1180740SdesSFTP(1) OpenBSD Reference Manual SFTP(1) 2180740Sdes 3180740SdesNAME 4180740Sdes sftp - secure file transfer program 5180740Sdes 6180740SdesSYNOPSIS 7204861Sdes sftp [-1246Cpqrv] [-B buffer_size] [-b batchfile] [-c cipher] 8218767Sdes [-D sftp_server_path] [-F ssh_config] [-i identity_file] [-l limit] 9204861Sdes [-o ssh_option] [-P port] [-R num_requests] [-S program] 10180740Sdes [-s subsystem | sftp_server] host 11189006Sdes sftp [user@]host[:file ...] 12189006Sdes sftp [user@]host[:dir[/]] 13180740Sdes sftp -b batchfile [user@]host 14180740Sdes 15180740SdesDESCRIPTION 16180740Sdes sftp is an interactive file transfer program, similar to ftp(1), which 17180740Sdes performs all operations over an encrypted ssh(1) transport. It may also 18214979Sdes use many features of ssh, such as public key authentication and 19214979Sdes compression. sftp connects and logs into the specified host, then enters 20214979Sdes an interactive command mode. 21180740Sdes 22214979Sdes The second usage format will retrieve files automatically if a non- 23214979Sdes interactive authentication method is used; otherwise it will do so after 24214979Sdes successful interactive authentication. 25180740Sdes 26180740Sdes The third usage format allows sftp to start in a remote directory. 27180740Sdes 28180740Sdes The final usage format allows for automated sessions using the -b option. 29214979Sdes In such cases, it is necessary to configure non-interactive 30214979Sdes authentication to obviate the need to enter a password at connection time 31225825Sdes (see sshd(8) and ssh-keygen(1) for details). 32180740Sdes 33225825Sdes Since some usage formats use colon characters to delimit host names from 34225825Sdes path names, IPv6 addresses must be enclosed in square brackets to avoid 35225825Sdes ambiguity. 36225825Sdes 37225825Sdes The options are as follows: 38225825Sdes 39180740Sdes -1 Specify the use of protocol version 1. 40180740Sdes 41204861Sdes -2 Specify the use of protocol version 2. 42204861Sdes 43204861Sdes -4 Forces sftp to use IPv4 addresses only. 44204861Sdes 45204861Sdes -6 Forces sftp to use IPv6 addresses only. 46204861Sdes 47180740Sdes -B buffer_size 48180740Sdes Specify the size of the buffer that sftp uses when transferring 49180740Sdes files. Larger buffers require fewer round trips at the cost of 50180740Sdes higher memory consumption. The default is 32768 bytes. 51180740Sdes 52180740Sdes -b batchfile 53214979Sdes Batch mode reads a series of commands from an input batchfile 54214979Sdes instead of stdin. Since it lacks user interaction it should be 55180740Sdes used in conjunction with non-interactive authentication. A 56180740Sdes batchfile of `-' may be used to indicate standard input. sftp 57180740Sdes will abort if any of the following commands fail: get, put, 58255670Sdes reget, rename, ln, rm, mkdir, chdir, ls, lchdir, chmod, chown, 59255670Sdes chgrp, lpwd, df, symlink, and lmkdir. Termination on error can 60255670Sdes be suppressed on a command by command basis by prefixing the 61255670Sdes command with a `-' character (for example, -rm /tmp/blah*). 62180740Sdes 63180740Sdes -C Enables compression (via ssh's -C flag). 64180740Sdes 65204861Sdes -c cipher 66204861Sdes Selects the cipher to use for encrypting the data transfers. 67204861Sdes This option is directly passed to ssh(1). 68204861Sdes 69204861Sdes -D sftp_server_path 70204861Sdes Connect directly to a local sftp server (rather than via ssh(1)). 71204861Sdes This option may be useful in debugging the client and server. 72204861Sdes 73180740Sdes -F ssh_config 74180740Sdes Specifies an alternative per-user configuration file for ssh(1). 75180740Sdes This option is directly passed to ssh(1). 76180740Sdes 77204861Sdes -i identity_file 78204861Sdes Selects the file from which the identity (private key) for public 79204861Sdes key authentication is read. This option is directly passed to 80204861Sdes ssh(1). 81204861Sdes 82218767Sdes -l limit 83218767Sdes Limits the used bandwidth, specified in Kbit/s. 84218767Sdes 85180740Sdes -o ssh_option 86180740Sdes Can be used to pass options to ssh in the format used in 87180740Sdes ssh_config(5). This is useful for specifying options for which 88180740Sdes there is no separate sftp command-line flag. For example, to 89180740Sdes specify an alternate port use: sftp -oPort=24. For full details 90180740Sdes of the options listed below, and their possible values, see 91180740Sdes ssh_config(5). 92180740Sdes 93180740Sdes AddressFamily 94180740Sdes BatchMode 95180740Sdes BindAddress 96180740Sdes ChallengeResponseAuthentication 97180740Sdes CheckHostIP 98180740Sdes Cipher 99180740Sdes Ciphers 100180740Sdes Compression 101180740Sdes CompressionLevel 102180740Sdes ConnectionAttempts 103180740Sdes ConnectTimeout 104180740Sdes ControlMaster 105180740Sdes ControlPath 106239844Sdes ControlPersist 107180740Sdes GlobalKnownHostsFile 108180740Sdes GSSAPIAuthentication 109180740Sdes GSSAPIDelegateCredentials 110180740Sdes HashKnownHosts 111180740Sdes Host 112180740Sdes HostbasedAuthentication 113180740Sdes HostKeyAlgorithms 114180740Sdes HostKeyAlias 115180740Sdes HostName 116180740Sdes IdentityFile 117180740Sdes IdentitiesOnly 118218767Sdes IPQoS 119239844Sdes KbdInteractiveAuthentication 120180740Sdes KbdInteractiveDevices 121218767Sdes KexAlgorithms 122180740Sdes LogLevel 123180740Sdes MACs 124180740Sdes NoHostAuthenticationForLocalhost 125180740Sdes NumberOfPasswordPrompts 126180740Sdes PasswordAuthentication 127204861Sdes PKCS11Provider 128180740Sdes Port 129180740Sdes PreferredAuthentications 130180740Sdes Protocol 131180740Sdes ProxyCommand 132180740Sdes PubkeyAuthentication 133180740Sdes RekeyLimit 134180740Sdes RhostsRSAAuthentication 135180740Sdes RSAAuthentication 136180740Sdes SendEnv 137180740Sdes ServerAliveInterval 138180740Sdes ServerAliveCountMax 139180740Sdes StrictHostKeyChecking 140180740Sdes TCPKeepAlive 141180740Sdes UsePrivilegedPort 142180740Sdes User 143180740Sdes UserKnownHostsFile 144180740Sdes VerifyHostKeyDNS 145180740Sdes 146204861Sdes -P port 147204861Sdes Specifies the port to connect to on the remote host. 148180740Sdes 149204861Sdes -p Preserves modification times, access times, and modes from the 150204861Sdes original files transferred. 151204861Sdes 152204861Sdes -q Quiet mode: disables the progress meter as well as warning and 153204861Sdes diagnostic messages from ssh(1). 154204861Sdes 155180740Sdes -R num_requests 156180740Sdes Specify how many requests may be outstanding at any one time. 157180740Sdes Increasing this may slightly improve file transfer speed but will 158180750Sdes increase memory usage. The default is 64 outstanding requests. 159180740Sdes 160214979Sdes -r Recursively copy entire directories when uploading and 161214979Sdes downloading. Note that sftp does not follow symbolic links 162214979Sdes encountered in the tree traversal. 163204861Sdes 164180740Sdes -S program 165180740Sdes Name of the program to use for the encrypted connection. The 166180740Sdes program must understand ssh(1) options. 167180740Sdes 168180740Sdes -s subsystem | sftp_server 169180740Sdes Specifies the SSH2 subsystem or the path for an sftp server on 170180740Sdes the remote host. A path is useful for using sftp over protocol 171214979Sdes version 1, or when the remote sshd(8) does not have an sftp 172214979Sdes subsystem configured. 173180740Sdes 174180740Sdes -v Raise logging level. This option is also passed to ssh. 175180740Sdes 176180740SdesINTERACTIVE COMMANDS 177180740Sdes Once in interactive mode, sftp understands a set of commands similar to 178180740Sdes those of ftp(1). Commands are case insensitive. Pathnames that contain 179180740Sdes spaces must be enclosed in quotes. Any special characters contained 180180740Sdes within pathnames that are recognized by glob(3) must be escaped with 181180740Sdes backslashes (`\'). 182180740Sdes 183180740Sdes bye Quit sftp. 184180740Sdes 185180740Sdes cd path 186180740Sdes Change remote directory to path. 187180740Sdes 188180740Sdes chgrp grp path 189214979Sdes Change group of file path to grp. path may contain glob(3) 190214979Sdes characters and may match multiple files. grp must be a numeric 191214979Sdes GID. 192180740Sdes 193180740Sdes chmod mode path 194180740Sdes Change permissions of file path to mode. path may contain 195180740Sdes glob(3) characters and may match multiple files. 196180740Sdes 197180740Sdes chown own path 198214979Sdes Change owner of file path to own. path may contain glob(3) 199214979Sdes characters and may match multiple files. own must be a numeric 200214979Sdes UID. 201180740Sdes 202180750Sdes df [-hi] [path] 203180750Sdes Display usage information for the filesystem holding the current 204180750Sdes directory (or path if specified). If the -h flag is specified, 205180750Sdes the capacity information will be displayed using "human-readable" 206180750Sdes suffixes. The -i flag requests display of inode information in 207180750Sdes addition to capacity information. This command is only supported 208180750Sdes on servers that implement the ``statvfs@openssh.com'' extension. 209180750Sdes 210180740Sdes exit Quit sftp. 211180740Sdes 212255670Sdes get [-aPpr] remote-path [local-path] 213180740Sdes Retrieve the remote-path and store it on the local machine. If 214180740Sdes the local path name is not specified, it is given the same name 215180740Sdes it has on the remote machine. remote-path may contain glob(3) 216214979Sdes characters and may match multiple files. If it does and 217214979Sdes local-path is specified, then local-path must specify a 218214979Sdes directory. 219180740Sdes 220255670Sdes If the -a flag is specified, then attempt to resume partial 221255670Sdes transfers of existing files. Note that resumption assumes that 222255670Sdes any partial copy of the local file matches the remote copy. If 223255670Sdes the remote file differs from the partial local copy then the 224255670Sdes resultant file is likely to be corrupt. 225255670Sdes 226214979Sdes If either the -P or -p flag is specified, then full file 227214979Sdes permissions and access times are copied too. 228204861Sdes 229214979Sdes If the -r flag is specified then directories will be copied 230214979Sdes recursively. Note that sftp does not follow symbolic links when 231204861Sdes performing recursive transfers. 232204861Sdes 233180740Sdes help Display help text. 234180740Sdes 235180740Sdes lcd path 236180740Sdes Change local directory to path. 237180740Sdes 238180740Sdes lls [ls-options [path]] 239214979Sdes Display local directory listing of either path or current 240214979Sdes directory if path is not specified. ls-options may contain any 241214979Sdes flags supported by the local system's ls(1) command. path may 242214979Sdes contain glob(3) characters and may match multiple files. 243180740Sdes 244180740Sdes lmkdir path 245180740Sdes Create local directory specified by path. 246180740Sdes 247218767Sdes ln [-s] oldpath newpath 248218767Sdes Create a link from oldpath to newpath. If the -s flag is 249218767Sdes specified the created link is a symbolic link, otherwise it is a 250218767Sdes hard link. 251180740Sdes 252180740Sdes lpwd Print local working directory. 253180740Sdes 254204861Sdes ls [-1afhlnrSt] [path] 255180740Sdes Display a remote directory listing of either path or the current 256180740Sdes directory if path is not specified. path may contain glob(3) 257180740Sdes characters and may match multiple files. 258180740Sdes 259180740Sdes The following flags are recognized and alter the behaviour of ls 260180740Sdes accordingly: 261180740Sdes 262180740Sdes -1 Produce single columnar output. 263180740Sdes 264180740Sdes -a List files beginning with a dot (`.'). 265180740Sdes 266214979Sdes -f Do not sort the listing. The default sort order is 267214979Sdes lexicographical. 268180740Sdes 269204861Sdes -h When used with a long format option, use unit suffixes: 270204861Sdes Byte, Kilobyte, Megabyte, Gigabyte, Terabyte, Petabyte, 271204861Sdes and Exabyte in order to reduce the number of digits to 272204861Sdes four or fewer using powers of 2 for sizes (K=1024, 273204861Sdes M=1048576, etc.). 274204861Sdes 275214979Sdes -l Display additional details including permissions and 276214979Sdes ownership information. 277180740Sdes 278180740Sdes -n Produce a long listing with user and group information 279180740Sdes presented numerically. 280180740Sdes 281180740Sdes -r Reverse the sort order of the listing. 282180740Sdes 283180740Sdes -S Sort the listing by file size. 284180740Sdes 285180740Sdes -t Sort the listing by last modification time. 286180740Sdes 287180740Sdes lumask umask 288180740Sdes Set local umask to umask. 289180740Sdes 290180740Sdes mkdir path 291180740Sdes Create remote directory specified by path. 292180740Sdes 293180740Sdes progress 294180740Sdes Toggle display of progress meter. 295180740Sdes 296204861Sdes put [-Ppr] local-path [remote-path] 297214979Sdes Upload local-path and store it on the remote machine. If the 298214979Sdes remote path name is not specified, it is given the same name it 299214979Sdes has on the local machine. local-path may contain glob(3) 300214979Sdes characters and may match multiple files. If it does and 301214979Sdes remote-path is specified, then remote-path must specify a 302214979Sdes directory. 303180740Sdes 304225825Sdes If either the -P or -p flag is specified, then full file 305214979Sdes permissions and access times are copied too. 306204861Sdes 307214979Sdes If the -r flag is specified then directories will be copied 308214979Sdes recursively. Note that sftp does not follow symbolic links when 309204861Sdes performing recursive transfers. 310204861Sdes 311180740Sdes pwd Display remote working directory. 312180740Sdes 313180740Sdes quit Quit sftp. 314180740Sdes 315255670Sdes reget [-Ppr] remote-path [local-path] 316255670Sdes Resume download of remote-path. Equivalent to get with the -a 317255670Sdes flag set. 318255670Sdes 319180740Sdes rename oldpath newpath 320180740Sdes Rename remote file from oldpath to newpath. 321180740Sdes 322180740Sdes rm path 323180740Sdes Delete remote file specified by path. 324180740Sdes 325180740Sdes rmdir path 326180740Sdes Remove remote directory specified by path. 327180740Sdes 328180740Sdes symlink oldpath newpath 329180740Sdes Create a symbolic link from oldpath to newpath. 330180740Sdes 331180740Sdes version 332180740Sdes Display the sftp protocol version. 333180740Sdes 334189006Sdes !command 335180740Sdes Execute command in local shell. 336180740Sdes 337180740Sdes ! Escape to local shell. 338180740Sdes 339180740Sdes ? Synonym for help. 340180740Sdes 341180740SdesSEE ALSO 342180740Sdes ftp(1), ls(1), scp(1), ssh(1), ssh-add(1), ssh-keygen(1), glob(3), 343180740Sdes ssh_config(5), sftp-server(8), sshd(8) 344180740Sdes 345258343Sdes T. Ylonen and S. Lehtinen, SSH File Transfer Protocol, draft-ietf-secsh- 346258343Sdes filexfer-00.txt, January 2001, work in progress material. 347180740Sdes 348255670SdesOpenBSD 5.4 July 25, 2013 OpenBSD 5.4 349