sftp-server - SFTP server subsystem
SYNOPSIS
- sftp-server [-ehR] [-f log_facility] [-l log_level] [-u umask]
+ sftp-server [-ehR] [-d start_directory] [-f log_facility] [-l log_level]
+ [-P blacklisted_requests] [-p whitelisted_requests]
+ [-u umask]
+ sftp-server -Q protocol_feature
DESCRIPTION
sftp-server is a program that speaks the server side of SFTP protocol to
Valid options are:
+ -d start_directory
+ specifies an alternate starting directory for users. The
+ pathname may contain the following tokens that are expanded at
+ runtime: %% is replaced by a literal '%', %h is replaced by the
+ home directory of the user being authenticated, and %u is
+ replaced by the username of that user. The default is to use the
+ user's home directory. This option is useful in conjunction with
+ the sshd_config(5) ChrootDirectory option.
+
-e Causes sftp-server to print logging information to stderr instead
of syslog for debugging.
DEBUG1 are equivalent. DEBUG2 and DEBUG3 each specify higher
levels of debugging output. The default is ERROR.
+ -P blacklisted_requests
+ Specify a comma-separated list of SFTP protocol requests that are
+ banned by the server. sftp-server will reply to any blacklisted
+ request with a failure. The -Q flag can be used to determine the
+ supported request types. If both a blacklist and a whitelist are
+ specified, then the blacklist is applied before the whitelist.
+
+ -p whitelisted_requests
+ Specify a comma-separated list of SFTP protocol requests that are
+ permitted by the server. All request types that are not on the
+ whitelist will be logged and replied to with a failure message.
+
+ Care must be taken when using this feature to ensure that
+ requests made implicitly by SFTP clients are permitted.
+
+ -Q protocol_feature
+ Query protocol features supported by sftp-server. At present the
+ only feature that may be queried is ``requests'', which may be
+ used for black or whitelisting (flags -P and -p respectively).
+
-R Places this instance of sftp-server into a read-only mode.
Attempts to open files for writing, as well as other operations
that change the state of the filesystem, will be denied.
SEE ALSO
sftp(1), ssh(1), sshd_config(5), sshd(8)
- T. Ylonen and S. Lehtinen, SSH File Transfer Protocol,
- draft-ietf-secsh-filexfer-00.txt, January 2001, work in progress
- material.
+ T. Ylonen and S. Lehtinen, SSH File Transfer Protocol, draft-ietf-secsh-
+ filexfer-02.txt, October 2001, work in progress material.
HISTORY
sftp-server first appeared in OpenBSD 2.8.
AUTHORS
Markus Friedl <markus@openbsd.org>
-OpenBSD 5.0 January 9, 2010 OpenBSD 5.0
+OpenBSD 5.5 October 14, 2013 OpenBSD 5.5