1SFTP(1) OpenBSD Reference Manual SFTP(1) 2 3NAME 4 sftp - secure file transfer program 5 6SYNOPSIS 7 sftp [-1246Cpqrv] [-B buffer_size] [-b batchfile] [-c cipher] 8 [-D sftp_server_path] [-F ssh_config] [-i identity_file] [-l limit] 9 [-o ssh_option] [-P port] [-R num_requests] [-S program] 10 [-s subsystem | sftp_server] host 11 sftp [user@]host[:file ...] 12 sftp [user@]host[:dir[/]] 13 sftp -b batchfile [user@]host 14 15DESCRIPTION 16 sftp is an interactive file transfer program, similar to ftp(1), which 17 performs all operations over an encrypted ssh(1) transport. It may also 18 use many features of ssh, such as public key authentication and 19 compression. sftp connects and logs into the specified host, then enters 20 an interactive command mode. 21 22 The second usage format will retrieve files automatically if a non- 23 interactive authentication method is used; otherwise it will do so after 24 successful interactive authentication. 25 26 The third usage format allows sftp to start in a remote directory. 27 28 The final usage format allows for automated sessions using the -b option. 29 In such cases, it is necessary to configure non-interactive 30 authentication to obviate the need to enter a password at connection time 31 (see sshd(8) and ssh-keygen(1) for details). 32 33 Since some usage formats use colon characters to delimit host names from 34 path names, IPv6 addresses must be enclosed in square brackets to avoid 35 ambiguity. 36 37 The options are as follows: 38 39 -1 Specify the use of protocol version 1. 40 41 -2 Specify the use of protocol version 2. 42 43 -4 Forces sftp to use IPv4 addresses only. 44 45 -6 Forces sftp to use IPv6 addresses only. 46 47 -B buffer_size 48 Specify the size of the buffer that sftp uses when transferring 49 files. Larger buffers require fewer round trips at the cost of 50 higher memory consumption. The default is 32768 bytes. 51 52 -b batchfile 53 Batch mode reads a series of commands from an input batchfile 54 instead of stdin. Since it lacks user interaction it should be 55 used in conjunction with non-interactive authentication. A 56 batchfile of `-' may be used to indicate standard input. sftp 57 will abort if any of the following commands fail: get, put, 58 reget, rename, ln, rm, mkdir, chdir, ls, lchdir, chmod, chown, 59 chgrp, lpwd, df, symlink, and lmkdir. Termination on error can 60 be suppressed on a command by command basis by prefixing the 61 command with a `-' character (for example, -rm /tmp/blah*). 62 63 -C Enables compression (via ssh's -C flag). 64 65 -c cipher 66 Selects the cipher to use for encrypting the data transfers. 67 This option is directly passed to ssh(1). 68 69 -D sftp_server_path 70 Connect directly to a local sftp server (rather than via ssh(1)). 71 This option may be useful in debugging the client and server. 72 73 -F ssh_config 74 Specifies an alternative per-user configuration file for ssh(1). 75 This option is directly passed to ssh(1). 76 77 -i identity_file 78 Selects the file from which the identity (private key) for public 79 key authentication is read. This option is directly passed to 80 ssh(1). 81 82 -l limit 83 Limits the used bandwidth, specified in Kbit/s. 84 85 -o ssh_option 86 Can be used to pass options to ssh in the format used in 87 ssh_config(5). This is useful for specifying options for which 88 there is no separate sftp command-line flag. For example, to 89 specify an alternate port use: sftp -oPort=24. For full details 90 of the options listed below, and their possible values, see 91 ssh_config(5). 92 93 AddressFamily 94 BatchMode 95 BindAddress 96 ChallengeResponseAuthentication 97 CheckHostIP 98 Cipher 99 Ciphers 100 Compression 101 CompressionLevel 102 ConnectionAttempts 103 ConnectTimeout 104 ControlMaster 105 ControlPath 106 ControlPersist 107 GlobalKnownHostsFile 108 GSSAPIAuthentication 109 GSSAPIDelegateCredentials 110 HashKnownHosts 111 Host 112 HostbasedAuthentication 113 HostKeyAlgorithms 114 HostKeyAlias 115 HostName 116 IdentityFile 117 IdentitiesOnly 118 IPQoS 119 KbdInteractiveAuthentication 120 KbdInteractiveDevices 121 KexAlgorithms 122 LogLevel 123 MACs 124 NoHostAuthenticationForLocalhost 125 NumberOfPasswordPrompts 126 PasswordAuthentication 127 PKCS11Provider 128 Port 129 PreferredAuthentications 130 Protocol 131 ProxyCommand 132 PubkeyAuthentication 133 RekeyLimit 134 RhostsRSAAuthentication 135 RSAAuthentication 136 SendEnv 137 ServerAliveInterval 138 ServerAliveCountMax 139 StrictHostKeyChecking 140 TCPKeepAlive 141 UsePrivilegedPort 142 User 143 UserKnownHostsFile 144 VerifyHostKeyDNS 145 146 -P port 147 Specifies the port to connect to on the remote host. 148 149 -p Preserves modification times, access times, and modes from the 150 original files transferred. 151 152 -q Quiet mode: disables the progress meter as well as warning and 153 diagnostic messages from ssh(1). 154 155 -R num_requests 156 Specify how many requests may be outstanding at any one time. 157 Increasing this may slightly improve file transfer speed but will 158 increase memory usage. The default is 64 outstanding requests. 159 160 -r Recursively copy entire directories when uploading and 161 downloading. Note that sftp does not follow symbolic links 162 encountered in the tree traversal. 163 164 -S program 165 Name of the program to use for the encrypted connection. The 166 program must understand ssh(1) options. 167 168 -s subsystem | sftp_server 169 Specifies the SSH2 subsystem or the path for an sftp server on 170 the remote host. A path is useful for using sftp over protocol 171 version 1, or when the remote sshd(8) does not have an sftp 172 subsystem configured. 173 174 -v Raise logging level. This option is also passed to ssh. 175 176INTERACTIVE COMMANDS 177 Once in interactive mode, sftp understands a set of commands similar to 178 those of ftp(1). Commands are case insensitive. Pathnames that contain 179 spaces must be enclosed in quotes. Any special characters contained 180 within pathnames that are recognized by glob(3) must be escaped with 181 backslashes (`\'). 182 183 bye Quit sftp. 184 185 cd path 186 Change remote directory to path. 187 188 chgrp grp path 189 Change group of file path to grp. path may contain glob(3) 190 characters and may match multiple files. grp must be a numeric 191 GID. 192 193 chmod mode path 194 Change permissions of file path to mode. path may contain 195 glob(3) characters and may match multiple files. 196 197 chown own path 198 Change owner of file path to own. path may contain glob(3) 199 characters and may match multiple files. own must be a numeric 200 UID. 201 202 df [-hi] [path] 203 Display usage information for the filesystem holding the current 204 directory (or path if specified). If the -h flag is specified, 205 the capacity information will be displayed using "human-readable" 206 suffixes. The -i flag requests display of inode information in 207 addition to capacity information. This command is only supported 208 on servers that implement the ``statvfs@openssh.com'' extension. 209 210 exit Quit sftp. 211 212 get [-aPpr] remote-path [local-path] 213 Retrieve the remote-path and store it on the local machine. If 214 the local path name is not specified, it is given the same name 215 it has on the remote machine. remote-path may contain glob(3) 216 characters and may match multiple files. If it does and 217 local-path is specified, then local-path must specify a 218 directory. 219 220 If the -a flag is specified, then attempt to resume partial 221 transfers of existing files. Note that resumption assumes that 222 any partial copy of the local file matches the remote copy. If 223 the remote file differs from the partial local copy then the 224 resultant file is likely to be corrupt. 225 226 If either the -P or -p flag is specified, then full file 227 permissions and access times are copied too. 228 229 If the -r flag is specified then directories will be copied 230 recursively. Note that sftp does not follow symbolic links when 231 performing recursive transfers. 232 233 help Display help text. 234 235 lcd path 236 Change local directory to path. 237 238 lls [ls-options [path]] 239 Display local directory listing of either path or current 240 directory if path is not specified. ls-options may contain any 241 flags supported by the local system's ls(1) command. path may 242 contain glob(3) characters and may match multiple files. 243 244 lmkdir path 245 Create local directory specified by path. 246 247 ln [-s] oldpath newpath 248 Create a link from oldpath to newpath. If the -s flag is 249 specified the created link is a symbolic link, otherwise it is a 250 hard link. 251 252 lpwd Print local working directory. 253 254 ls [-1afhlnrSt] [path] 255 Display a remote directory listing of either path or the current 256 directory if path is not specified. path may contain glob(3) 257 characters and may match multiple files. 258 259 The following flags are recognized and alter the behaviour of ls 260 accordingly: 261 262 -1 Produce single columnar output. 263 264 -a List files beginning with a dot (`.'). 265 266 -f Do not sort the listing. The default sort order is 267 lexicographical. 268 269 -h When used with a long format option, use unit suffixes: 270 Byte, Kilobyte, Megabyte, Gigabyte, Terabyte, Petabyte, 271 and Exabyte in order to reduce the number of digits to 272 four or fewer using powers of 2 for sizes (K=1024, 273 M=1048576, etc.). 274 275 -l Display additional details including permissions and 276 ownership information. 277 278 -n Produce a long listing with user and group information 279 presented numerically. 280 281 -r Reverse the sort order of the listing. 282 283 -S Sort the listing by file size. 284 285 -t Sort the listing by last modification time. 286 287 lumask umask 288 Set local umask to umask. 289 290 mkdir path 291 Create remote directory specified by path. 292 293 progress 294 Toggle display of progress meter. 295 296 put [-Ppr] local-path [remote-path] 297 Upload local-path and store it on the remote machine. If the 298 remote path name is not specified, it is given the same name it 299 has on the local machine. local-path may contain glob(3) 300 characters and may match multiple files. If it does and 301 remote-path is specified, then remote-path must specify a 302 directory. 303 304 If either the -P or -p flag is specified, then full file 305 permissions and access times are copied too. 306 307 If the -r flag is specified then directories will be copied 308 recursively. Note that sftp does not follow symbolic links when 309 performing recursive transfers. 310 311 pwd Display remote working directory. 312 313 quit Quit sftp. 314 315 reget [-Ppr] remote-path [local-path] 316 Resume download of remote-path. Equivalent to get with the -a 317 flag set. 318 319 rename oldpath newpath 320 Rename remote file from oldpath to newpath. 321 322 rm path 323 Delete remote file specified by path. 324 325 rmdir path 326 Remove remote directory specified by path. 327 328 symlink oldpath newpath 329 Create a symbolic link from oldpath to newpath. 330 331 version 332 Display the sftp protocol version. 333 334 !command 335 Execute command in local shell. 336 337 ! Escape to local shell. 338 339 ? Synonym for help. 340 341SEE ALSO 342 ftp(1), ls(1), scp(1), ssh(1), ssh-add(1), ssh-keygen(1), glob(3), 343 ssh_config(5), sftp-server(8), sshd(8) 344 345 T. Ylonen and S. Lehtinen, SSH File Transfer Protocol, draft-ietf-secsh- 346 filexfer-00.txt, January 2001, work in progress material. 347 348OpenBSD 5.4 July 25, 2013 OpenBSD 5.4 349