OpenSSH SFTP server

OpenSSH's sftp-server is the server-side SFTP subsystem that runs under sshd to provide secure file-transfer operations over the SSH transport. It is distributed as part of the OpenSSH suite and is available as an external sftp-server binary or via the internal-sftp implementation inside sshd. (openssh.com)

Key Features

• Implements the server side of the SFTP protocol (invoked via sshd Subsystem or ForceCommand internal-sftp). (man.openbsd.org)
• Provides both a standalone sftp-server binary and internal-sftp (in-process) mode for chrooted and restricted sessions. (openssh.com)
• Supports modern SSH authentication methods (public-key, certificate support and protocol extensions such as FIDO/U2F) and a range of key-exchange and cipher algorithms. (cvsweb.openbsd.org)
• Server-side protocol extensions are implemented (examples include server-side copy/corp-data extensions tracked in the sftp-server tree). (cvsweb.openbsd.org)
• Designed with OpenSSH's privilege separation, logging options, and portability across Unix-like systems; crypto implementations include both dedicated algorithms (e.g., ChaCha20-Poly1305 sources) and links to OpenSSL/crypto APIs in the tree. (cvsweb.openbsd.org)

Use Cases

• Providing secure SFTP access for remote users or automated backup clients over SSH with configurable chroot jails and restricted shells. (unitedbsd.com)
• Embedding secure file-transfer into existing SSH-based infrastructure (system accounts, authorized_keys, certificates, and server-side policy). (openssh.com)
• Offering server-side copy and protocol-extension features for efficient remote file operations (reducing client-side data movement). (cvsweb.openbsd.org)

Limitations and Considerations

• Chroot configuration is strict: the chroot path must be owned by root and have strict permissions, which often causes confusing permission errors for administrators if not set up exactly. (reddit.com)
• Platform/packaging variations (e.g., Windows ports or distro-packaged builds) have historically exhibited differences or bugs (notably reported issues with some Windows builds' ChrootDirectory handling). Administrators should test the exact packaged build used in production. (reddit.com)

OpenSSH's sftp-server is the canonical, widely used SFTP implementation for SSH-based file transfer. It is actively maintained inside the OpenSSH/OpenBSD source tree, supports protocol extensions and modern authentication methods, and is intended for integration with system-level account and chroot configurations.