1.\" $OpenBSD: sftp.1,v 1.83 2010/02/08 10:50:20 markus Exp $ 2.\" $FreeBSD$ 3.\" 4.\" Copyright (c) 2001 Damien Miller. All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 15.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 16.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 17.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 18.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 19.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 20.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 21.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 22.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 23.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 24.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 25.\" 26.Dd February 8, 2010 27.Dt SFTP 1 28.Os 29.Sh NAME 30.Nm sftp 31.Nd secure file transfer program 32.Sh SYNOPSIS 33.Nm sftp 34.Bk -words 35.Op Fl 1246Cpqrv 36.Op Fl B Ar buffer_size 37.Op Fl b Ar batchfile 38.Op Fl c Ar cipher 39.Op Fl D Ar sftp_server_path 40.Op Fl F Ar ssh_config 41.Op Fl i Ar identity_file 42.Op Fl o Ar ssh_option 43.Op Fl P Ar port 44.Op Fl R Ar num_requests 45.Op Fl S Ar program 46.Op Fl s Ar subsystem | sftp_server 47.Ar host 48.Ek 49.Nm sftp 50.Oo Ar user Ns @ Oc Ns 51.Ar host Ns Op : Ns Ar 52.Nm sftp 53.Oo Ar user Ns @ Oc Ns 54.Ar host Ns Oo : Ns Ar dir Ns 55.Op Ar / Oc 56.Nm sftp 57.Fl b Ar batchfile 58.Oo Ar user Ns @ Oc Ns Ar host 59.Sh DESCRIPTION 60.Nm 61is an interactive file transfer program, similar to 62.Xr ftp 1 , 63which performs all operations over an encrypted 64.Xr ssh 1 65transport. 66It may also use many features of ssh, such as public key authentication and 67compression. 68.Nm 69connects and logs into the specified 70.Ar host , 71then enters an interactive command mode. 72.Pp 73The second usage format will retrieve files automatically if a non-interactive 74authentication method is used; otherwise it will do so after 75successful interactive authentication. 76.Pp 77The third usage format allows 78.Nm 79to start in a remote directory. 80.Pp 81The final usage format allows for automated sessions using the 82.Fl b 83option. 84In such cases, it is necessary to configure non-interactive authentication 85to obviate the need to enter a password at connection time (see 86.Xr sshd 8 87and 88.Xr ssh-keygen 1 89for details). 90The options are as follows: 91.Bl -tag -width Ds 92.It Fl 1 93Specify the use of protocol version 1. 94.It Fl 2 95Specify the use of protocol version 2. 96.It Fl 4 97Forces 98.Nm 99to use IPv4 addresses only. 100.It Fl 6 101Forces 102.Nm 103to use IPv6 addresses only. 104.It Fl B Ar buffer_size 105Specify the size of the buffer that 106.Nm 107uses when transferring files. 108Larger buffers require fewer round trips at the cost of higher 109memory consumption. 110The default is 32768 bytes. 111.It Fl b Ar batchfile 112Batch mode reads a series of commands from an input 113.Ar batchfile 114instead of 115.Em stdin . 116Since it lacks user interaction it should be used in conjunction with 117non-interactive authentication. 118A 119.Ar batchfile 120of 121.Sq \- 122may be used to indicate standard input. 123.Nm 124will abort if any of the following 125commands fail: 126.Ic get , put , rename , ln , 127.Ic rm , mkdir , chdir , ls , 128.Ic lchdir , chmod , chown , 129.Ic chgrp , lpwd , df , 130and 131.Ic lmkdir . 132Termination on error can be suppressed on a command by command basis by 133prefixing the command with a 134.Sq \- 135character (for example, 136.Ic -rm /tmp/blah* ) . 137.It Fl C 138Enables compression (via ssh's 139.Fl C 140flag). 141.It Fl c Ar cipher 142Selects the cipher to use for encrypting the data transfers. 143This option is directly passed to 144.Xr ssh 1 . 145.It Fl D Ar sftp_server_path 146Connect directly to a local sftp server 147(rather than via 148.Xr ssh 1 ) . 149This option may be useful in debugging the client and server. 150.It Fl F Ar ssh_config 151Specifies an alternative 152per-user configuration file for 153.Xr ssh 1 . 154This option is directly passed to 155.Xr ssh 1 . 156.It Fl i Ar identity_file 157Selects the file from which the identity (private key) for public key 158authentication is read. 159This option is directly passed to 160.Xr ssh 1 . 161.It Fl o Ar ssh_option 162Can be used to pass options to 163.Nm ssh 164in the format used in 165.Xr ssh_config 5 . 166This is useful for specifying options 167for which there is no separate 168.Nm sftp 169command-line flag. 170For example, to specify an alternate port use: 171.Ic sftp -oPort=24 . 172For full details of the options listed below, and their possible values, see 173.Xr ssh_config 5 . 174.Pp 175.Bl -tag -width Ds -offset indent -compact 176.It AddressFamily 177.It BatchMode 178.It BindAddress 179.It ChallengeResponseAuthentication 180.It CheckHostIP 181.It Cipher 182.It Ciphers 183.It Compression 184.It CompressionLevel 185.It ConnectionAttempts 186.It ConnectTimeout 187.It ControlMaster 188.It ControlPath 189.It GlobalKnownHostsFile 190.It GSSAPIAuthentication 191.It GSSAPIDelegateCredentials 192.It HashKnownHosts 193.It Host 194.It HostbasedAuthentication 195.It HostKeyAlgorithms 196.It HostKeyAlias 197.It HostName 198.It IdentityFile 199.It IdentitiesOnly 200.It KbdInteractiveDevices 201.It LogLevel 202.It MACs 203.It NoHostAuthenticationForLocalhost 204.It NumberOfPasswordPrompts 205.It PasswordAuthentication 206.It PKCS11Provider 207.It Port 208.It PreferredAuthentications 209.It Protocol 210.It ProxyCommand 211.It PubkeyAuthentication 212.It RekeyLimit 213.It RhostsRSAAuthentication 214.It RSAAuthentication 215.It SendEnv 216.It ServerAliveInterval 217.It ServerAliveCountMax 218.It StrictHostKeyChecking 219.It TCPKeepAlive 220.It UsePrivilegedPort 221.It User 222.It UserKnownHostsFile 223.It VerifyHostKeyDNS 224.El 225.It Fl P Ar port 226Specifies the port to connect to on the remote host. 227.It Fl p 228Preserves modification times, access times, and modes from the 229original files transferred. 230.It Fl q 231Quiet mode: disables the progress meter as well as warning and 232diagnostic messages from 233.Xr ssh 1 . 234.It Fl R Ar num_requests 235Specify how many requests may be outstanding at any one time. 236Increasing this may slightly improve file transfer speed 237but will increase memory usage. 238The default is 64 outstanding requests. 239.It Fl r 240Recursively copy entire directories when uploading and downloading. 241Note that 242.Nm 243does not follow symbolic links encountered in the tree traversal. 244.It Fl S Ar program 245Name of the 246.Ar program 247to use for the encrypted connection. 248The program must understand 249.Xr ssh 1 250options. 251.It Fl s Ar subsystem | sftp_server 252Specifies the SSH2 subsystem or the path for an sftp server 253on the remote host. 254A path is useful for using 255.Nm 256over protocol version 1, or when the remote 257.Xr sshd 8 258does not have an sftp subsystem configured. 259.It Fl v 260Raise logging level. 261This option is also passed to ssh. 262.El 263.Sh INTERACTIVE COMMANDS 264Once in interactive mode, 265.Nm 266understands a set of commands similar to those of 267.Xr ftp 1 . 268Commands are case insensitive. 269Pathnames that contain spaces must be enclosed in quotes. 270Any special characters contained within pathnames that are recognized by 271.Xr glob 3 272must be escaped with backslashes 273.Pq Sq \e . 274.Bl -tag -width Ds 275.It Ic bye 276Quit 277.Nm sftp . 278.It Ic cd Ar path 279Change remote directory to 280.Ar path . 281.It Ic chgrp Ar grp Ar path 282Change group of file 283.Ar path 284to 285.Ar grp . 286.Ar path 287may contain 288.Xr glob 3 289characters and may match multiple files. 290.Ar grp 291must be a numeric GID. 292.It Ic chmod Ar mode Ar path 293Change permissions of file 294.Ar path 295to 296.Ar mode . 297.Ar path 298may contain 299.Xr glob 3 300characters and may match multiple files. 301.It Ic chown Ar own Ar path 302Change owner of file 303.Ar path 304to 305.Ar own . 306.Ar path 307may contain 308.Xr glob 3 309characters and may match multiple files. 310.Ar own 311must be a numeric UID. 312.It Xo Ic df 313.Op Fl hi 314.Op Ar path 315.Xc 316Display usage information for the filesystem holding the current directory 317(or 318.Ar path 319if specified). 320If the 321.Fl h 322flag is specified, the capacity information will be displayed using 323"human-readable" suffixes. 324The 325.Fl i 326flag requests display of inode information in addition to capacity information. 327This command is only supported on servers that implement the 328.Dq statvfs@openssh.com 329extension. 330.It Ic exit 331Quit 332.Nm sftp . 333.It Xo Ic get 334.Op Fl Ppr 335.Ar remote-path 336.Op Ar local-path 337.Xc 338Retrieve the 339.Ar remote-path 340and store it on the local machine. 341If the local 342path name is not specified, it is given the same name it has on the 343remote machine. 344.Ar remote-path 345may contain 346.Xr glob 3 347characters and may match multiple files. 348If it does and 349.Ar local-path 350is specified, then 351.Ar local-path 352must specify a directory. 353.Pp 354If either the 355.Fl P 356or 357.Fl p 358flag is specified, then full file permissions and access times are 359copied too. 360.Pp 361If the 362.Fl r 363flag is specified then directories will be copied recursively. 364Note that 365.Nm 366does not follow symbolic links when performing recursive transfers. 367.It Ic help 368Display help text. 369.It Ic lcd Ar path 370Change local directory to 371.Ar path . 372.It Ic lls Op Ar ls-options Op Ar path 373Display local directory listing of either 374.Ar path 375or current directory if 376.Ar path 377is not specified. 378.Ar ls-options 379may contain any flags supported by the local system's 380.Xr ls 1 381command. 382.Ar path 383may contain 384.Xr glob 3 385characters and may match multiple files. 386.It Ic lmkdir Ar path 387Create local directory specified by 388.Ar path . 389.It Ic ln Ar oldpath Ar newpath 390Create a symbolic link from 391.Ar oldpath 392to 393.Ar newpath . 394.It Ic lpwd 395Print local working directory. 396.It Xo Ic ls 397.Op Fl 1afhlnrSt 398.Op Ar path 399.Xc 400Display a remote directory listing of either 401.Ar path 402or the current directory if 403.Ar path 404is not specified. 405.Ar path 406may contain 407.Xr glob 3 408characters and may match multiple files. 409.Pp 410The following flags are recognized and alter the behaviour of 411.Ic ls 412accordingly: 413.Bl -tag -width Ds 414.It Fl 1 415Produce single columnar output. 416.It Fl a 417List files beginning with a dot 418.Pq Sq \&. . 419.It Fl f 420Do not sort the listing. 421The default sort order is lexicographical. 422.It Fl h 423When used with a long format option, use unit suffixes: Byte, Kilobyte, 424Megabyte, Gigabyte, Terabyte, Petabyte, and Exabyte in order to reduce 425the number of digits to four or fewer using powers of 2 for sizes (K=1024, 426M=1048576, etc.). 427.It Fl l 428Display additional details including permissions 429and ownership information. 430.It Fl n 431Produce a long listing with user and group information presented 432numerically. 433.It Fl r 434Reverse the sort order of the listing. 435.It Fl S 436Sort the listing by file size. 437.It Fl t 438Sort the listing by last modification time. 439.El 440.It Ic lumask Ar umask 441Set local umask to 442.Ar umask . 443.It Ic mkdir Ar path 444Create remote directory specified by 445.Ar path . 446.It Ic progress 447Toggle display of progress meter. 448.It Xo Ic put 449.Op Fl Ppr 450.Ar local-path 451.Op Ar remote-path 452.Xc 453Upload 454.Ar local-path 455and store it on the remote machine. 456If the remote path name is not specified, it is given the same name it has 457on the local machine. 458.Ar local-path 459may contain 460.Xr glob 3 461characters and may match multiple files. 462If it does and 463.Ar remote-path 464is specified, then 465.Ar remote-path 466must specify a directory. 467.Pp 468If ether the 469.Fl P 470or 471.Fl p 472flag is specified, then full file permissions and access times are 473copied too. 474.Pp 475If the 476.Fl r 477flag is specified then directories will be copied recursively. 478Note that 479.Nm 480does not follow symbolic links when performing recursive transfers. 481.It Ic pwd 482Display remote working directory. 483.It Ic quit 484Quit 485.Nm sftp . 486.It Ic rename Ar oldpath Ar newpath 487Rename remote file from 488.Ar oldpath 489to 490.Ar newpath . 491.It Ic rm Ar path 492Delete remote file specified by 493.Ar path . 494.It Ic rmdir Ar path 495Remove remote directory specified by 496.Ar path . 497.It Ic symlink Ar oldpath Ar newpath 498Create a symbolic link from 499.Ar oldpath 500to 501.Ar newpath . 502.It Ic version 503Display the 504.Nm 505protocol version. 506.It Ic \&! Ns Ar command 507Execute 508.Ar command 509in local shell. 510.It Ic \&! 511Escape to local shell. 512.It Ic \&? 513Synonym for help. 514.El 515.Sh SEE ALSO 516.Xr ftp 1 , 517.Xr ls 1 , 518.Xr scp 1 , 519.Xr ssh 1 , 520.Xr ssh-add 1 , 521.Xr ssh-keygen 1 , 522.Xr glob 3 , 523.Xr ssh_config 5 , 524.Xr sftp-server 8 , 525.Xr sshd 8 526.Rs 527.%A T. Ylonen 528.%A S. Lehtinen 529.%T "SSH File Transfer Protocol" 530.%N draft-ietf-secsh-filexfer-00.txt 531.%D January 2001 532.%O work in progress material 533.Re 534