1f7167e0eSDag-Erling Smørgrav.\" $OpenBSD: sftp-server.8,v 1.31 2021/07/27 14:14:25 jmc Exp $ 2b66f2d16SKris Kennaway.\" 3b66f2d16SKris Kennaway.\" Copyright (c) 2000 Markus Friedl. All rights reserved. 4b66f2d16SKris Kennaway.\" 5b66f2d16SKris Kennaway.\" Redistribution and use in source and binary forms, with or without 6b66f2d16SKris Kennaway.\" modification, are permitted provided that the following conditions 7b66f2d16SKris Kennaway.\" are met: 8b66f2d16SKris Kennaway.\" 1. Redistributions of source code must retain the above copyright 9b66f2d16SKris Kennaway.\" notice, this list of conditions and the following disclaimer. 10b66f2d16SKris Kennaway.\" 2. Redistributions in binary form must reproduce the above copyright 11b66f2d16SKris Kennaway.\" notice, this list of conditions and the following disclaimer in the 12b66f2d16SKris Kennaway.\" documentation and/or other materials provided with the distribution. 13b66f2d16SKris Kennaway.\" 14b66f2d16SKris Kennaway.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 15b66f2d16SKris Kennaway.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 16b66f2d16SKris Kennaway.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 17b66f2d16SKris Kennaway.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 18b66f2d16SKris Kennaway.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 19b66f2d16SKris Kennaway.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 20b66f2d16SKris Kennaway.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 21b66f2d16SKris Kennaway.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 22b66f2d16SKris Kennaway.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 23b66f2d16SKris Kennaway.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24b66f2d16SKris Kennaway.\" 255b71b2ebSDag-Erling Smørgrav.Dd $Mdocdate: July 27 2021 $ 26b66f2d16SKris Kennaway.Dt SFTP-SERVER 8 27b66f2d16SKris Kennaway.Os 28b66f2d16SKris Kennaway.Sh NAME 29b66f2d16SKris Kennaway.Nm sftp-server 30b66f2d16SKris Kennaway.Nd OpenSSH SFTP server subsystem 31b66f2d16SKris Kennaway.Sh SYNOPSIS 32b66f2d16SKris Kennaway.Nm sftp-server 33f7167e0eSDag-Erling Smørgrav.Bk -words 34b15c8340SDag-Erling Smørgrav.Op Fl ehR 356888a9beSDag-Erling Smørgrav.Op Fl d Ar start_directory 36761efaa7SDag-Erling Smørgrav.Op Fl f Ar log_facility 37761efaa7SDag-Erling Smørgrav.Op Fl l Ar log_level 38f7167e0eSDag-Erling Smørgrav.Op Fl P Ar denied_requests 39f7167e0eSDag-Erling Smørgrav.Op Fl p Ar allowed_requests 40b15c8340SDag-Erling Smørgrav.Op Fl u Ar umask 41f7167e0eSDag-Erling Smørgrav.Ek 42f7167e0eSDag-Erling Smørgrav.Nm 43f7167e0eSDag-Erling Smørgrav.Fl Q Ar protocol_feature 44b66f2d16SKris Kennaway.Sh DESCRIPTION 45b66f2d16SKris Kennaway.Nm 46b66f2d16SKris Kennawayis a program that speaks the server side of SFTP protocol 47b66f2d16SKris Kennawayto stdout and expects client requests from stdin. 48b66f2d16SKris Kennaway.Nm 49b66f2d16SKris Kennawayis not intended to be called directly, but from 50b66f2d16SKris Kennaway.Xr sshd 8 51b66f2d16SKris Kennawayusing the 52b66f2d16SKris Kennaway.Cm Subsystem 53b66f2d16SKris Kennawayoption. 54761efaa7SDag-Erling Smørgrav.Pp 55761efaa7SDag-Erling SmørgravCommand-line flags to 56761efaa7SDag-Erling Smørgrav.Nm 57761efaa7SDag-Erling Smørgravshould be specified in the 58761efaa7SDag-Erling Smørgrav.Cm Subsystem 59761efaa7SDag-Erling Smørgravdeclaration. 60b66f2d16SKris KennawaySee 61efcad6b7SDag-Erling Smørgrav.Xr sshd_config 5 62b66f2d16SKris Kennawayfor more information. 63761efaa7SDag-Erling Smørgrav.Pp 64761efaa7SDag-Erling SmørgravValid options are: 65761efaa7SDag-Erling Smørgrav.Bl -tag -width Ds 666888a9beSDag-Erling Smørgrav.It Fl d Ar start_directory 676888a9beSDag-Erling SmørgravSpecifies an alternate starting directory for users. 686888a9beSDag-Erling SmørgravThe pathname may contain the following tokens that are expanded at runtime: 696888a9beSDag-Erling Smørgrav%% is replaced by a literal '%', 706888a9beSDag-Erling Smørgrav%d is replaced by the home directory of the user being authenticated, 716888a9beSDag-Erling Smørgravand %u is replaced by the username of that user. 726888a9beSDag-Erling SmørgravThe default is to use the user's home directory. 736888a9beSDag-Erling SmørgravThis option is useful in conjunction with the 746888a9beSDag-Erling Smørgrav.Xr sshd_config 5 756888a9beSDag-Erling Smørgrav.Cm ChrootDirectory 766888a9beSDag-Erling Smørgravoption. 77b15c8340SDag-Erling Smørgrav.It Fl e 78b15c8340SDag-Erling SmørgravCauses 79b15c8340SDag-Erling Smørgrav.Nm 80b15c8340SDag-Erling Smørgravto print logging information to stderr instead of syslog for debugging. 81761efaa7SDag-Erling Smørgrav.It Fl f Ar log_facility 82761efaa7SDag-Erling SmørgravSpecifies the facility code that is used when logging messages from 83761efaa7SDag-Erling Smørgrav.Nm . 84761efaa7SDag-Erling SmørgravThe possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2, 85761efaa7SDag-Erling SmørgravLOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. 86761efaa7SDag-Erling SmørgravThe default is AUTH. 87b15c8340SDag-Erling Smørgrav.It Fl h 88b15c8340SDag-Erling SmørgravDisplays 89b15c8340SDag-Erling Smørgrav.Nm 90b15c8340SDag-Erling Smørgravusage information. 91761efaa7SDag-Erling Smørgrav.It Fl l Ar log_level 92761efaa7SDag-Erling SmørgravSpecifies which messages will be logged by 93761efaa7SDag-Erling Smørgrav.Nm . 94761efaa7SDag-Erling SmørgravThe possible values are: 95761efaa7SDag-Erling SmørgravQUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3. 96761efaa7SDag-Erling SmørgravINFO and VERBOSE log transactions that 97761efaa7SDag-Erling Smørgrav.Nm 98761efaa7SDag-Erling Smørgravperforms on behalf of the client. 99761efaa7SDag-Erling SmørgravDEBUG and DEBUG1 are equivalent. 100761efaa7SDag-Erling SmørgravDEBUG2 and DEBUG3 each specify higher levels of debugging output. 101761efaa7SDag-Erling SmørgravThe default is ERROR. 102f7167e0eSDag-Erling Smørgrav.It Fl P Ar denied_requests 103f7167e0eSDag-Erling SmørgravSpecifies a comma-separated list of SFTP protocol requests that are banned by 104f7167e0eSDag-Erling Smørgravthe server. 105f7167e0eSDag-Erling Smørgrav.Nm 106f7167e0eSDag-Erling Smørgravwill reply to any denied request with a failure. 107f7167e0eSDag-Erling SmørgravThe 108f7167e0eSDag-Erling Smørgrav.Fl Q 109f7167e0eSDag-Erling Smørgravflag can be used to determine the supported request types. 110f7167e0eSDag-Erling SmørgravIf both denied and allowed lists are specified, then the denied list is 111f7167e0eSDag-Erling Smørgravapplied before the allowed list. 112f7167e0eSDag-Erling Smørgrav.It Fl p Ar allowed_requests 113f7167e0eSDag-Erling SmørgravSpecifies a comma-separated list of SFTP protocol requests that are permitted 114f7167e0eSDag-Erling Smørgravby the server. 115f7167e0eSDag-Erling SmørgravAll request types that are not on the allowed list will be logged and replied 116f7167e0eSDag-Erling Smørgravto with a failure message. 117f7167e0eSDag-Erling Smørgrav.Pp 118f7167e0eSDag-Erling SmørgravCare must be taken when using this feature to ensure that requests made 119f7167e0eSDag-Erling Smørgravimplicitly by SFTP clients are permitted. 120f7167e0eSDag-Erling Smørgrav.It Fl Q Ar protocol_feature 121f7167e0eSDag-Erling SmørgravQueries protocol features supported by 122f7167e0eSDag-Erling Smørgrav.Nm . 123f7167e0eSDag-Erling SmørgravAt present the only feature that may be queried is 124f7167e0eSDag-Erling Smørgrav.Dq requests , 125f7167e0eSDag-Erling Smørgravwhich may be used to deny or allow specific requests (flags 126f7167e0eSDag-Erling Smørgrav.Fl P 127f7167e0eSDag-Erling Smørgravand 128f7167e0eSDag-Erling Smørgrav.Fl p 129f7167e0eSDag-Erling Smørgravrespectively). 130b15c8340SDag-Erling Smørgrav.It Fl R 131b15c8340SDag-Erling SmørgravPlaces this instance of 132b15c8340SDag-Erling Smørgrav.Nm 133b15c8340SDag-Erling Smørgravinto a read-only mode. 134b15c8340SDag-Erling SmørgravAttempts to open files for writing, as well as other operations that change 135b15c8340SDag-Erling Smørgravthe state of the filesystem, will be denied. 136b15c8340SDag-Erling Smørgrav.It Fl u Ar umask 137b15c8340SDag-Erling SmørgravSets an explicit 138b15c8340SDag-Erling Smørgrav.Xr umask 2 139b15c8340SDag-Erling Smørgravto be applied to newly-created files and directories, instead of the 140b15c8340SDag-Erling Smørgravuser's default mask. 141761efaa7SDag-Erling Smørgrav.El 142d4af9e69SDag-Erling Smørgrav.Pp 143d4af9e69SDag-Erling SmørgravOn some systems, 144d4af9e69SDag-Erling Smørgrav.Nm 145d4af9e69SDag-Erling Smørgravmust be able to access 146d4af9e69SDag-Erling Smørgrav.Pa /dev/log 147d4af9e69SDag-Erling Smørgravfor logging to work, and use of 148d4af9e69SDag-Erling Smørgrav.Nm 1497aee6ffeSDag-Erling Smørgravin a chroot configuration therefore requires that 150d4af9e69SDag-Erling Smørgrav.Xr syslogd 8 151d4af9e69SDag-Erling Smørgravestablish a logging socket inside the chroot directory. 152b66f2d16SKris Kennaway.Sh SEE ALSO 1531e8db6e2SBrian Feldman.Xr sftp 1 , 154b66f2d16SKris Kennaway.Xr ssh 1 , 155efcad6b7SDag-Erling Smørgrav.Xr sshd_config 5 , 1565b9b2fafSBrian Feldman.Xr sshd 8 1571e8db6e2SBrian Feldman.Rs 1581e8db6e2SBrian Feldman.%A T. Ylonen 1591e8db6e2SBrian Feldman.%A S. Lehtinen 1601e8db6e2SBrian Feldman.%T "SSH File Transfer Protocol" 161e4a9863fSDag-Erling Smørgrav.%N draft-ietf-secsh-filexfer-02.txt 162e4a9863fSDag-Erling Smørgrav.%D October 2001 1631e8db6e2SBrian Feldman.%O work in progress material 1641e8db6e2SBrian Feldman.Re 1655b9b2fafSBrian Feldman.Sh HISTORY 1665b9b2fafSBrian Feldman.Nm 167761efaa7SDag-Erling Smørgravfirst appeared in 168761efaa7SDag-Erling Smørgrav.Ox 2.8 . 169761efaa7SDag-Erling Smørgrav.Sh AUTHORS 170e4a9863fSDag-Erling Smørgrav.An Markus Friedl Aq Mt markus@openbsd.org 171