Section: Maintenance Commands (8)
- OpenSSH SFTP server subsystem
is a program that speaks the server side of SFTP protocol
to stdout and expects client requests from stdin.
is not intended to be called directly, but from
Command-line flags to
should be specified in the
for more information.
Valid options are:
- -d start_directory
specifies an alternate starting directory for users.
The pathname may contain the following tokens that are expanded at runtime:
%% is replaced by a literal '%',
%d is replaced by the home directory of the user being authenticated,
and %u is replaced by the username of that user.
The default is to use the user's home directory.
This option is useful in conjunction with the
to print logging information to stderr instead of syslog for debugging.
- -f log_facility
Specifies the facility code that is used when logging messages from
The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2,
LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
The default is AUTH.
- -l log_level
Specifies which messages will be logged by
The possible values are:
QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3.
INFO and VERBOSE log transactions that
performs on behalf of the client.
DEBUG and DEBUG1 are equivalent.
DEBUG2 and DEBUG3 each specify higher levels of debugging output.
The default is ERROR.
- -P denied_requests
Specify a comma-separated list of SFTP protocol requests that are banned by
will reply to any denied request with a failure.
flag can be used to determine the supported request types.
If both denied and allowed lists are specified, then the denied list is
applied before the allowed list.
- -p allowed_requests
Specify a comma-separated list of SFTP protocol requests that are permitted
by the server.
All request types that are not on the allowed list will be logged and replied
to with a failure message.
Care must be taken when using this feature to ensure that requests made
implicitly by SFTP clients are permitted.
- -Q protocol_feature
Query protocol features supported by
At present the only feature that may be queried is
which may be used to deny or allow specific requests (flags
Places this instance of
into a read-only mode.
Attempts to open files for writing, as well as other operations that change
the state of the filesystem, will be denied.
- -u umask
Sets an explicit
to be applied to newly-created files and directories, instead of the
user's default mask.
- -m force_file_perms
Sets explicit file permissions to be applied to newly-created files instead
of the default or client requested mode. Numeric values include:
777, 755, 750, 666, 644, 640, etc. Using both -m and -u switches makes the
umask (-u) effective only for newly created directories and explicit mode (-m)
for newly created files.
On some systems,
must be able to access
for logging to work, and use of
in a chroot configuration therefore requires that
establish a logging socket inside the chroot directory.
"SSH File Transfer Protocol"
work in progress material
first appeared in
Ox 2.8 .
An Markus Friedl Aq Mt email@example.com