in the Subsystem declaration. See sshd_config5 for more information.
Valid options are:
- -d start_directory
- specifies an alternate starting directory for users. The pathname may contain the following tokens that are expanded at runtime: %% is replaced by a literal '%', %d is replaced by the home directory of the user being authenticated, and %u is replaced by the username of that user. The default is to use the user's home directory. This option is useful in conjunction with the sshd_config5 ChrootDirectory option.
- -e
- Causes /etc/ssh/sshd_config to print logging information to stderr instead of syslog for debugging.
- -f log_facility
- Specifies the facility code that is used when logging messages from . The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. The default is AUTH.
- -h
- Displays /etc/ssh/sshd_config usage information.
- -l log_level
- Specifies which messages will be logged by . The possible values are: QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3. INFO and VERBOSE log transactions that /etc/ssh/sshd_config performs on behalf of the client. DEBUG and DEBUG1 are equivalent. DEBUG2 and DEBUG3 each specify higher levels of debugging output. The default is ERROR.
- -P blacklisted_requests
- Specify a comma-separated list of SFTP protocol requests that are banned by the server. /etc/ssh/sshd_config will reply to any blacklisted request with a failure. The -Q flag can be used to determine the supported request types. If both a blacklist and a whitelist are specified, then the blacklist is applied before the whitelist.
- -p whitelisted_requests
-
Specify a comma-separated list of SFTP protocol requests that are permitted
by the server.
All request types that are not on the whitelist will be logged and replied
to with a failure message.
Care must be taken when using this feature to ensure that requests made implicitly by SFTP clients are permitted.
- -Q protocol_feature
- Query protocol features supported by . At present the only feature that may be queried is ``requests'' which may be used for black or whitelisting (flags -P and -p respectively).
- -R
- Places this instance of /etc/ssh/sshd_config into a read-only mode. Attempts to open files for writing, as well as other operations that change the state of the filesystem, will be denied.
- -u umask
- Sets an explicit umask(2) to be applied to newly-created files and directories, instead of the user's default mask.
On some systems, /etc/ssh/sshd_config must be able to access /dev/log for logging to work, and use of /etc/ssh/sshd_config in a chroot configuration therefore requires that syslogd(8) establish a logging socket inside the chroot directory.
SEE ALSO
sftp(1), ssh(1), sshd_config5, sshd(8)- T. Ylonen S. Lehtinen "SSH File Transfer Protocol" draft-ietf-secsh-filexfer-02.txt October 2001 work in progress material