sftp.0 revision 255670
1182080SrnolandSFTP(1) OpenBSD Reference Manual SFTP(1) 2145132Sanholt 3145132SanholtNAME 4145132Sanholt sftp - secure file transfer program 5145132Sanholt 6145132SanholtSYNOPSIS 7145132Sanholt sftp [-1246Cpqrv] [-B buffer_size] [-b batchfile] [-c cipher] 8145132Sanholt [-D sftp_server_path] [-F ssh_config] [-i identity_file] [-l limit] 9145132Sanholt [-o ssh_option] [-P port] [-R num_requests] [-S program] 10145132Sanholt [-s subsystem | sftp_server] host 11145132Sanholt sftp [user@]host[:file ...] 12145132Sanholt sftp [user@]host[:dir[/]] 13145132Sanholt sftp -b batchfile [user@]host 14145132Sanholt 15145132SanholtDESCRIPTION 16145132Sanholt sftp is an interactive file transfer program, similar to ftp(1), which 17145132Sanholt performs all operations over an encrypted ssh(1) transport. It may also 18145132Sanholt use many features of ssh, such as public key authentication and 19145132Sanholt compression. sftp connects and logs into the specified host, then enters 20145132Sanholt an interactive command mode. 21145132Sanholt 22145132Sanholt The second usage format will retrieve files automatically if a non- 23145132Sanholt interactive authentication method is used; otherwise it will do so after 24145132Sanholt successful interactive authentication. 25145132Sanholt 26145132Sanholt The third usage format allows sftp to start in a remote directory. 27145132Sanholt 28145132Sanholt The final usage format allows for automated sessions using the -b option. 29145132Sanholt In such cases, it is necessary to configure non-interactive 30145132Sanholt authentication to obviate the need to enter a password at connection time 31145132Sanholt (see sshd(8) and ssh-keygen(1) for details). 32152909Sanholt 33152909Sanholt Since some usage formats use colon characters to delimit host names from 34145132Sanholt path names, IPv6 addresses must be enclosed in square brackets to avoid 35152909Sanholt ambiguity. 36152909Sanholt 37203287Srnoland The options are as follows: 38152909Sanholt 39152909Sanholt -1 Specify the use of protocol version 1. 40152909Sanholt 41152909Sanholt -2 Specify the use of protocol version 2. 42145132Sanholt 43145132Sanholt -4 Forces sftp to use IPv4 addresses only. 44145132Sanholt 45145132Sanholt -6 Forces sftp to use IPv6 addresses only. 46145132Sanholt 47189563Srnoland -B buffer_size 48145132Sanholt Specify the size of the buffer that sftp uses when transferring 49189563Srnoland files. Larger buffers require fewer round trips at the cost of 50182080Srnoland higher memory consumption. The default is 32768 bytes. 51190163Srnoland 52182080Srnoland -b batchfile 53182080Srnoland Batch mode reads a series of commands from an input batchfile 54182080Srnoland instead of stdin. Since it lacks user interaction it should be 55182080Srnoland used in conjunction with non-interactive authentication. A 56194741Srnoland batchfile of `-' may be used to indicate standard input. sftp 57194741Srnoland will abort if any of the following commands fail: get, put, 58182080Srnoland reget, rename, ln, rm, mkdir, chdir, ls, lchdir, chmod, chown, 59194741Srnoland chgrp, lpwd, df, symlink, and lmkdir. Termination on error can 60182080Srnoland be suppressed on a command by command basis by prefixing the 61189563Srnoland command with a `-' character (for example, -rm /tmp/blah*). 62182080Srnoland 63182080Srnoland -C Enables compression (via ssh's -C flag). 64189563Srnoland 65182080Srnoland -c cipher 66189563Srnoland Selects the cipher to use for encrypting the data transfers. 67182080Srnoland This option is directly passed to ssh(1). 68194741Srnoland 69182080Srnoland -D sftp_server_path 70194741Srnoland Connect directly to a local sftp server (rather than via ssh(1)). 71194741Srnoland This option may be useful in debugging the client and server. 72182080Srnoland 73189563Srnoland -F ssh_config 74182080Srnoland Specifies an alternative per-user configuration file for ssh(1). 75182080Srnoland This option is directly passed to ssh(1). 76182080Srnoland 77182080Srnoland -i identity_file 78183573Srnoland Selects the file from which the identity (private key) for public 79183573Srnoland key authentication is read. This option is directly passed to 80183573Srnoland ssh(1). 81145132Sanholt 82183573Srnoland -l limit 83183573Srnoland Limits the used bandwidth, specified in Kbit/s. 84183573Srnoland 85183573Srnoland -o ssh_option 86183573Srnoland Can be used to pass options to ssh in the format used in 87183573Srnoland ssh_config(5). This is useful for specifying options for which 88183573Srnoland there is no separate sftp command-line flag. For example, to 89183573Srnoland specify an alternate port use: sftp -oPort=24. For full details 90183573Srnoland of the options listed below, and their possible values, see 91183573Srnoland ssh_config(5). 92183573Srnoland 93183573Srnoland AddressFamily 94145132Sanholt BatchMode 95183573Srnoland BindAddress 96183573Srnoland ChallengeResponseAuthentication 97145132Sanholt CheckHostIP 98183573Srnoland Cipher 99183573Srnoland Ciphers 100183573Srnoland Compression 101183573Srnoland CompressionLevel 102183573Srnoland ConnectionAttempts 103183573Srnoland ConnectTimeout 104145132Sanholt ControlMaster 105145132Sanholt ControlPath 106145132Sanholt ControlPersist 107189563Srnoland GlobalKnownHostsFile 108145132Sanholt GSSAPIAuthentication 109189563Srnoland GSSAPIDelegateCredentials 110145132Sanholt HashKnownHosts 111145132Sanholt Host 112145132Sanholt HostbasedAuthentication 113189563Srnoland HostKeyAlgorithms 114145132Sanholt HostKeyAlias 115189563Srnoland HostName 116145132Sanholt IdentityFile 117183833Srnoland IdentitiesOnly 118183604Srnoland IPQoS 119183604Srnoland KbdInteractiveAuthentication 120145132Sanholt KbdInteractiveDevices 121183573Srnoland KexAlgorithms 122189563Srnoland LogLevel 123145132Sanholt MACs 124145132Sanholt NoHostAuthenticationForLocalhost 125183573Srnoland NumberOfPasswordPrompts 126189563Srnoland PasswordAuthentication 127183573Srnoland PKCS11Provider 128189563Srnoland Port 129183573Srnoland PreferredAuthentications 130183573Srnoland Protocol 131189563Srnoland ProxyCommand 132183573Srnoland PubkeyAuthentication 133183833Srnoland RekeyLimit 134183573Srnoland RhostsRSAAuthentication 135183573Srnoland RSAAuthentication 136183573Srnoland SendEnv 137183573Srnoland ServerAliveInterval 138145132Sanholt ServerAliveCountMax 139145132Sanholt StrictHostKeyChecking 140145132Sanholt TCPKeepAlive 141145132Sanholt UsePrivilegedPort 142182080Srnoland User 143182080Srnoland UserKnownHostsFile 144183573Srnoland VerifyHostKeyDNS 145145132Sanholt 146145132Sanholt -P port 147145132Sanholt Specifies the port to connect to on the remote host. 148145132Sanholt 149145132Sanholt -p Preserves modification times, access times, and modes from the 150153579Sjhb original files transferred. 151153579Sjhb 152153579Sjhb -q Quiet mode: disables the progress meter as well as warning and 153145132Sanholt diagnostic messages from ssh(1). 154153579Sjhb 155145132Sanholt -R num_requests 156182080Srnoland Specify how many requests may be outstanding at any one time. 157145132Sanholt Increasing this may slightly improve file transfer speed but will 158145132Sanholt increase memory usage. The default is 64 outstanding requests. 159145132Sanholt 160153579Sjhb -r Recursively copy entire directories when uploading and 161153579Sjhb downloading. Note that sftp does not follow symbolic links 162153579Sjhb encountered in the tree traversal. 163153033Sanholt 164153579Sjhb -S program 165145132Sanholt Name of the program to use for the encrypted connection. The 166 program must understand ssh(1) options. 167 168 -s subsystem | sftp_server 169 Specifies the SSH2 subsystem or the path for an sftp server on 170 the remote host. A path is useful for using sftp over protocol 171 version 1, or when the remote sshd(8) does not have an sftp 172 subsystem configured. 173 174 -v Raise logging level. This option is also passed to ssh. 175 176INTERACTIVE COMMANDS 177 Once in interactive mode, sftp understands a set of commands similar to 178 those of ftp(1). Commands are case insensitive. Pathnames that contain 179 spaces must be enclosed in quotes. Any special characters contained 180 within pathnames that are recognized by glob(3) must be escaped with 181 backslashes (`\'). 182 183 bye Quit sftp. 184 185 cd path 186 Change remote directory to path. 187 188 chgrp grp path 189 Change group of file path to grp. path may contain glob(3) 190 characters and may match multiple files. grp must be a numeric 191 GID. 192 193 chmod mode path 194 Change permissions of file path to mode. path may contain 195 glob(3) characters and may match multiple files. 196 197 chown own path 198 Change owner of file path to own. path may contain glob(3) 199 characters and may match multiple files. own must be a numeric 200 UID. 201 202 df [-hi] [path] 203 Display usage information for the filesystem holding the current 204 directory (or path if specified). If the -h flag is specified, 205 the capacity information will be displayed using "human-readable" 206 suffixes. The -i flag requests display of inode information in 207 addition to capacity information. This command is only supported 208 on servers that implement the ``statvfs@openssh.com'' extension. 209 210 exit Quit sftp. 211 212 get [-aPpr] remote-path [local-path] 213 Retrieve the remote-path and store it on the local machine. If 214 the local path name is not specified, it is given the same name 215 it has on the remote machine. remote-path may contain glob(3) 216 characters and may match multiple files. If it does and 217 local-path is specified, then local-path must specify a 218 directory. 219 220 If the -a flag is specified, then attempt to resume partial 221 transfers of existing files. Note that resumption assumes that 222 any partial copy of the local file matches the remote copy. If 223 the remote file differs from the partial local copy then the 224 resultant file is likely to be corrupt. 225 226 If either the -P or -p flag is specified, then full file 227 permissions and access times are copied too. 228 229 If the -r flag is specified then directories will be copied 230 recursively. Note that sftp does not follow symbolic links when 231 performing recursive transfers. 232 233 help Display help text. 234 235 lcd path 236 Change local directory to path. 237 238 lls [ls-options [path]] 239 Display local directory listing of either path or current 240 directory if path is not specified. ls-options may contain any 241 flags supported by the local system's ls(1) command. path may 242 contain glob(3) characters and may match multiple files. 243 244 lmkdir path 245 Create local directory specified by path. 246 247 ln [-s] oldpath newpath 248 Create a link from oldpath to newpath. If the -s flag is 249 specified the created link is a symbolic link, otherwise it is a 250 hard link. 251 252 lpwd Print local working directory. 253 254 ls [-1afhlnrSt] [path] 255 Display a remote directory listing of either path or the current 256 directory if path is not specified. path may contain glob(3) 257 characters and may match multiple files. 258 259 The following flags are recognized and alter the behaviour of ls 260 accordingly: 261 262 -1 Produce single columnar output. 263 264 -a List files beginning with a dot (`.'). 265 266 -f Do not sort the listing. The default sort order is 267 lexicographical. 268 269 -h When used with a long format option, use unit suffixes: 270 Byte, Kilobyte, Megabyte, Gigabyte, Terabyte, Petabyte, 271 and Exabyte in order to reduce the number of digits to 272 four or fewer using powers of 2 for sizes (K=1024, 273 M=1048576, etc.). 274 275 -l Display additional details including permissions and 276 ownership information. 277 278 -n Produce a long listing with user and group information 279 presented numerically. 280 281 -r Reverse the sort order of the listing. 282 283 -S Sort the listing by file size. 284 285 -t Sort the listing by last modification time. 286 287 lumask umask 288 Set local umask to umask. 289 290 mkdir path 291 Create remote directory specified by path. 292 293 progress 294 Toggle display of progress meter. 295 296 put [-Ppr] local-path [remote-path] 297 Upload local-path and store it on the remote machine. If the 298 remote path name is not specified, it is given the same name it 299 has on the local machine. local-path may contain glob(3) 300 characters and may match multiple files. If it does and 301 remote-path is specified, then remote-path must specify a 302 directory. 303 304 If either the -P or -p flag is specified, then full file 305 permissions and access times are copied too. 306 307 If the -r flag is specified then directories will be copied 308 recursively. Note that sftp does not follow symbolic links when 309 performing recursive transfers. 310 311 pwd Display remote working directory. 312 313 quit Quit sftp. 314 315 reget [-Ppr] remote-path [local-path] 316 Resume download of remote-path. Equivalent to get with the -a 317 flag set. 318 319 rename oldpath newpath 320 Rename remote file from oldpath to newpath. 321 322 rm path 323 Delete remote file specified by path. 324 325 rmdir path 326 Remove remote directory specified by path. 327 328 symlink oldpath newpath 329 Create a symbolic link from oldpath to newpath. 330 331 version 332 Display the sftp protocol version. 333 334 !command 335 Execute command in local shell. 336 337 ! Escape to local shell. 338 339 ? Synonym for help. 340 341SEE ALSO 342 ftp(1), ls(1), scp(1), ssh(1), ssh-add(1), ssh-keygen(1), glob(3), 343 ssh_config(5), sftp-server(8), sshd(8) 344 345 T. Ylonen and S. Lehtinen, SSH File Transfer Protocol, 346 draft-ietf-secsh-filexfer-00.txt, January 2001, work in progress 347 material. 348 349OpenBSD 5.4 July 25, 2013 OpenBSD 5.4 350