xref: /freebsd/crypto/openssh/sftp-server.8 (revision e4a9863fb76a1f6b16ecbcbd31e88f4ad9a9565e)
1*e4a9863fSDag-Erling Smørgrav.\" $OpenBSD: sftp-server.8,v 1.23 2013/07/16 00:07:52 schwarze Exp $
27aee6ffeSDag-Erling Smørgrav.\" $FreeBSD$
3b66f2d16SKris Kennaway.\"
4b66f2d16SKris Kennaway.\" Copyright (c) 2000 Markus Friedl.  All rights reserved.
5b66f2d16SKris Kennaway.\"
6b66f2d16SKris Kennaway.\" Redistribution and use in source and binary forms, with or without
7b66f2d16SKris Kennaway.\" modification, are permitted provided that the following conditions
8b66f2d16SKris Kennaway.\" are met:
9b66f2d16SKris Kennaway.\" 1. Redistributions of source code must retain the above copyright
10b66f2d16SKris Kennaway.\"    notice, this list of conditions and the following disclaimer.
11b66f2d16SKris Kennaway.\" 2. Redistributions in binary form must reproduce the above copyright
12b66f2d16SKris Kennaway.\"    notice, this list of conditions and the following disclaimer in the
13b66f2d16SKris Kennaway.\"    documentation and/or other materials provided with the distribution.
14b66f2d16SKris Kennaway.\"
15b66f2d16SKris Kennaway.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
16b66f2d16SKris Kennaway.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
17b66f2d16SKris Kennaway.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
18b66f2d16SKris Kennaway.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
19b66f2d16SKris Kennaway.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
20b66f2d16SKris Kennaway.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
21b66f2d16SKris Kennaway.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
22b66f2d16SKris Kennaway.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
23b66f2d16SKris Kennaway.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
24b66f2d16SKris Kennaway.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25b66f2d16SKris Kennaway.\"
26*e4a9863fSDag-Erling Smørgrav.Dd July 16, 2013
27b66f2d16SKris Kennaway.Dt SFTP-SERVER 8
28b66f2d16SKris Kennaway.Os
29b66f2d16SKris Kennaway.Sh NAME
30b66f2d16SKris Kennaway.Nm sftp-server
31b66f2d16SKris Kennaway.Nd SFTP server subsystem
32b66f2d16SKris Kennaway.Sh SYNOPSIS
33b66f2d16SKris Kennaway.Nm sftp-server
34b15c8340SDag-Erling Smørgrav.Op Fl ehR
356888a9beSDag-Erling Smørgrav.Op Fl d Ar start_directory
36761efaa7SDag-Erling Smørgrav.Op Fl f Ar log_facility
37761efaa7SDag-Erling Smørgrav.Op Fl l Ar log_level
38b15c8340SDag-Erling Smørgrav.Op Fl u Ar umask
39b66f2d16SKris Kennaway.Sh DESCRIPTION
40b66f2d16SKris Kennaway.Nm
41b66f2d16SKris Kennawayis a program that speaks the server side of SFTP protocol
42b66f2d16SKris Kennawayto stdout and expects client requests from stdin.
43b66f2d16SKris Kennaway.Nm
44b66f2d16SKris Kennawayis not intended to be called directly, but from
45b66f2d16SKris Kennaway.Xr sshd 8
46b66f2d16SKris Kennawayusing the
47b66f2d16SKris Kennaway.Cm Subsystem
48b66f2d16SKris Kennawayoption.
49761efaa7SDag-Erling Smørgrav.Pp
50761efaa7SDag-Erling SmørgravCommand-line flags to
51761efaa7SDag-Erling Smørgrav.Nm
52761efaa7SDag-Erling Smørgravshould be specified in the
53761efaa7SDag-Erling Smørgrav.Cm Subsystem
54761efaa7SDag-Erling Smørgravdeclaration.
55b66f2d16SKris KennawaySee
56efcad6b7SDag-Erling Smørgrav.Xr sshd_config 5
57b66f2d16SKris Kennawayfor more information.
58761efaa7SDag-Erling Smørgrav.Pp
59761efaa7SDag-Erling SmørgravValid options are:
60761efaa7SDag-Erling Smørgrav.Bl -tag -width Ds
616888a9beSDag-Erling Smørgrav.It Fl d Ar start_directory
626888a9beSDag-Erling Smørgravspecifies an alternate starting directory for users.
636888a9beSDag-Erling SmørgravThe pathname may contain the following tokens that are expanded at runtime:
646888a9beSDag-Erling Smørgrav%% is replaced by a literal '%',
656888a9beSDag-Erling Smørgrav%h is replaced by the home directory of the user being authenticated,
666888a9beSDag-Erling Smørgravand %u is replaced by the username of that user.
676888a9beSDag-Erling SmørgravThe default is to use the user's home directory.
686888a9beSDag-Erling SmørgravThis option is useful in conjunction with the
696888a9beSDag-Erling Smørgrav.Xr sshd_config 5
706888a9beSDag-Erling Smørgrav.Cm ChrootDirectory
716888a9beSDag-Erling Smørgravoption.
72b15c8340SDag-Erling Smørgrav.It Fl e
73b15c8340SDag-Erling SmørgravCauses
74b15c8340SDag-Erling Smørgrav.Nm
75b15c8340SDag-Erling Smørgravto print logging information to stderr instead of syslog for debugging.
76761efaa7SDag-Erling Smørgrav.It Fl f Ar log_facility
77761efaa7SDag-Erling SmørgravSpecifies the facility code that is used when logging messages from
78761efaa7SDag-Erling Smørgrav.Nm .
79761efaa7SDag-Erling SmørgravThe possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2,
80761efaa7SDag-Erling SmørgravLOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
81761efaa7SDag-Erling SmørgravThe default is AUTH.
82b15c8340SDag-Erling Smørgrav.It Fl h
83b15c8340SDag-Erling SmørgravDisplays
84b15c8340SDag-Erling Smørgrav.Nm
85b15c8340SDag-Erling Smørgravusage information.
86761efaa7SDag-Erling Smørgrav.It Fl l Ar log_level
87761efaa7SDag-Erling SmørgravSpecifies which messages will be logged by
88761efaa7SDag-Erling Smørgrav.Nm .
89761efaa7SDag-Erling SmørgravThe possible values are:
90761efaa7SDag-Erling SmørgravQUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3.
91761efaa7SDag-Erling SmørgravINFO and VERBOSE log transactions that
92761efaa7SDag-Erling Smørgrav.Nm
93761efaa7SDag-Erling Smørgravperforms on behalf of the client.
94761efaa7SDag-Erling SmørgravDEBUG and DEBUG1 are equivalent.
95761efaa7SDag-Erling SmørgravDEBUG2 and DEBUG3 each specify higher levels of debugging output.
96761efaa7SDag-Erling SmørgravThe default is ERROR.
97b15c8340SDag-Erling Smørgrav.It Fl R
98b15c8340SDag-Erling SmørgravPlaces this instance of
99b15c8340SDag-Erling Smørgrav.Nm
100b15c8340SDag-Erling Smørgravinto a read-only mode.
101b15c8340SDag-Erling SmørgravAttempts to open files for writing, as well as other operations that change
102b15c8340SDag-Erling Smørgravthe state of the filesystem, will be denied.
103b15c8340SDag-Erling Smørgrav.It Fl u Ar umask
104b15c8340SDag-Erling SmørgravSets an explicit
105b15c8340SDag-Erling Smørgrav.Xr umask 2
106b15c8340SDag-Erling Smørgravto be applied to newly-created files and directories, instead of the
107b15c8340SDag-Erling Smørgravuser's default mask.
108761efaa7SDag-Erling Smørgrav.El
109d4af9e69SDag-Erling Smørgrav.Pp
110d4af9e69SDag-Erling SmørgravFor logging to work,
111d4af9e69SDag-Erling Smørgrav.Nm
112d4af9e69SDag-Erling Smørgravmust be able to access
113d4af9e69SDag-Erling Smørgrav.Pa /dev/log .
114d4af9e69SDag-Erling SmørgravUse of
115d4af9e69SDag-Erling Smørgrav.Nm
1167aee6ffeSDag-Erling Smørgravin a chroot configuration therefore requires that
117d4af9e69SDag-Erling Smørgrav.Xr syslogd 8
118d4af9e69SDag-Erling Smørgravestablish a logging socket inside the chroot directory.
119b66f2d16SKris Kennaway.Sh SEE ALSO
1201e8db6e2SBrian Feldman.Xr sftp 1 ,
121b66f2d16SKris Kennaway.Xr ssh 1 ,
122efcad6b7SDag-Erling Smørgrav.Xr sshd_config 5 ,
1235b9b2fafSBrian Feldman.Xr sshd 8
1241e8db6e2SBrian Feldman.Rs
1251e8db6e2SBrian Feldman.%A T. Ylonen
1261e8db6e2SBrian Feldman.%A S. Lehtinen
1271e8db6e2SBrian Feldman.%T "SSH File Transfer Protocol"
128*e4a9863fSDag-Erling Smørgrav.%N draft-ietf-secsh-filexfer-02.txt
129*e4a9863fSDag-Erling Smørgrav.%D October 2001
1301e8db6e2SBrian Feldman.%O work in progress material
1311e8db6e2SBrian Feldman.Re
1325b9b2fafSBrian Feldman.Sh HISTORY
1335b9b2fafSBrian Feldman.Nm
134761efaa7SDag-Erling Smørgravfirst appeared in
135761efaa7SDag-Erling Smørgrav.Ox 2.8 .
136761efaa7SDag-Erling Smørgrav.Sh AUTHORS
137*e4a9863fSDag-Erling Smørgrav.An Markus Friedl Aq Mt markus@openbsd.org
138