1.\" $OpenBSD: sftp.1,v 1.83 2010/02/08 10:50:20 markus Exp $ 2.\" 3.\" Copyright (c) 2001 Damien Miller. All rights reserved. 4.\" 5.\" Redistribution and use in source and binary forms, with or without 6.\" modification, are permitted provided that the following conditions 7.\" are met: 8.\" 1. Redistributions of source code must retain the above copyright 9.\" notice, this list of conditions and the following disclaimer. 10.\" 2. Redistributions in binary form must reproduce the above copyright 11.\" notice, this list of conditions and the following disclaimer in the 12.\" documentation and/or other materials provided with the distribution. 13.\" 14.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 15.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 16.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 17.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 18.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 19.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 20.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 21.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 22.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 23.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24.\" 25.Dd $Mdocdate: February 8 2010 $ 26.Dt SFTP 1 27.Os 28.Sh NAME 29.Nm sftp 30.Nd secure file transfer program 31.Sh SYNOPSIS 32.Nm sftp 33.Bk -words 34.Op Fl 1246Cpqrv 35.Op Fl B Ar buffer_size 36.Op Fl b Ar batchfile 37.Op Fl c Ar cipher 38.Op Fl D Ar sftp_server_path 39.Op Fl F Ar ssh_config 40.Op Fl i Ar identity_file 41.Op Fl o Ar ssh_option 42.Op Fl P Ar port 43.Op Fl R Ar num_requests 44.Op Fl S Ar program 45.Op Fl s Ar subsystem | sftp_server 46.Ar host 47.Ek 48.Nm sftp 49.Oo Ar user Ns @ Oc Ns 50.Ar host Ns Op : Ns Ar 51.Nm sftp 52.Oo Ar user Ns @ Oc Ns 53.Ar host Ns Oo : Ns Ar dir Ns 54.Op Ar / Oc 55.Nm sftp 56.Fl b Ar batchfile 57.Oo Ar user Ns @ Oc Ns Ar host 58.Sh DESCRIPTION 59.Nm 60is an interactive file transfer program, similar to 61.Xr ftp 1 , 62which performs all operations over an encrypted 63.Xr ssh 1 64transport. 65It may also use many features of ssh, such as public key authentication and 66compression. 67.Nm 68connects and logs into the specified 69.Ar host , 70then enters an interactive command mode. 71.Pp 72The second usage format will retrieve files automatically if a non-interactive 73authentication method is used; otherwise it will do so after 74successful interactive authentication. 75.Pp 76The third usage format allows 77.Nm 78to start in a remote directory. 79.Pp 80The final usage format allows for automated sessions using the 81.Fl b 82option. 83In such cases, it is necessary to configure non-interactive authentication 84to obviate the need to enter a password at connection time (see 85.Xr sshd 8 86and 87.Xr ssh-keygen 1 88for details). 89The options are as follows: 90.Bl -tag -width Ds 91.It Fl 1 92Specify the use of protocol version 1. 93.It Fl 2 94Specify the use of protocol version 2. 95.It Fl 4 96Forces 97.Nm 98to use IPv4 addresses only. 99.It Fl 6 100Forces 101.Nm 102to use IPv6 addresses only. 103.It Fl B Ar buffer_size 104Specify the size of the buffer that 105.Nm 106uses when transferring files. 107Larger buffers require fewer round trips at the cost of higher 108memory consumption. 109The default is 32768 bytes. 110.It Fl b Ar batchfile 111Batch mode reads a series of commands from an input 112.Ar batchfile 113instead of 114.Em stdin . 115Since it lacks user interaction it should be used in conjunction with 116non-interactive authentication. 117A 118.Ar batchfile 119of 120.Sq \- 121may be used to indicate standard input. 122.Nm 123will abort if any of the following 124commands fail: 125.Ic get , put , rename , ln , 126.Ic rm , mkdir , chdir , ls , 127.Ic lchdir , chmod , chown , 128.Ic chgrp , lpwd , df , 129and 130.Ic lmkdir . 131Termination on error can be suppressed on a command by command basis by 132prefixing the command with a 133.Sq \- 134character (for example, 135.Ic -rm /tmp/blah* ) . 136.It Fl C 137Enables compression (via ssh's 138.Fl C 139flag). 140.It Fl c Ar cipher 141Selects the cipher to use for encrypting the data transfers. 142This option is directly passed to 143.Xr ssh 1 . 144.It Fl D Ar sftp_server_path 145Connect directly to a local sftp server 146(rather than via 147.Xr ssh 1 ) . 148This option may be useful in debugging the client and server. 149.It Fl F Ar ssh_config 150Specifies an alternative 151per-user configuration file for 152.Xr ssh 1 . 153This option is directly passed to 154.Xr ssh 1 . 155.It Fl i Ar identity_file 156Selects the file from which the identity (private key) for public key 157authentication is read. 158This option is directly passed to 159.Xr ssh 1 . 160.It Fl o Ar ssh_option 161Can be used to pass options to 162.Nm ssh 163in the format used in 164.Xr ssh_config 5 . 165This is useful for specifying options 166for which there is no separate 167.Nm sftp 168command-line flag. 169For example, to specify an alternate port use: 170.Ic sftp -oPort=24 . 171For full details of the options listed below, and their possible values, see 172.Xr ssh_config 5 . 173.Pp 174.Bl -tag -width Ds -offset indent -compact 175.It AddressFamily 176.It BatchMode 177.It BindAddress 178.It ChallengeResponseAuthentication 179.It CheckHostIP 180.It Cipher 181.It Ciphers 182.It Compression 183.It CompressionLevel 184.It ConnectionAttempts 185.It ConnectTimeout 186.It ControlMaster 187.It ControlPath 188.It GlobalKnownHostsFile 189.It GSSAPIAuthentication 190.It GSSAPIDelegateCredentials 191.It HashKnownHosts 192.It Host 193.It HostbasedAuthentication 194.It HostKeyAlgorithms 195.It HostKeyAlias 196.It HostName 197.It IdentityFile 198.It IdentitiesOnly 199.It KbdInteractiveDevices 200.It LogLevel 201.It MACs 202.It NoHostAuthenticationForLocalhost 203.It NumberOfPasswordPrompts 204.It PasswordAuthentication 205.It PKCS11Provider 206.It Port 207.It PreferredAuthentications 208.It Protocol 209.It ProxyCommand 210.It PubkeyAuthentication 211.It RekeyLimit 212.It RhostsRSAAuthentication 213.It RSAAuthentication 214.It SendEnv 215.It ServerAliveInterval 216.It ServerAliveCountMax 217.It StrictHostKeyChecking 218.It TCPKeepAlive 219.It UsePrivilegedPort 220.It User 221.It UserKnownHostsFile 222.It VerifyHostKeyDNS 223.El 224.It Fl P Ar port 225Specifies the port to connect to on the remote host. 226.It Fl p 227Preserves modification times, access times, and modes from the 228original files transferred. 229.It Fl q 230Quiet mode: disables the progress meter as well as warning and 231diagnostic messages from 232.Xr ssh 1 . 233.It Fl R Ar num_requests 234Specify how many requests may be outstanding at any one time. 235Increasing this may slightly improve file transfer speed 236but will increase memory usage. 237The default is 256 outstanding requests providing for 8MB 238of outstanding data with a 32KB buffer. 239.It Fl r 240Recursively copy entire directories when uploading and downloading. 241Note that 242.Nm 243does not follow symbolic links encountered in the tree traversal. 244.It Fl S Ar program 245Name of the 246.Ar program 247to use for the encrypted connection. 248The program must understand 249.Xr ssh 1 250options. 251.It Fl s Ar subsystem | sftp_server 252Specifies the SSH2 subsystem or the path for an sftp server 253on the remote host. 254A path is useful for using 255.Nm 256over protocol version 1, or when the remote 257.Xr sshd 8 258does not have an sftp subsystem configured. 259.It Fl v 260Raise logging level. 261This option is also passed to ssh. 262.El 263.Sh INTERACTIVE COMMANDS 264Once in interactive mode, 265.Nm 266understands a set of commands similar to those of 267.Xr ftp 1 . 268Commands are case insensitive. 269Pathnames that contain spaces must be enclosed in quotes. 270Any special characters contained within pathnames that are recognized by 271.Xr glob 3 272must be escaped with backslashes 273.Pq Sq \e . 274.Bl -tag -width Ds 275.It Ic bye 276Quit 277.Nm sftp . 278.It Ic cd Ar path 279Change remote directory to 280.Ar path . 281.It Ic chgrp Ar grp Ar path 282Change group of file 283.Ar path 284to 285.Ar grp . 286.Ar path 287may contain 288.Xr glob 3 289characters and may match multiple files. 290.Ar grp 291must be a numeric GID. 292.It Ic chmod Ar mode Ar path 293Change permissions of file 294.Ar path 295to 296.Ar mode . 297.Ar path 298may contain 299.Xr glob 3 300characters and may match multiple files. 301.It Ic chown Ar own Ar path 302Change owner of file 303.Ar path 304to 305.Ar own . 306.Ar path 307may contain 308.Xr glob 3 309characters and may match multiple files. 310.Ar own 311must be a numeric UID. 312.It Xo Ic df 313.Op Fl hi 314.Op Ar path 315.Xc 316Display usage information for the filesystem holding the current directory 317(or 318.Ar path 319if specified). 320If the 321.Fl h 322flag is specified, the capacity information will be displayed using 323"human-readable" suffixes. 324The 325.Fl i 326flag requests display of inode information in addition to capacity information. 327This command is only supported on servers that implement the 328.Dq statvfs@openssh.com 329extension. 330.It Ic exit 331Quit 332.Nm sftp . 333.It Xo Ic get 334.Op Fl Ppr 335.Ar remote-path 336.Op Ar local-path 337.Xc 338Retrieve the 339.Ar remote-path 340and store it on the local machine. 341If the local 342path name is not specified, it is given the same name it has on the 343remote machine. 344.Ar remote-path 345may contain 346.Xr glob 3 347characters and may match multiple files. 348If it does and 349.Ar local-path 350is specified, then 351.Ar local-path 352must specify a directory. 353.Pp 354If either the 355.Fl P 356or 357.Fl p 358flag is specified, then full file permissions and access times are 359copied too. 360.Pp 361If the 362.Fl r 363flag is specified then directories will be copied recursively. 364Note that 365.Nm 366does not follow symbolic links when performing recursive transfers. 367.It Ic help 368Display help text. 369.It Ic lcd Ar path 370Change local directory to 371.Ar path . 372.It Ic lls Op Ar ls-options Op Ar path 373Display local directory listing of either 374.Ar path 375or current directory if 376.Ar path 377is not specified. 378.Ar ls-options 379may contain any flags supported by the local system's 380.Xr ls 1 381command. 382.Ar path 383may contain 384.Xr glob 3 385characters and may match multiple files. 386.It Ic lmkdir Ar path 387Create local directory specified by 388.Ar path . 389.It Ic ln Ar oldpath Ar newpath 390Create a symbolic link from 391.Ar oldpath 392to 393.Ar newpath . 394.It Ic lpwd 395Print local working directory. 396.It Xo Ic ls 397.Op Fl 1afhlnrSt 398.Op Ar path 399.Xc 400Display a remote directory listing of either 401.Ar path 402or the current directory if 403.Ar path 404is not specified. 405.Ar path 406may contain 407.Xr glob 3 408characters and may match multiple files. 409.Pp 410The following flags are recognized and alter the behaviour of 411.Ic ls 412accordingly: 413.Bl -tag -width Ds 414.It Fl 1 415Produce single columnar output. 416.It Fl a 417List files beginning with a dot 418.Pq Sq \&. . 419.It Fl f 420Do not sort the listing. 421The default sort order is lexicographical. 422.It Fl h 423When used with a long format option, use unit suffixes: Byte, Kilobyte, 424Megabyte, Gigabyte, Terabyte, Petabyte, and Exabyte in order to reduce 425the number of digits to four or fewer using powers of 2 for sizes (K=1024, 426M=1048576, etc.). 427.It Fl l 428Display additional details including permissions 429and ownership information. 430.It Fl n 431Produce a long listing with user and group information presented 432numerically. 433.It Fl r 434Reverse the sort order of the listing. 435.It Fl S 436Sort the listing by file size. 437.It Fl t 438Sort the listing by last modification time. 439.El 440.It Ic lumask Ar umask 441Set local umask to 442.Ar umask . 443.It Ic mkdir Ar path 444Create remote directory specified by 445.Ar path . 446.It Ic progress 447Toggle display of progress meter. 448.It Xo Ic put 449.Op Fl Ppr 450.Ar local-path 451.Op Ar remote-path 452.Xc 453Upload 454.Ar local-path 455and store it on the remote machine. 456If the remote path name is not specified, it is given the same name it has 457on the local machine. 458.Ar local-path 459may contain 460.Xr glob 3 461characters and may match multiple files. 462If it does and 463.Ar remote-path 464is specified, then 465.Ar remote-path 466must specify a directory. 467.Pp 468If ether the 469.Fl P 470or 471.Fl p 472flag is specified, then full file permissions and access times are 473copied too. 474.Pp 475If the 476.Fl r 477flag is specified then directories will be copied recursively. 478Note that 479.Nm 480does not follow symbolic links when performing recursive transfers. 481.It Ic pwd 482Display remote working directory. 483.It Ic quit 484Quit 485.Nm sftp . 486.It Ic rename Ar oldpath Ar newpath 487Rename remote file from 488.Ar oldpath 489to 490.Ar newpath . 491.It Ic rm Ar path 492Delete remote file specified by 493.Ar path . 494.It Ic rmdir Ar path 495Remove remote directory specified by 496.Ar path . 497.It Ic symlink Ar oldpath Ar newpath 498Create a symbolic link from 499.Ar oldpath 500to 501.Ar newpath . 502.It Ic version 503Display the 504.Nm 505protocol version. 506.It Ic \&! Ns Ar command 507Execute 508.Ar command 509in local shell. 510.It Ic \&! 511Escape to local shell. 512.It Ic \&? 513Synonym for help. 514.El 515.Sh SEE ALSO 516.Xr ftp 1 , 517.Xr ls 1 , 518.Xr scp 1 , 519.Xr ssh 1 , 520.Xr ssh-add 1 , 521.Xr ssh-keygen 1 , 522.Xr glob 3 , 523.Xr ssh_config 5 , 524.Xr sftp-server 8 , 525.Xr sshd 8 526.Rs 527.%A T. Ylonen 528.%A S. Lehtinen 529.%T "SSH File Transfer Protocol" 530.%N draft-ietf-secsh-filexfer-00.txt 531.%D January 2001 532.%O work in progress material 533.Re 534