1.\" $OpenBSD: sftp.1,v 1.101 2015/01/30 11:43:14 djm Exp $ 2.\" 3.\" Copyright (c) 2001 Damien Miller. All rights reserved. 4.\" 5.\" Redistribution and use in source and binary forms, with or without 6.\" modification, are permitted provided that the following conditions 7.\" are met: 8.\" 1. Redistributions of source code must retain the above copyright 9.\" notice, this list of conditions and the following disclaimer. 10.\" 2. Redistributions in binary form must reproduce the above copyright 11.\" notice, this list of conditions and the following disclaimer in the 12.\" documentation and/or other materials provided with the distribution. 13.\" 14.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 15.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 16.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 17.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 18.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 19.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 20.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 21.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 22.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 23.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24.\" 25.Dd $Mdocdate: January 30 2015 $ 26.Dt SFTP 1 27.Os 28.Sh NAME 29.Nm sftp 30.Nd secure file transfer program 31.Sh SYNOPSIS 32.Nm sftp 33.Bk -words 34.Op Fl 1246aCfpqrv 35.Op Fl B Ar buffer_size 36.Op Fl b Ar batchfile 37.Op Fl c Ar cipher 38.Op Fl D Ar sftp_server_path 39.Op Fl F Ar ssh_config 40.Op Fl i Ar identity_file 41.Op Fl l Ar limit 42.Op Fl o Ar ssh_option 43.Op Fl P Ar port 44.Op Fl R Ar num_requests 45.Op Fl S Ar program 46.Op Fl s Ar subsystem | sftp_server 47.Ar host 48.Ek 49.Nm sftp 50.Oo Ar user Ns @ Oc Ns 51.Ar host Ns Op : Ns Ar 52.Nm sftp 53.Oo 54.Ar user Ns @ Oc Ns 55.Ar host Ns Oo : Ns Ar dir Ns 56.Op Ar / 57.Oc 58.Nm sftp 59.Fl b Ar batchfile 60.Oo Ar user Ns @ Oc Ns Ar host 61.Sh DESCRIPTION 62.Nm 63is an interactive file transfer program, similar to 64.Xr ftp 1 , 65which performs all operations over an encrypted 66.Xr ssh 1 67transport. 68It may also use many features of ssh, such as public key authentication and 69compression. 70.Nm 71connects and logs into the specified 72.Ar host , 73then enters an interactive command mode. 74.Pp 75The second usage format will retrieve files automatically if a non-interactive 76authentication method is used; otherwise it will do so after 77successful interactive authentication. 78.Pp 79The third usage format allows 80.Nm 81to start in a remote directory. 82.Pp 83The final usage format allows for automated sessions using the 84.Fl b 85option. 86In such cases, it is necessary to configure non-interactive authentication 87to obviate the need to enter a password at connection time (see 88.Xr sshd 8 89and 90.Xr ssh-keygen 1 91for details). 92.Pp 93Since some usage formats use colon characters to delimit host names from path 94names, IPv6 addresses must be enclosed in square brackets to avoid ambiguity. 95.Pp 96The options are as follows: 97.Bl -tag -width Ds 98.It Fl 1 99Specify the use of protocol version 1. 100.It Fl 2 101Specify the use of protocol version 2. 102.It Fl 4 103Forces 104.Nm 105to use IPv4 addresses only. 106.It Fl 6 107Forces 108.Nm 109to use IPv6 addresses only. 110.It Fl a 111Attempt to continue interrupted transfers rather than overwriting 112existing partial or complete copies of files. 113If the partial contents differ from those being transferred, 114then the resultant file is likely to be corrupt. 115.It Fl B Ar buffer_size 116Specify the size of the buffer that 117.Nm 118uses when transferring files. 119Larger buffers require fewer round trips at the cost of higher 120memory consumption. 121The default is 32768 bytes. 122.It Fl b Ar batchfile 123Batch mode reads a series of commands from an input 124.Ar batchfile 125instead of 126.Em stdin . 127Since it lacks user interaction it should be used in conjunction with 128non-interactive authentication. 129A 130.Ar batchfile 131of 132.Sq \- 133may be used to indicate standard input. 134.Nm 135will abort if any of the following 136commands fail: 137.Ic get , put , reget , reput, rename , ln , 138.Ic rm , mkdir , chdir , ls , 139.Ic lchdir , chmod , chown , 140.Ic chgrp , lpwd , df , symlink , 141and 142.Ic lmkdir . 143Termination on error can be suppressed on a command by command basis by 144prefixing the command with a 145.Sq \- 146character (for example, 147.Ic -rm /tmp/blah* ) . 148.It Fl C 149Enables compression (via ssh's 150.Fl C 151flag). 152.It Fl c Ar cipher 153Selects the cipher to use for encrypting the data transfers. 154This option is directly passed to 155.Xr ssh 1 . 156.It Fl D Ar sftp_server_path 157Connect directly to a local sftp server 158(rather than via 159.Xr ssh 1 ) . 160This option may be useful in debugging the client and server. 161.It Fl F Ar ssh_config 162Specifies an alternative 163per-user configuration file for 164.Xr ssh 1 . 165This option is directly passed to 166.Xr ssh 1 . 167.It Fl f 168Requests that files be flushed to disk immediately after transfer. 169When uploading files, this feature is only enabled if the server 170implements the "fsync@openssh.com" extension. 171.It Fl i Ar identity_file 172Selects the file from which the identity (private key) for public key 173authentication is read. 174This option is directly passed to 175.Xr ssh 1 . 176.It Fl l Ar limit 177Limits the used bandwidth, specified in Kbit/s. 178.It Fl o Ar ssh_option 179Can be used to pass options to 180.Nm ssh 181in the format used in 182.Xr ssh_config 5 . 183This is useful for specifying options 184for which there is no separate 185.Nm sftp 186command-line flag. 187For example, to specify an alternate port use: 188.Ic sftp -oPort=24 . 189For full details of the options listed below, and their possible values, see 190.Xr ssh_config 5 . 191.Pp 192.Bl -tag -width Ds -offset indent -compact 193.It AddressFamily 194.It BatchMode 195.It BindAddress 196.It CanonicalDomains 197.It CanonicalizeFallbackLocal 198.It CanonicalizeHostname 199.It CanonicalizeMaxDots 200.It CanonicalizePermittedCNAMEs 201.It ChallengeResponseAuthentication 202.It CheckHostIP 203.It Cipher 204.It Ciphers 205.It Compression 206.It CompressionLevel 207.It ConnectionAttempts 208.It ConnectTimeout 209.It ControlMaster 210.It ControlPath 211.It ControlPersist 212.It GlobalKnownHostsFile 213.It GSSAPIAuthentication 214.It GSSAPIDelegateCredentials 215.It HashKnownHosts 216.It Host 217.It HostbasedAuthentication 218.It HostbasedKeyTypes 219.It HostKeyAlgorithms 220.It HostKeyAlias 221.It HostName 222.It IdentityFile 223.It IdentitiesOnly 224.It IPQoS 225.It KbdInteractiveAuthentication 226.It KbdInteractiveDevices 227.It KexAlgorithms 228.It LogLevel 229.It MACs 230.It NoHostAuthenticationForLocalhost 231.It NumberOfPasswordPrompts 232.It PasswordAuthentication 233.It PKCS11Provider 234.It Port 235.It PreferredAuthentications 236.It Protocol 237.It ProxyCommand 238.It PubkeyAuthentication 239.It RekeyLimit 240.It RhostsRSAAuthentication 241.It RSAAuthentication 242.It SendEnv 243.It ServerAliveInterval 244.It ServerAliveCountMax 245.It StrictHostKeyChecking 246.It TCPKeepAlive 247.It UpdateHostKeys 248.It UsePrivilegedPort 249.It User 250.It UserKnownHostsFile 251.It VerifyHostKeyDNS 252.El 253.It Fl P Ar port 254Specifies the port to connect to on the remote host. 255.It Fl p 256Preserves modification times, access times, and modes from the 257original files transferred. 258.It Fl q 259Quiet mode: disables the progress meter as well as warning and 260diagnostic messages from 261.Xr ssh 1 . 262.It Fl R Ar num_requests 263Specify how many requests may be outstanding at any one time. 264Increasing this may slightly improve file transfer speed 265but will increase memory usage. 266The default is 64 outstanding requests. 267.It Fl r 268Recursively copy entire directories when uploading and downloading. 269Note that 270.Nm 271does not follow symbolic links encountered in the tree traversal. 272.It Fl S Ar program 273Name of the 274.Ar program 275to use for the encrypted connection. 276The program must understand 277.Xr ssh 1 278options. 279.It Fl s Ar subsystem | sftp_server 280Specifies the SSH2 subsystem or the path for an sftp server 281on the remote host. 282A path is useful for using 283.Nm 284over protocol version 1, or when the remote 285.Xr sshd 8 286does not have an sftp subsystem configured. 287.It Fl v 288Raise logging level. 289This option is also passed to ssh. 290.El 291.Sh INTERACTIVE COMMANDS 292Once in interactive mode, 293.Nm 294understands a set of commands similar to those of 295.Xr ftp 1 . 296Commands are case insensitive. 297Pathnames that contain spaces must be enclosed in quotes. 298Any special characters contained within pathnames that are recognized by 299.Xr glob 3 300must be escaped with backslashes 301.Pq Sq \e . 302.Bl -tag -width Ds 303.It Ic bye 304Quit 305.Nm sftp . 306.It Ic cd Ar path 307Change remote directory to 308.Ar path . 309.It Ic chgrp Ar grp Ar path 310Change group of file 311.Ar path 312to 313.Ar grp . 314.Ar path 315may contain 316.Xr glob 3 317characters and may match multiple files. 318.Ar grp 319must be a numeric GID. 320.It Ic chmod Ar mode Ar path 321Change permissions of file 322.Ar path 323to 324.Ar mode . 325.Ar path 326may contain 327.Xr glob 3 328characters and may match multiple files. 329.It Ic chown Ar own Ar path 330Change owner of file 331.Ar path 332to 333.Ar own . 334.Ar path 335may contain 336.Xr glob 3 337characters and may match multiple files. 338.Ar own 339must be a numeric UID. 340.It Xo Ic df 341.Op Fl hi 342.Op Ar path 343.Xc 344Display usage information for the filesystem holding the current directory 345(or 346.Ar path 347if specified). 348If the 349.Fl h 350flag is specified, the capacity information will be displayed using 351"human-readable" suffixes. 352The 353.Fl i 354flag requests display of inode information in addition to capacity information. 355This command is only supported on servers that implement the 356.Dq statvfs@openssh.com 357extension. 358.It Ic exit 359Quit 360.Nm sftp . 361.It Xo Ic get 362.Op Fl afPpr 363.Ar remote-path 364.Op Ar local-path 365.Xc 366Retrieve the 367.Ar remote-path 368and store it on the local machine. 369If the local 370path name is not specified, it is given the same name it has on the 371remote machine. 372.Ar remote-path 373may contain 374.Xr glob 3 375characters and may match multiple files. 376If it does and 377.Ar local-path 378is specified, then 379.Ar local-path 380must specify a directory. 381.Pp 382If the 383.Fl a 384flag is specified, then attempt to resume partial transfers of existing files. 385Note that resumption assumes that any partial copy of the local file matches 386the remote copy. 387If the remote file contents differ from the partial local copy then the 388resultant file is likely to be corrupt. 389.Pp 390If the 391.Fl f 392flag is specified, then 393.Xr fsync 2 394will be called after the file transfer has completed to flush the file 395to disk. 396.Pp 397If either the 398.Fl P 399or 400.Fl p 401flag is specified, then full file permissions and access times are 402copied too. 403.Pp 404If the 405.Fl r 406flag is specified then directories will be copied recursively. 407Note that 408.Nm 409does not follow symbolic links when performing recursive transfers. 410.It Ic help 411Display help text. 412.It Ic lcd Ar path 413Change local directory to 414.Ar path . 415.It Ic lls Op Ar ls-options Op Ar path 416Display local directory listing of either 417.Ar path 418or current directory if 419.Ar path 420is not specified. 421.Ar ls-options 422may contain any flags supported by the local system's 423.Xr ls 1 424command. 425.Ar path 426may contain 427.Xr glob 3 428characters and may match multiple files. 429.It Ic lmkdir Ar path 430Create local directory specified by 431.Ar path . 432.It Xo Ic ln 433.Op Fl s 434.Ar oldpath 435.Ar newpath 436.Xc 437Create a link from 438.Ar oldpath 439to 440.Ar newpath . 441If the 442.Fl s 443flag is specified the created link is a symbolic link, otherwise it is 444a hard link. 445.It Ic lpwd 446Print local working directory. 447.It Xo Ic ls 448.Op Fl 1afhlnrSt 449.Op Ar path 450.Xc 451Display a remote directory listing of either 452.Ar path 453or the current directory if 454.Ar path 455is not specified. 456.Ar path 457may contain 458.Xr glob 3 459characters and may match multiple files. 460.Pp 461The following flags are recognized and alter the behaviour of 462.Ic ls 463accordingly: 464.Bl -tag -width Ds 465.It Fl 1 466Produce single columnar output. 467.It Fl a 468List files beginning with a dot 469.Pq Sq \&. . 470.It Fl f 471Do not sort the listing. 472The default sort order is lexicographical. 473.It Fl h 474When used with a long format option, use unit suffixes: Byte, Kilobyte, 475Megabyte, Gigabyte, Terabyte, Petabyte, and Exabyte in order to reduce 476the number of digits to four or fewer using powers of 2 for sizes (K=1024, 477M=1048576, etc.). 478.It Fl l 479Display additional details including permissions 480and ownership information. 481.It Fl n 482Produce a long listing with user and group information presented 483numerically. 484.It Fl r 485Reverse the sort order of the listing. 486.It Fl S 487Sort the listing by file size. 488.It Fl t 489Sort the listing by last modification time. 490.El 491.It Ic lumask Ar umask 492Set local umask to 493.Ar umask . 494.It Ic mkdir Ar path 495Create remote directory specified by 496.Ar path . 497.It Ic progress 498Toggle display of progress meter. 499.It Xo Ic put 500.Op Fl afPpr 501.Ar local-path 502.Op Ar remote-path 503.Xc 504Upload 505.Ar local-path 506and store it on the remote machine. 507If the remote path name is not specified, it is given the same name it has 508on the local machine. 509.Ar local-path 510may contain 511.Xr glob 3 512characters and may match multiple files. 513If it does and 514.Ar remote-path 515is specified, then 516.Ar remote-path 517must specify a directory. 518.Pp 519If the 520.Fl a 521flag is specified, then attempt to resume partial 522transfers of existing files. 523Note that resumption assumes that any partial copy of the remote file 524matches the local copy. 525If the local file contents differ from the remote local copy then 526the resultant file is likely to be corrupt. 527.Pp 528If the 529.Fl f 530flag is specified, then a request will be sent to the server to call 531.Xr fsync 2 532after the file has been transferred. 533Note that this is only supported by servers that implement 534the "fsync@openssh.com" extension. 535.Pp 536If either the 537.Fl P 538or 539.Fl p 540flag is specified, then full file permissions and access times are 541copied too. 542.Pp 543If the 544.Fl r 545flag is specified then directories will be copied recursively. 546Note that 547.Nm 548does not follow symbolic links when performing recursive transfers. 549.It Ic pwd 550Display remote working directory. 551.It Ic quit 552Quit 553.Nm sftp . 554.It Xo Ic reget 555.Op Fl Ppr 556.Ar remote-path 557.Op Ar local-path 558.Xc 559Resume download of 560.Ar remote-path . 561Equivalent to 562.Ic get 563with the 564.Fl a 565flag set. 566.It Xo Ic reput 567.Op Fl Ppr 568.Op Ar local-path 569.Ar remote-path 570.Xc 571Resume upload of 572.Op Ar local-path . 573Equivalent to 574.Ic put 575with the 576.Fl a 577flag set. 578.It Ic rename Ar oldpath Ar newpath 579Rename remote file from 580.Ar oldpath 581to 582.Ar newpath . 583.It Ic rm Ar path 584Delete remote file specified by 585.Ar path . 586.It Ic rmdir Ar path 587Remove remote directory specified by 588.Ar path . 589.It Ic symlink Ar oldpath Ar newpath 590Create a symbolic link from 591.Ar oldpath 592to 593.Ar newpath . 594.It Ic version 595Display the 596.Nm 597protocol version. 598.It Ic \&! Ns Ar command 599Execute 600.Ar command 601in local shell. 602.It Ic \&! 603Escape to local shell. 604.It Ic \&? 605Synonym for help. 606.El 607.Sh SEE ALSO 608.Xr ftp 1 , 609.Xr ls 1 , 610.Xr scp 1 , 611.Xr ssh 1 , 612.Xr ssh-add 1 , 613.Xr ssh-keygen 1 , 614.Xr glob 3 , 615.Xr ssh_config 5 , 616.Xr sftp-server 8 , 617.Xr sshd 8 618.Rs 619.%A T. Ylonen 620.%A S. Lehtinen 621.%T "SSH File Transfer Protocol" 622.%N draft-ietf-secsh-filexfer-00.txt 623.%D January 2001 624.%O work in progress material 625.Re 626