Manpages - sftp-server.8

Home DTOS Other Projects Knowledge Base Linux Manpages Community Contribute

is a program that speaks the server side of SFTP protocol to stdout and expects client requests from stdin.

is not intended to be called directly, but from

using the

option.

Command-line flags to

should be specified in the

declaration. See

for more information.

Valid options are:

Specifies an alternate starting directory for users. The pathname may contain the following tokens that are expanded at runtime: %% is replaced by a literal ’%’, %d is replaced by the home directory of the user being authenticated, and %u is replaced by the username of that user. The default is to use the user’s home directory. This option is useful in conjunction with the

option.

Causes

to print logging information to stderr instead of syslog for debugging.

Specifies the facility code that is used when logging messages from

The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. The default is AUTH.

Displays

usage information.

Specifies which messages will be logged by

The possible values are: QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3. INFO and VERBOSE log transactions that

performs on behalf of the client. DEBUG and DEBUG1 are equivalent. DEBUG2 and DEBUG3 each specify higher levels of debugging output. The default is ERROR.

Specifies a comma-separated list of SFTP protocol requests that are banned by the server.

will reply to any denied request with a failure. The

flag can be used to determine the supported request types. If both denied and allowed lists are specified, then the denied list is applied before the allowed list.

Specifies a comma-separated list of SFTP protocol requests that are permitted by the server. All request types that are not on the allowed list will be logged and replied to with a failure message.

Care must be taken when using this feature to ensure that requests made implicitly by SFTP clients are permitted.

Queries protocol features supported by

At present the only feature that may be queried is

which may be used to deny or allow specific requests (flags

and

respectively).

Places this instance of

into a read-only mode. Attempts to open files for writing, as well as other operations that change the state of the filesystem, will be denied.

Sets an explicit

to be applied to newly-created files and directories, instead of the user’s default mask.

On some systems,

must be able to access

for logging to work, and use of

in a chroot configuration therefore requires that

establish a logging socket inside the chroot directory.

first appeared in

Author: dt

Created: 2022-02-20 Sun 09:53