.TH SFTP-SERVER 8 "December 11 2014 " ""
.SH NAME
\fBsftp-server\fP
\- SFTP server subsystem
.SH SYNOPSIS
.br
\fBsftp-server\fP
[\fB\-ehR\fP]
[\fB\-d\fP \fIstart_directory\fP]
[\fB\-f\fP \fIlog_facility\fP]
[\fB\-l\fP \fIlog_level\fP]
[\fB\-P\fP \fIblacklisted_requests\fP]
[\fB\-p\fP \fIwhitelisted_requests\fP]
[\fB\-u\fP \fIumask\fP]
.br
\fBsftp-server\fP
\fB\-Q\fP \fIprotocol_feature\fP
.SH DESCRIPTION
\fBsftp-server\fP
is a program that speaks the server side of SFTP protocol
to stdout and expects client requests from stdin.
\fBsftp-server\fP
is not intended to be called directly, but from
\fBsshd\fP(8)
using the
\fBSubsystem\fP
option.

Command-line flags to
\fBsftp-server\fP
should be specified in the
\fBSubsystem\fP
declaration.
See
\fBsshd_config\fP(5)
for more information.

Valid options are:
.TP
\fB\-d\fP \fIstart_directory\fP
specifies an alternate starting directory for users.
The pathname may contain the following tokens that are expanded at runtime:
%% is replaced by a literal '%',
%d is replaced by the home directory of the user being authenticated,
and %u is replaced by the username of that user.
The default is to use the user's home directory.
This option is useful in conjunction with the
\fBsshd_config\fP(5)
\fBChrootDirectory\fP
option.
.TP
\fB\-e\fP
Causes
\fBsftp-server\fP
to print logging information to stderr instead of syslog for debugging.
.TP
\fB\-f\fP \fIlog_facility\fP
Specifies the facility code that is used when logging messages from
\fB.\fP
The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2,
LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
The default is AUTH.
.TP
\fB\-h\fP
Displays
\fBsftp-server\fP
usage information.
.TP
\fB\-l\fP \fIlog_level\fP
Specifies which messages will be logged by
\fB.\fP
The possible values are:
QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3.
INFO and VERBOSE log transactions that
\fBsftp-server\fP
performs on behalf of the client.
DEBUG and DEBUG1 are equivalent.
DEBUG2 and DEBUG3 each specify higher levels of debugging output.
The default is ERROR.
.TP
\fB\-P\fP \fIblacklisted_requests\fP
Specify a comma-separated list of SFTP protocol requests that are banned by
the server.
\fBsftp-server\fP
will reply to any blacklisted request with a failure.
The
\fB\-Q\fP
flag can be used to determine the supported request types.
If both a blacklist and a whitelist are specified, then the blacklist is
applied before the whitelist.
.TP
\fB\-p\fP \fIwhitelisted_requests\fP
Specify a comma-separated list of SFTP protocol requests that are permitted
by the server.
All request types that are not on the whitelist will be logged and replied
to with a failure message.

Care must be taken when using this feature to ensure that requests made
implicitly by SFTP clients are permitted.
.TP
\fB\-Q\fP \fIprotocol_feature\fP
Query protocol features supported by
\fB.\fP
At present the only feature that may be queried is
``requests'',
which may be used for black or whitelisting (flags
\fB\-P\fP
and
\fB\-p\fP
respectively).
.TP
\fB\-R\fP
Places this instance of
\fBsftp-server\fP
into a read-only mode.
Attempts to open files for writing, as well as other operations that change
the state of the filesystem, will be denied.
.TP
\fB\-u\fP \fIumask\fP
Sets an explicit
\fBumask\fP(2)
to be applied to newly-created files and directories, instead of the
user's default mask.
.PP

On some systems,
\fBsftp-server\fP
must be able to access
\fI/dev/log\fP
for logging to work, and use of
\fBsftp-server\fP
in a chroot configuration therefore requires that
\fBsyslogd\fP(8)
establish a logging socket inside the chroot directory.
.SH SEE ALSO
\fBsftp\fP(1),
\fBssh\fP(1),
\fBsshd_config\fP(5),
\fBsshd\fP(8)

S. Lehtinen and T. Ylonen, \fISSH File Transfer Protocol\fP, draft-ietf-secsh-filexfer-02.txt, October 2001, work in progress material.
.SH HISTORY
\fBsftp-server\fP
first appeared in
OpenBSD 2.8 .
.SH AUTHORS

Markus Friedl <Mt markus@openbsd.org>