| .\" $OpenBSD: sftp-server.8,v 1.21 2013/01/04 19:26:38 jmc Exp $ |
| .\" |
| .\" Copyright (c) 2000 Markus Friedl. All rights reserved. |
| .\" |
| .\" Redistribution and use in source and binary forms, with or without |
| .\" modification, are permitted provided that the following conditions |
| .\" are met: |
| .\" 1. Redistributions of source code must retain the above copyright |
| .\" notice, this list of conditions and the following disclaimer. |
| .\" 2. Redistributions in binary form must reproduce the above copyright |
| .\" notice, this list of conditions and the following disclaimer in the |
| .\" documentation and/or other materials provided with the distribution. |
| .\" |
| .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR |
| .\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES |
| .\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. |
| .\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, |
| .\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
| .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
| .\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
| .\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
| .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
| .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| .\" |
| .Dd $Mdocdate: January 4 2013 $ |
| .Dt SFTP-SERVER 8 |
| .Os |
| .Sh NAME |
| .Nm sftp-server |
| .Nd SFTP server subsystem |
| .Sh SYNOPSIS |
| .Nm sftp-server |
| .Op Fl ehR |
| .Op Fl d Ar start_directory |
| .Op Fl f Ar log_facility |
| .Op Fl l Ar log_level |
| .Op Fl u Ar umask |
| .Sh DESCRIPTION |
| .Nm |
| is a program that speaks the server side of SFTP protocol |
| to stdout and expects client requests from stdin. |
| .Nm |
| is not intended to be called directly, but from |
| .Xr sshd 8 |
| using the |
| .Cm Subsystem |
| option. |
| .Pp |
| Command-line flags to |
| .Nm |
| should be specified in the |
| .Cm Subsystem |
| declaration. |
| See |
| .Xr sshd_config 5 |
| for more information. |
| .Pp |
| Valid options are: |
| .Bl -tag -width Ds |
| .It Fl d Ar start_directory |
| specifies an alternate starting directory for users. |
| The pathname may contain the following tokens that are expanded at runtime: |
| %% is replaced by a literal '%', |
| %h is replaced by the home directory of the user being authenticated, |
| and %u is replaced by the username of that user. |
| The default is to use the user's home directory. |
| This option is useful in conjunction with the |
| .Xr sshd_config 5 |
| .Cm ChrootDirectory |
| option. |
| .It Fl e |
| Causes |
| .Nm |
| to print logging information to stderr instead of syslog for debugging. |
| .It Fl f Ar log_facility |
| Specifies the facility code that is used when logging messages from |
| .Nm . |
| The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2, |
| LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. |
| The default is AUTH. |
| .It Fl h |
| Displays |
| .Nm |
| usage information. |
| .It Fl l Ar log_level |
| Specifies which messages will be logged by |
| .Nm . |
| The possible values are: |
| QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3. |
| INFO and VERBOSE log transactions that |
| .Nm |
| performs on behalf of the client. |
| DEBUG and DEBUG1 are equivalent. |
| DEBUG2 and DEBUG3 each specify higher levels of debugging output. |
| The default is ERROR. |
| .It Fl R |
| Places this instance of |
| .Nm |
| into a read-only mode. |
| Attempts to open files for writing, as well as other operations that change |
| the state of the filesystem, will be denied. |
| .It Fl u Ar umask |
| Sets an explicit |
| .Xr umask 2 |
| to be applied to newly-created files and directories, instead of the |
| user's default mask. |
| .El |
| .Pp |
| For logging to work, |
| .Nm |
| must be able to access |
| .Pa /dev/log . |
| Use of |
| .Nm |
| in a chroot configuration therefore requires that |
| .Xr syslogd 8 |
| establish a logging socket inside the chroot directory. |
| .Sh SEE ALSO |
| .Xr sftp 1 , |
| .Xr ssh 1 , |
| .Xr sshd_config 5 , |
| .Xr sshd 8 |
| .Rs |
| .%A T. Ylonen |
| .%A S. Lehtinen |
| .%T "SSH File Transfer Protocol" |
| .%N draft-ietf-secsh-filexfer-00.txt |
| .%D January 2001 |
| .%O work in progress material |
| .Re |
| .Sh HISTORY |
| .Nm |
| first appeared in |
| .Ox 2.8 . |
| .Sh AUTHORS |
| .An Markus Friedl Aq markus@openbsd.org |