1.\" $OpenBSD: sftp.1,v 1.90 2011/08/07 12:55:30 dtucker Exp $ 2.\" 3.\" Copyright (c) 2001 Damien Miller. All rights reserved. 4.\" 5.\" Redistribution and use in source and binary forms, with or without 6.\" modification, are permitted provided that the following conditions 7.\" are met: 8.\" 1. Redistributions of source code must retain the above copyright 9.\" notice, this list of conditions and the following disclaimer. 10.\" 2. Redistributions in binary form must reproduce the above copyright 11.\" notice, this list of conditions and the following disclaimer in the 12.\" documentation and/or other materials provided with the distribution. 13.\" 14.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 15.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 16.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 17.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 18.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 19.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 20.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 21.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 22.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 23.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24.\" 25.Dd $Mdocdate: August 7 2011 $ 26.Dt SFTP 1 27.Os 28.Sh NAME 29.Nm sftp 30.Nd secure file transfer program 31.Sh SYNOPSIS 32.Nm sftp 33.Bk -words 34.Op Fl 1246Cpqrv 35.Op Fl B Ar buffer_size 36.Op Fl b Ar batchfile 37.Op Fl c Ar cipher 38.Op Fl D Ar sftp_server_path 39.Op Fl F Ar ssh_config 40.Op Fl i Ar identity_file 41.Op Fl l Ar limit 42.Op Fl o Ar ssh_option 43.Op Fl P Ar port 44.Op Fl R Ar num_requests 45.Op Fl S Ar program 46.Op Fl s Ar subsystem | sftp_server 47.Ar host 48.Ek 49.Nm sftp 50.Oo Ar user Ns @ Oc Ns 51.Ar host Ns Op : Ns Ar 52.Nm sftp 53.Oo 54.Ar user Ns @ Oc Ns 55.Ar host Ns Oo : Ns Ar dir Ns 56.Op Ar / 57.Oc 58.Nm sftp 59.Fl b Ar batchfile 60.Oo Ar user Ns @ Oc Ns Ar host 61.Sh DESCRIPTION 62.Nm 63is an interactive file transfer program, similar to 64.Xr ftp 1 , 65which performs all operations over an encrypted 66.Xr ssh 1 67transport. 68It may also use many features of ssh, such as public key authentication and 69compression. 70.Nm 71connects and logs into the specified 72.Ar host , 73then enters an interactive command mode. 74.Pp 75The second usage format will retrieve files automatically if a non-interactive 76authentication method is used; otherwise it will do so after 77successful interactive authentication. 78.Pp 79The third usage format allows 80.Nm 81to start in a remote directory. 82.Pp 83The final usage format allows for automated sessions using the 84.Fl b 85option. 86In such cases, it is necessary to configure non-interactive authentication 87to obviate the need to enter a password at connection time (see 88.Xr sshd 8 89and 90.Xr ssh-keygen 1 91for details). 92.Pp 93Since some usage formats use colon characters to delimit host names from path 94names, IPv6 addresses must be enclosed in square brackets to avoid ambiguity. 95.Pp 96The options are as follows: 97.Bl -tag -width Ds 98.It Fl 1 99Specify the use of protocol version 1. 100.It Fl 2 101Specify the use of protocol version 2. 102.It Fl 4 103Forces 104.Nm 105to use IPv4 addresses only. 106.It Fl 6 107Forces 108.Nm 109to use IPv6 addresses only. 110.It Fl B Ar buffer_size 111Specify the size of the buffer that 112.Nm 113uses when transferring files. 114Larger buffers require fewer round trips at the cost of higher 115memory consumption. 116The default is 32768 bytes. 117.It Fl b Ar batchfile 118Batch mode reads a series of commands from an input 119.Ar batchfile 120instead of 121.Em stdin . 122Since it lacks user interaction it should be used in conjunction with 123non-interactive authentication. 124A 125.Ar batchfile 126of 127.Sq \- 128may be used to indicate standard input. 129.Nm 130will abort if any of the following 131commands fail: 132.Ic get , put , rename , ln , 133.Ic rm , mkdir , chdir , ls , 134.Ic lchdir , chmod , chown , 135.Ic chgrp , lpwd , df , symlink , 136and 137.Ic lmkdir . 138Termination on error can be suppressed on a command by command basis by 139prefixing the command with a 140.Sq \- 141character (for example, 142.Ic -rm /tmp/blah* ) . 143.It Fl C 144Enables compression (via ssh's 145.Fl C 146flag). 147.It Fl c Ar cipher 148Selects the cipher to use for encrypting the data transfers. 149This option is directly passed to 150.Xr ssh 1 . 151.It Fl D Ar sftp_server_path 152Connect directly to a local sftp server 153(rather than via 154.Xr ssh 1 ) . 155This option may be useful in debugging the client and server. 156.It Fl F Ar ssh_config 157Specifies an alternative 158per-user configuration file for 159.Xr ssh 1 . 160This option is directly passed to 161.Xr ssh 1 . 162.It Fl i Ar identity_file 163Selects the file from which the identity (private key) for public key 164authentication is read. 165This option is directly passed to 166.Xr ssh 1 . 167.It Fl l Ar limit 168Limits the used bandwidth, specified in Kbit/s. 169.It Fl o Ar ssh_option 170Can be used to pass options to 171.Nm ssh 172in the format used in 173.Xr ssh_config 5 . 174This is useful for specifying options 175for which there is no separate 176.Nm sftp 177command-line flag. 178For example, to specify an alternate port use: 179.Ic sftp -oPort=24 . 180For full details of the options listed below, and their possible values, see 181.Xr ssh_config 5 . 182.Pp 183.Bl -tag -width Ds -offset indent -compact 184.It AddressFamily 185.It BatchMode 186.It BindAddress 187.It ChallengeResponseAuthentication 188.It CheckHostIP 189.It Cipher 190.It Ciphers 191.It Compression 192.It CompressionLevel 193.It ConnectionAttempts 194.It ConnectTimeout 195.It ControlMaster 196.It ControlPath 197.It GlobalKnownHostsFile 198.It GSSAPIAuthentication 199.It GSSAPIDelegateCredentials 200.It HashKnownHosts 201.It Host 202.It HostbasedAuthentication 203.It HostKeyAlgorithms 204.It HostKeyAlias 205.It HostName 206.It IdentityFile 207.It IdentitiesOnly 208.It IPQoS 209.It KbdInteractiveDevices 210.It KexAlgorithms 211.It LogLevel 212.It MACs 213.It NoHostAuthenticationForLocalhost 214.It NumberOfPasswordPrompts 215.It PasswordAuthentication 216.It PKCS11Provider 217.It Port 218.It PreferredAuthentications 219.It Protocol 220.It ProxyCommand 221.It PubkeyAuthentication 222.It RekeyLimit 223.It RhostsRSAAuthentication 224.It RSAAuthentication 225.It SendEnv 226.It ServerAliveInterval 227.It ServerAliveCountMax 228.It StrictHostKeyChecking 229.It TCPKeepAlive 230.It UsePrivilegedPort 231.It User 232.It UserKnownHostsFile 233.It VerifyHostKeyDNS 234.El 235.It Fl P Ar port 236Specifies the port to connect to on the remote host. 237.It Fl p 238Preserves modification times, access times, and modes from the 239original files transferred. 240.It Fl q 241Quiet mode: disables the progress meter as well as warning and 242diagnostic messages from 243.Xr ssh 1 . 244.It Fl R Ar num_requests 245Specify how many requests may be outstanding at any one time. 246Increasing this may slightly improve file transfer speed 247but will increase memory usage. 248The default is 64 outstanding requests. 249.It Fl r 250Recursively copy entire directories when uploading and downloading. 251Note that 252.Nm 253does not follow symbolic links encountered in the tree traversal. 254.It Fl S Ar program 255Name of the 256.Ar program 257to use for the encrypted connection. 258The program must understand 259.Xr ssh 1 260options. 261.It Fl s Ar subsystem | sftp_server 262Specifies the SSH2 subsystem or the path for an sftp server 263on the remote host. 264A path is useful for using 265.Nm 266over protocol version 1, or when the remote 267.Xr sshd 8 268does not have an sftp subsystem configured. 269.It Fl v 270Raise logging level. 271This option is also passed to ssh. 272.El 273.Sh INTERACTIVE COMMANDS 274Once in interactive mode, 275.Nm 276understands a set of commands similar to those of 277.Xr ftp 1 . 278Commands are case insensitive. 279Pathnames that contain spaces must be enclosed in quotes. 280Any special characters contained within pathnames that are recognized by 281.Xr glob 3 282must be escaped with backslashes 283.Pq Sq \e . 284.Bl -tag -width Ds 285.It Ic bye 286Quit 287.Nm sftp . 288.It Ic cd Ar path 289Change remote directory to 290.Ar path . 291.It Ic chgrp Ar grp Ar path 292Change group of file 293.Ar path 294to 295.Ar grp . 296.Ar path 297may contain 298.Xr glob 3 299characters and may match multiple files. 300.Ar grp 301must be a numeric GID. 302.It Ic chmod Ar mode Ar path 303Change permissions of file 304.Ar path 305to 306.Ar mode . 307.Ar path 308may contain 309.Xr glob 3 310characters and may match multiple files. 311.It Ic chown Ar own Ar path 312Change owner of file 313.Ar path 314to 315.Ar own . 316.Ar path 317may contain 318.Xr glob 3 319characters and may match multiple files. 320.Ar own 321must be a numeric UID. 322.It Xo Ic df 323.Op Fl hi 324.Op Ar path 325.Xc 326Display usage information for the filesystem holding the current directory 327(or 328.Ar path 329if specified). 330If the 331.Fl h 332flag is specified, the capacity information will be displayed using 333"human-readable" suffixes. 334The 335.Fl i 336flag requests display of inode information in addition to capacity information. 337This command is only supported on servers that implement the 338.Dq statvfs@openssh.com 339extension. 340.It Ic exit 341Quit 342.Nm sftp . 343.It Xo Ic get 344.Op Fl Ppr 345.Ar remote-path 346.Op Ar local-path 347.Xc 348Retrieve the 349.Ar remote-path 350and store it on the local machine. 351If the local 352path name is not specified, it is given the same name it has on the 353remote machine. 354.Ar remote-path 355may contain 356.Xr glob 3 357characters and may match multiple files. 358If it does and 359.Ar local-path 360is specified, then 361.Ar local-path 362must specify a directory. 363.Pp 364If either the 365.Fl P 366or 367.Fl p 368flag is specified, then full file permissions and access times are 369copied too. 370.Pp 371If the 372.Fl r 373flag is specified then directories will be copied recursively. 374Note that 375.Nm 376does not follow symbolic links when performing recursive transfers. 377.It Ic help 378Display help text. 379.It Ic lcd Ar path 380Change local directory to 381.Ar path . 382.It Ic lls Op Ar ls-options Op Ar path 383Display local directory listing of either 384.Ar path 385or current directory if 386.Ar path 387is not specified. 388.Ar ls-options 389may contain any flags supported by the local system's 390.Xr ls 1 391command. 392.Ar path 393may contain 394.Xr glob 3 395characters and may match multiple files. 396.It Ic lmkdir Ar path 397Create local directory specified by 398.Ar path . 399.It Xo Ic ln 400.Op Fl s 401.Ar oldpath 402.Ar newpath 403.Xc 404Create a link from 405.Ar oldpath 406to 407.Ar newpath . 408If the 409.Fl s 410flag is specified the created link is a symbolic link, otherwise it is 411a hard link. 412.It Ic lpwd 413Print local working directory. 414.It Xo Ic ls 415.Op Fl 1afhlnrSt 416.Op Ar path 417.Xc 418Display a remote directory listing of either 419.Ar path 420or the current directory if 421.Ar path 422is not specified. 423.Ar path 424may contain 425.Xr glob 3 426characters and may match multiple files. 427.Pp 428The following flags are recognized and alter the behaviour of 429.Ic ls 430accordingly: 431.Bl -tag -width Ds 432.It Fl 1 433Produce single columnar output. 434.It Fl a 435List files beginning with a dot 436.Pq Sq \&. . 437.It Fl f 438Do not sort the listing. 439The default sort order is lexicographical. 440.It Fl h 441When used with a long format option, use unit suffixes: Byte, Kilobyte, 442Megabyte, Gigabyte, Terabyte, Petabyte, and Exabyte in order to reduce 443the number of digits to four or fewer using powers of 2 for sizes (K=1024, 444M=1048576, etc.). 445.It Fl l 446Display additional details including permissions 447and ownership information. 448.It Fl n 449Produce a long listing with user and group information presented 450numerically. 451.It Fl r 452Reverse the sort order of the listing. 453.It Fl S 454Sort the listing by file size. 455.It Fl t 456Sort the listing by last modification time. 457.El 458.It Ic lumask Ar umask 459Set local umask to 460.Ar umask . 461.It Ic mkdir Ar path 462Create remote directory specified by 463.Ar path . 464.It Ic progress 465Toggle display of progress meter. 466.It Xo Ic put 467.Op Fl Ppr 468.Ar local-path 469.Op Ar remote-path 470.Xc 471Upload 472.Ar local-path 473and store it on the remote machine. 474If the remote path name is not specified, it is given the same name it has 475on the local machine. 476.Ar local-path 477may contain 478.Xr glob 3 479characters and may match multiple files. 480If it does and 481.Ar remote-path 482is specified, then 483.Ar remote-path 484must specify a directory. 485.Pp 486If either the 487.Fl P 488or 489.Fl p 490flag is specified, then full file permissions and access times are 491copied too. 492.Pp 493If the 494.Fl r 495flag is specified then directories will be copied recursively. 496Note that 497.Nm 498does not follow symbolic links when performing recursive transfers. 499.It Ic pwd 500Display remote working directory. 501.It Ic quit 502Quit 503.Nm sftp . 504.It Ic rename Ar oldpath Ar newpath 505Rename remote file from 506.Ar oldpath 507to 508.Ar newpath . 509.It Ic rm Ar path 510Delete remote file specified by 511.Ar path . 512.It Ic rmdir Ar path 513Remove remote directory specified by 514.Ar path . 515.It Ic symlink Ar oldpath Ar newpath 516Create a symbolic link from 517.Ar oldpath 518to 519.Ar newpath . 520.It Ic version 521Display the 522.Nm 523protocol version. 524.It Ic \&! Ns Ar command 525Execute 526.Ar command 527in local shell. 528.It Ic \&! 529Escape to local shell. 530.It Ic \&? 531Synonym for help. 532.El 533.Sh SEE ALSO 534.Xr ftp 1 , 535.Xr ls 1 , 536.Xr scp 1 , 537.Xr ssh 1 , 538.Xr ssh-add 1 , 539.Xr ssh-keygen 1 , 540.Xr glob 3 , 541.Xr ssh_config 5 , 542.Xr sftp-server 8 , 543.Xr sshd 8 544.Rs 545.%A T. Ylonen 546.%A S. Lehtinen 547.%T "SSH File Transfer Protocol" 548.%N draft-ietf-secsh-filexfer-00.txt 549.%D January 2001 550.%O work in progress material 551.Re 552