mirror of
				https://github.com/PowerShell/Win32-OpenSSH.git
				synced 2025-10-25 01:34:02 +02:00 
			
		
		
		
	
		
			
				
	
	
		
			171 lines
		
	
	
		
			5.0 KiB
		
	
	
	
		
			Groff
		
	
	
	
	
	
			
		
		
	
	
			171 lines
		
	
	
		
			5.0 KiB
		
	
	
	
		
			Groff
		
	
	
	
	
	
| .\" $OpenBSD: sftp-server.8,v 1.27 2014/12/11 04:16:14 djm Exp $
 | |
| .\"
 | |
| .\" Copyright (c) 2000 Markus Friedl.  All rights reserved.
 | |
| .\"
 | |
| .\" Redistribution and use in source and binary forms, with or without
 | |
| .\" modification, are permitted provided that the following conditions
 | |
| .\" are met:
 | |
| .\" 1. Redistributions of source code must retain the above copyright
 | |
| .\"    notice, this list of conditions and the following disclaimer.
 | |
| .\" 2. Redistributions in binary form must reproduce the above copyright
 | |
| .\"    notice, this list of conditions and the following disclaimer in the
 | |
| .\"    documentation and/or other materials provided with the distribution.
 | |
| .\"
 | |
| .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
 | |
| .\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 | |
| .\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
 | |
| .\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
 | |
| .\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 | |
| .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 | |
| .\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 | |
| .\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 | |
| .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 | |
| .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 | |
| .\"
 | |
| .Dd $Mdocdate: December 11 2014 $
 | |
| .Dt SFTP-SERVER 8
 | |
| .Os
 | |
| .Sh NAME
 | |
| .Nm sftp-server
 | |
| .Nd SFTP server subsystem
 | |
| .Sh SYNOPSIS
 | |
| .Nm sftp-server
 | |
| .Bk -words
 | |
| .Op Fl ehR
 | |
| .Op Fl d Ar start_directory
 | |
| .Op Fl f Ar log_facility
 | |
| .Op Fl l Ar log_level
 | |
| .Op Fl P Ar blacklisted_requests
 | |
| .Op Fl p Ar whitelisted_requests
 | |
| .Op Fl u Ar umask
 | |
| .Ek
 | |
| .Nm
 | |
| .Fl Q Ar protocol_feature
 | |
| .Sh DESCRIPTION
 | |
| .Nm
 | |
| is a program that speaks the server side of SFTP protocol
 | |
| to stdout and expects client requests from stdin.
 | |
| .Nm
 | |
| is not intended to be called directly, but from
 | |
| .Xr sshd 8
 | |
| using the
 | |
| .Cm Subsystem
 | |
| option.
 | |
| .Pp
 | |
| Command-line flags to
 | |
| .Nm
 | |
| should be specified in the
 | |
| .Cm Subsystem
 | |
| declaration.
 | |
| See
 | |
| .Xr sshd_config 5
 | |
| for more information.
 | |
| .Pp
 | |
| Valid options are:
 | |
| .Bl -tag -width Ds
 | |
| .It Fl d Ar start_directory
 | |
| specifies an alternate starting directory for users.
 | |
| The pathname may contain the following tokens that are expanded at runtime:
 | |
| %% is replaced by a literal '%',
 | |
| %d is replaced by the home directory of the user being authenticated,
 | |
| and %u is replaced by the username of that user.
 | |
| The default is to use the user's home directory.
 | |
| This option is useful in conjunction with the
 | |
| .Xr sshd_config 5
 | |
| .Cm ChrootDirectory
 | |
| option.
 | |
| .It Fl e
 | |
| Causes
 | |
| .Nm
 | |
| to print logging information to stderr instead of syslog for debugging.
 | |
| .It Fl f Ar log_facility
 | |
| Specifies the facility code that is used when logging messages from
 | |
| .Nm .
 | |
| The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2,
 | |
| LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
 | |
| The default is AUTH.
 | |
| .It Fl h
 | |
| Displays
 | |
| .Nm
 | |
| usage information.
 | |
| .It Fl l Ar log_level
 | |
| Specifies which messages will be logged by
 | |
| .Nm .
 | |
| The possible values are:
 | |
| QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3.
 | |
| INFO and VERBOSE log transactions that
 | |
| .Nm
 | |
| performs on behalf of the client.
 | |
| DEBUG and DEBUG1 are equivalent.
 | |
| DEBUG2 and DEBUG3 each specify higher levels of debugging output.
 | |
| The default is ERROR.
 | |
| .It Fl P Ar blacklisted_requests
 | |
| Specify a comma-separated list of SFTP protocol requests that are banned by
 | |
| the server.
 | |
| .Nm
 | |
| will reply to any blacklisted request with a failure.
 | |
| The
 | |
| .Fl Q
 | |
| flag can be used to determine the supported request types.
 | |
| If both a blacklist and a whitelist are specified, then the blacklist is
 | |
| applied before the whitelist.
 | |
| .It Fl p Ar whitelisted_requests
 | |
| Specify a comma-separated list of SFTP protocol requests that are permitted
 | |
| by the server.
 | |
| All request types that are not on the whitelist will be logged and replied
 | |
| to with a failure message.
 | |
| .Pp
 | |
| Care must be taken when using this feature to ensure that requests made
 | |
| implicitly by SFTP clients are permitted.
 | |
| .It Fl Q Ar protocol_feature
 | |
| Query protocol features supported by
 | |
| .Nm .
 | |
| At present the only feature that may be queried is
 | |
| .Dq requests ,
 | |
| which may be used for black or whitelisting (flags
 | |
| .Fl P
 | |
| and
 | |
| .Fl p
 | |
| respectively).
 | |
| .It Fl R
 | |
| Places this instance of
 | |
| .Nm
 | |
| into a read-only mode.
 | |
| Attempts to open files for writing, as well as other operations that change
 | |
| the state of the filesystem, will be denied.
 | |
| .It Fl u Ar umask
 | |
| Sets an explicit
 | |
| .Xr umask 2
 | |
| to be applied to newly-created files and directories, instead of the
 | |
| user's default mask.
 | |
| .El
 | |
| .Pp
 | |
| On some systems,
 | |
| .Nm
 | |
| must be able to access
 | |
| .Pa /dev/log
 | |
| for logging to work, and use of
 | |
| .Nm
 | |
| in a chroot configuration therefore requires that
 | |
| .Xr syslogd 8
 | |
| establish a logging socket inside the chroot directory.
 | |
| .Sh SEE ALSO
 | |
| .Xr sftp 1 ,
 | |
| .Xr ssh 1 ,
 | |
| .Xr sshd_config 5 ,
 | |
| .Xr sshd 8
 | |
| .Rs
 | |
| .%A T. Ylonen
 | |
| .%A S. Lehtinen
 | |
| .%T "SSH File Transfer Protocol"
 | |
| .%N draft-ietf-secsh-filexfer-02.txt
 | |
| .%D October 2001
 | |
| .%O work in progress material
 | |
| .Re
 | |
| .Sh HISTORY
 | |
| .Nm
 | |
| first appeared in
 | |
| .Ox 2.8 .
 | |
| .Sh AUTHORS
 | |
| .An Markus Friedl Aq Mt markus@openbsd.org
 |