1.\" $OpenBSD: sftp.1,v 1.97 2013/10/20 09:51:26 djm Exp $ 2.\" 3.\" Copyright (c) 2001 Damien Miller. All rights reserved. 4.\" 5.\" Redistribution and use in source and binary forms, with or without 6.\" modification, are permitted provided that the following conditions 7.\" are met: 8.\" 1. Redistributions of source code must retain the above copyright 9.\" notice, this list of conditions and the following disclaimer. 10.\" 2. Redistributions in binary form must reproduce the above copyright 11.\" notice, this list of conditions and the following disclaimer in the 12.\" documentation and/or other materials provided with the distribution. 13.\" 14.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 15.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 16.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 17.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 18.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 19.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 20.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 21.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 22.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 23.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24.\" 25.Dd $Mdocdate: October 20 2013 $ 26.Dt SFTP 1 27.Os 28.Sh NAME 29.Nm sftp 30.Nd secure file transfer program 31.Sh SYNOPSIS 32.Nm sftp 33.Bk -words 34.Op Fl 1246aCfpqrv 35.Op Fl B Ar buffer_size 36.Op Fl b Ar batchfile 37.Op Fl c Ar cipher 38.Op Fl D Ar sftp_server_path 39.Op Fl F Ar ssh_config 40.Op Fl i Ar identity_file 41.Op Fl l Ar limit 42.Op Fl o Ar ssh_option 43.Op Fl P Ar port 44.Op Fl R Ar num_requests 45.Op Fl S Ar program 46.Op Fl s Ar subsystem | sftp_server 47.Ar host 48.Ek 49.Nm sftp 50.Oo Ar user Ns @ Oc Ns 51.Ar host Ns Op : Ns Ar 52.Nm sftp 53.Oo 54.Ar user Ns @ Oc Ns 55.Ar host Ns Oo : Ns Ar dir Ns 56.Op Ar / 57.Oc 58.Nm sftp 59.Fl b Ar batchfile 60.Oo Ar user Ns @ Oc Ns Ar host 61.Sh DESCRIPTION 62.Nm 63is an interactive file transfer program, similar to 64.Xr ftp 1 , 65which performs all operations over an encrypted 66.Xr ssh 1 67transport. 68It may also use many features of ssh, such as public key authentication and 69compression. 70.Nm 71connects and logs into the specified 72.Ar host , 73then enters an interactive command mode. 74.Pp 75The second usage format will retrieve files automatically if a non-interactive 76authentication method is used; otherwise it will do so after 77successful interactive authentication. 78.Pp 79The third usage format allows 80.Nm 81to start in a remote directory. 82.Pp 83The final usage format allows for automated sessions using the 84.Fl b 85option. 86In such cases, it is necessary to configure non-interactive authentication 87to obviate the need to enter a password at connection time (see 88.Xr sshd 8 89and 90.Xr ssh-keygen 1 91for details). 92.Pp 93Since some usage formats use colon characters to delimit host names from path 94names, IPv6 addresses must be enclosed in square brackets to avoid ambiguity. 95.Pp 96The options are as follows: 97.Bl -tag -width Ds 98.It Fl 1 99Specify the use of protocol version 1. 100.It Fl 2 101Specify the use of protocol version 2. 102.It Fl 4 103Forces 104.Nm 105to use IPv4 addresses only. 106.It Fl 6 107Forces 108.Nm 109to use IPv6 addresses only. 110.It Fl a 111Attempt to continue interrupted downloads rather than overwriting existing 112partial or complete copies of files. 113If the remote file contents differ from the partial local copy then the 114resultant file is likely to be corrupt. 115.It Fl B Ar buffer_size 116Specify the size of the buffer that 117.Nm 118uses when transferring files. 119Larger buffers require fewer round trips at the cost of higher 120memory consumption. 121The default is 32768 bytes. 122.It Fl b Ar batchfile 123Batch mode reads a series of commands from an input 124.Ar batchfile 125instead of 126.Em stdin . 127Since it lacks user interaction it should be used in conjunction with 128non-interactive authentication. 129A 130.Ar batchfile 131of 132.Sq \- 133may be used to indicate standard input. 134.Nm 135will abort if any of the following 136commands fail: 137.Ic get , put , reget , rename , ln , 138.Ic rm , mkdir , chdir , ls , 139.Ic lchdir , chmod , chown , 140.Ic chgrp , lpwd , df , symlink , 141and 142.Ic lmkdir . 143Termination on error can be suppressed on a command by command basis by 144prefixing the command with a 145.Sq \- 146character (for example, 147.Ic -rm /tmp/blah* ) . 148.It Fl C 149Enables compression (via ssh's 150.Fl C 151flag). 152.It Fl c Ar cipher 153Selects the cipher to use for encrypting the data transfers. 154This option is directly passed to 155.Xr ssh 1 . 156.It Fl D Ar sftp_server_path 157Connect directly to a local sftp server 158(rather than via 159.Xr ssh 1 ) . 160This option may be useful in debugging the client and server. 161.It Fl F Ar ssh_config 162Specifies an alternative 163per-user configuration file for 164.Xr ssh 1 . 165This option is directly passed to 166.Xr ssh 1 . 167.It Fl f 168Requests that files be flushed to disk immediately after transfer. 169When uploading files, this feature is only enabled if the server 170implements the "fsync@openssh.com" extension. 171.It Fl i Ar identity_file 172Selects the file from which the identity (private key) for public key 173authentication is read. 174This option is directly passed to 175.Xr ssh 1 . 176.It Fl l Ar limit 177Limits the used bandwidth, specified in Kbit/s. 178.It Fl o Ar ssh_option 179Can be used to pass options to 180.Nm ssh 181in the format used in 182.Xr ssh_config 5 . 183This is useful for specifying options 184for which there is no separate 185.Nm sftp 186command-line flag. 187For example, to specify an alternate port use: 188.Ic sftp -oPort=24 . 189For full details of the options listed below, and their possible values, see 190.Xr ssh_config 5 . 191.Pp 192.Bl -tag -width Ds -offset indent -compact 193.It AddressFamily 194.It BatchMode 195.It BindAddress 196.It CanonicalDomains 197.It CanonicalizeFallbackLocal 198.It CanonicalizeHostname 199.It CanonicalizeMaxDots 200.It CanonicalizePermittedCNAMEs 201.It ChallengeResponseAuthentication 202.It CheckHostIP 203.It Cipher 204.It Ciphers 205.It Compression 206.It CompressionLevel 207.It ConnectionAttempts 208.It ConnectTimeout 209.It ControlMaster 210.It ControlPath 211.It ControlPersist 212.It GlobalKnownHostsFile 213.It GSSAPIAuthentication 214.It GSSAPIDelegateCredentials 215.It HashKnownHosts 216.It Host 217.It HostbasedAuthentication 218.It HostKeyAlgorithms 219.It HostKeyAlias 220.It HostName 221.It IdentityFile 222.It IdentitiesOnly 223.It IPQoS 224.It KbdInteractiveAuthentication 225.It KbdInteractiveDevices 226.It KexAlgorithms 227.It LogLevel 228.It MACs 229.It NoHostAuthenticationForLocalhost 230.It NumberOfPasswordPrompts 231.It PasswordAuthentication 232.It PKCS11Provider 233.It Port 234.It PreferredAuthentications 235.It Protocol 236.It ProxyCommand 237.It PubkeyAuthentication 238.It RekeyLimit 239.It RhostsRSAAuthentication 240.It RSAAuthentication 241.It SendEnv 242.It ServerAliveInterval 243.It ServerAliveCountMax 244.It StrictHostKeyChecking 245.It TCPKeepAlive 246.It UsePrivilegedPort 247.It User 248.It UserKnownHostsFile 249.It VerifyHostKeyDNS 250.El 251.It Fl P Ar port 252Specifies the port to connect to on the remote host. 253.It Fl p 254Preserves modification times, access times, and modes from the 255original files transferred. 256.It Fl q 257Quiet mode: disables the progress meter as well as warning and 258diagnostic messages from 259.Xr ssh 1 . 260.It Fl R Ar num_requests 261Specify how many requests may be outstanding at any one time. 262Increasing this may slightly improve file transfer speed 263but will increase memory usage. 264The default is 256 outstanding requests providing for 8MB 265of outstanding data with a 32KB buffer. 266.It Fl r 267Recursively copy entire directories when uploading and downloading. 268Note that 269.Nm 270does not follow symbolic links encountered in the tree traversal. 271.It Fl S Ar program 272Name of the 273.Ar program 274to use for the encrypted connection. 275The program must understand 276.Xr ssh 1 277options. 278.It Fl s Ar subsystem | sftp_server 279Specifies the SSH2 subsystem or the path for an sftp server 280on the remote host. 281A path is useful for using 282.Nm 283over protocol version 1, or when the remote 284.Xr sshd 8 285does not have an sftp subsystem configured. 286.It Fl v 287Raise logging level. 288This option is also passed to ssh. 289.El 290.Sh INTERACTIVE COMMANDS 291Once in interactive mode, 292.Nm 293understands a set of commands similar to those of 294.Xr ftp 1 . 295Commands are case insensitive. 296Pathnames that contain spaces must be enclosed in quotes. 297Any special characters contained within pathnames that are recognized by 298.Xr glob 3 299must be escaped with backslashes 300.Pq Sq \e . 301.Bl -tag -width Ds 302.It Ic bye 303Quit 304.Nm sftp . 305.It Ic cd Ar path 306Change remote directory to 307.Ar path . 308.It Ic chgrp Ar grp Ar path 309Change group of file 310.Ar path 311to 312.Ar grp . 313.Ar path 314may contain 315.Xr glob 3 316characters and may match multiple files. 317.Ar grp 318must be a numeric GID. 319.It Ic chmod Ar mode Ar path 320Change permissions of file 321.Ar path 322to 323.Ar mode . 324.Ar path 325may contain 326.Xr glob 3 327characters and may match multiple files. 328.It Ic chown Ar own Ar path 329Change owner of file 330.Ar path 331to 332.Ar own . 333.Ar path 334may contain 335.Xr glob 3 336characters and may match multiple files. 337.Ar own 338must be a numeric UID. 339.It Xo Ic df 340.Op Fl hi 341.Op Ar path 342.Xc 343Display usage information for the filesystem holding the current directory 344(or 345.Ar path 346if specified). 347If the 348.Fl h 349flag is specified, the capacity information will be displayed using 350"human-readable" suffixes. 351The 352.Fl i 353flag requests display of inode information in addition to capacity information. 354This command is only supported on servers that implement the 355.Dq statvfs@openssh.com 356extension. 357.It Ic exit 358Quit 359.Nm sftp . 360.It Xo Ic get 361.Op Fl afPpr 362.Ar remote-path 363.Op Ar local-path 364.Xc 365Retrieve the 366.Ar remote-path 367and store it on the local machine. 368If the local 369path name is not specified, it is given the same name it has on the 370remote machine. 371.Ar remote-path 372may contain 373.Xr glob 3 374characters and may match multiple files. 375If it does and 376.Ar local-path 377is specified, then 378.Ar local-path 379must specify a directory. 380.Pp 381If the 382.Fl a 383flag is specified, then attempt to resume partial transfers of existing files. 384Note that resumption assumes that any partial copy of the local file matches 385the remote copy. 386If the remote file contents differ from the partial local copy then the 387resultant file is likely to be corrupt. 388.Pp 389If the 390.Fl f 391flag is specified, then 392.Xr fsync 2 393will be called after the file transfer has completed to flush the file 394to disk. 395.Pp 396If either the 397.Fl P 398or 399.Fl p 400flag is specified, then full file permissions and access times are 401copied too. 402.Pp 403If the 404.Fl r 405flag is specified then directories will be copied recursively. 406Note that 407.Nm 408does not follow symbolic links when performing recursive transfers. 409.It Ic help 410Display help text. 411.It Ic lcd Ar path 412Change local directory to 413.Ar path . 414.It Ic lls Op Ar ls-options Op Ar path 415Display local directory listing of either 416.Ar path 417or current directory if 418.Ar path 419is not specified. 420.Ar ls-options 421may contain any flags supported by the local system's 422.Xr ls 1 423command. 424.Ar path 425may contain 426.Xr glob 3 427characters and may match multiple files. 428.It Ic lmkdir Ar path 429Create local directory specified by 430.Ar path . 431.It Xo Ic ln 432.Op Fl s 433.Ar oldpath 434.Ar newpath 435.Xc 436Create a link from 437.Ar oldpath 438to 439.Ar newpath . 440If the 441.Fl s 442flag is specified the created link is a symbolic link, otherwise it is 443a hard link. 444.It Ic lpwd 445Print local working directory. 446.It Xo Ic ls 447.Op Fl 1afhlnrSt 448.Op Ar path 449.Xc 450Display a remote directory listing of either 451.Ar path 452or the current directory if 453.Ar path 454is not specified. 455.Ar path 456may contain 457.Xr glob 3 458characters and may match multiple files. 459.Pp 460The following flags are recognized and alter the behaviour of 461.Ic ls 462accordingly: 463.Bl -tag -width Ds 464.It Fl 1 465Produce single columnar output. 466.It Fl a 467List files beginning with a dot 468.Pq Sq \&. . 469.It Fl f 470Do not sort the listing. 471The default sort order is lexicographical. 472.It Fl h 473When used with a long format option, use unit suffixes: Byte, Kilobyte, 474Megabyte, Gigabyte, Terabyte, Petabyte, and Exabyte in order to reduce 475the number of digits to four or fewer using powers of 2 for sizes (K=1024, 476M=1048576, etc.). 477.It Fl l 478Display additional details including permissions 479and ownership information. 480.It Fl n 481Produce a long listing with user and group information presented 482numerically. 483.It Fl r 484Reverse the sort order of the listing. 485.It Fl S 486Sort the listing by file size. 487.It Fl t 488Sort the listing by last modification time. 489.El 490.It Ic lumask Ar umask 491Set local umask to 492.Ar umask . 493.It Ic mkdir Ar path 494Create remote directory specified by 495.Ar path . 496.It Ic progress 497Toggle display of progress meter. 498.It Xo Ic put 499.Op Fl fPpr 500.Ar local-path 501.Op Ar remote-path 502.Xc 503Upload 504.Ar local-path 505and store it on the remote machine. 506If the remote path name is not specified, it is given the same name it has 507on the local machine. 508.Ar local-path 509may contain 510.Xr glob 3 511characters and may match multiple files. 512If it does and 513.Ar remote-path 514is specified, then 515.Ar remote-path 516must specify a directory. 517.Pp 518If the 519.Fl f 520flag is specified, then a request will be sent to the server to call 521.Xr fsync 2 522after the file has been transferred. 523Note that this is only supported by servers that implement 524the "fsync@openssh.com" extension. 525.Pp 526If either the 527.Fl P 528or 529.Fl p 530flag is specified, then full file permissions and access times are 531copied too. 532.Pp 533If the 534.Fl r 535flag is specified then directories will be copied recursively. 536Note that 537.Nm 538does not follow symbolic links when performing recursive transfers. 539.It Ic pwd 540Display remote working directory. 541.It Ic quit 542Quit 543.Nm sftp . 544.It Xo Ic reget 545.Op Fl Ppr 546.Ar remote-path 547.Op Ar local-path 548.Xc 549Resume download of 550.Ar remote-path . 551Equivalent to 552.Ic get 553with the 554.Fl a 555flag set. 556.It Ic rename Ar oldpath Ar newpath 557Rename remote file from 558.Ar oldpath 559to 560.Ar newpath . 561.It Ic rm Ar path 562Delete remote file specified by 563.Ar path . 564.It Ic rmdir Ar path 565Remove remote directory specified by 566.Ar path . 567.It Ic symlink Ar oldpath Ar newpath 568Create a symbolic link from 569.Ar oldpath 570to 571.Ar newpath . 572.It Ic version 573Display the 574.Nm 575protocol version. 576.It Ic \&! Ns Ar command 577Execute 578.Ar command 579in local shell. 580.It Ic \&! 581Escape to local shell. 582.It Ic \&? 583Synonym for help. 584.El 585.Sh SEE ALSO 586.Xr ftp 1 , 587.Xr ls 1 , 588.Xr scp 1 , 589.Xr ssh 1 , 590.Xr ssh-add 1 , 591.Xr ssh-keygen 1 , 592.Xr glob 3 , 593.Xr ssh_config 5 , 594.Xr sftp-server 8 , 595.Xr sshd 8 596.Rs 597.%A T. Ylonen 598.%A S. Lehtinen 599.%T "SSH File Transfer Protocol" 600.%N draft-ietf-secsh-filexfer-00.txt 601.%D January 2001 602.%O work in progress material 603.Re 604