xref: /freebsd/crypto/openssh/sftp.1 (revision 277fbb92d5e4cd0938c67f77b08d9ba4ac9d54a6)
1.\" $OpenBSD: sftp.1,v 1.97 2013/10/20 09:51:26 djm Exp $
2.\"
3.\" Copyright (c) 2001 Damien Miller.  All rights reserved.
4.\"
5.\" Redistribution and use in source and binary forms, with or without
6.\" modification, are permitted provided that the following conditions
7.\" are met:
8.\" 1. Redistributions of source code must retain the above copyright
9.\"    notice, this list of conditions and the following disclaimer.
10.\" 2. Redistributions in binary form must reproduce the above copyright
11.\"    notice, this list of conditions and the following disclaimer in the
12.\"    documentation and/or other materials provided with the distribution.
13.\"
14.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
18.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24.\"
25.Dd $Mdocdate: October 20 2013 $
26.Dt SFTP 1
27.Os
28.Sh NAME
29.Nm sftp
30.Nd secure file transfer program
31.Sh SYNOPSIS
32.Nm sftp
33.Bk -words
34.Op Fl 1246aCfpqrv
35.Op Fl B Ar buffer_size
36.Op Fl b Ar batchfile
37.Op Fl c Ar cipher
38.Op Fl D Ar sftp_server_path
39.Op Fl F Ar ssh_config
40.Op Fl i Ar identity_file
41.Op Fl l Ar limit
42.Op Fl o Ar ssh_option
43.Op Fl P Ar port
44.Op Fl R Ar num_requests
45.Op Fl S Ar program
46.Op Fl s Ar subsystem | sftp_server
47.Ar host
48.Ek
49.Nm sftp
50.Oo Ar user Ns @ Oc Ns
51.Ar host Ns Op : Ns Ar
52.Nm sftp
53.Oo
54.Ar user Ns @ Oc Ns
55.Ar host Ns Oo : Ns Ar dir Ns
56.Op Ar /
57.Oc
58.Nm sftp
59.Fl b Ar batchfile
60.Oo Ar user Ns @ Oc Ns Ar host
61.Sh DESCRIPTION
62.Nm
63is an interactive file transfer program, similar to
64.Xr ftp 1 ,
65which performs all operations over an encrypted
66.Xr ssh 1
67transport.
68It may also use many features of ssh, such as public key authentication and
69compression.
70.Nm
71connects and logs into the specified
72.Ar host ,
73then enters an interactive command mode.
74.Pp
75The second usage format will retrieve files automatically if a non-interactive
76authentication method is used; otherwise it will do so after
77successful interactive authentication.
78.Pp
79The third usage format allows
80.Nm
81to start in a remote directory.
82.Pp
83The final usage format allows for automated sessions using the
84.Fl b
85option.
86In such cases, it is necessary to configure non-interactive authentication
87to obviate the need to enter a password at connection time (see
88.Xr sshd 8
89and
90.Xr ssh-keygen 1
91for details).
92.Pp
93Since some usage formats use colon characters to delimit host names from path
94names, IPv6 addresses must be enclosed in square brackets to avoid ambiguity.
95.Pp
96The options are as follows:
97.Bl -tag -width Ds
98.It Fl 1
99Specify the use of protocol version 1.
100.It Fl 2
101Specify the use of protocol version 2.
102.It Fl 4
103Forces
104.Nm
105to use IPv4 addresses only.
106.It Fl 6
107Forces
108.Nm
109to use IPv6 addresses only.
110.It Fl a
111Attempt to continue interrupted downloads rather than overwriting existing
112partial or complete copies of files.
113If the remote file contents differ from the partial local copy then the
114resultant file is likely to be corrupt.
115.It Fl B Ar buffer_size
116Specify the size of the buffer that
117.Nm
118uses when transferring files.
119Larger buffers require fewer round trips at the cost of higher
120memory consumption.
121The default is 32768 bytes.
122.It Fl b Ar batchfile
123Batch mode reads a series of commands from an input
124.Ar batchfile
125instead of
126.Em stdin .
127Since it lacks user interaction it should be used in conjunction with
128non-interactive authentication.
129A
130.Ar batchfile
131of
132.Sq \-
133may be used to indicate standard input.
134.Nm
135will abort if any of the following
136commands fail:
137.Ic get , put , reget , rename , ln ,
138.Ic rm , mkdir , chdir , ls ,
139.Ic lchdir , chmod , chown ,
140.Ic chgrp , lpwd , df , symlink ,
141and
142.Ic lmkdir .
143Termination on error can be suppressed on a command by command basis by
144prefixing the command with a
145.Sq \-
146character (for example,
147.Ic -rm /tmp/blah* ) .
148.It Fl C
149Enables compression (via ssh's
150.Fl C
151flag).
152.It Fl c Ar cipher
153Selects the cipher to use for encrypting the data transfers.
154This option is directly passed to
155.Xr ssh 1 .
156.It Fl D Ar sftp_server_path
157Connect directly to a local sftp server
158(rather than via
159.Xr ssh 1 ) .
160This option may be useful in debugging the client and server.
161.It Fl F Ar ssh_config
162Specifies an alternative
163per-user configuration file for
164.Xr ssh 1 .
165This option is directly passed to
166.Xr ssh 1 .
167.It Fl f
168Requests that files be flushed to disk immediately after transfer.
169When uploading files, this feature is only enabled if the server
170implements the "fsync@openssh.com" extension.
171.It Fl i Ar identity_file
172Selects the file from which the identity (private key) for public key
173authentication is read.
174This option is directly passed to
175.Xr ssh 1 .
176.It Fl l Ar limit
177Limits the used bandwidth, specified in Kbit/s.
178.It Fl o Ar ssh_option
179Can be used to pass options to
180.Nm ssh
181in the format used in
182.Xr ssh_config 5 .
183This is useful for specifying options
184for which there is no separate
185.Nm sftp
186command-line flag.
187For example, to specify an alternate port use:
188.Ic sftp -oPort=24 .
189For full details of the options listed below, and their possible values, see
190.Xr ssh_config 5 .
191.Pp
192.Bl -tag -width Ds -offset indent -compact
193.It AddressFamily
194.It BatchMode
195.It BindAddress
196.It CanonicalDomains
197.It CanonicalizeFallbackLocal
198.It CanonicalizeHostname
199.It CanonicalizeMaxDots
200.It CanonicalizePermittedCNAMEs
201.It ChallengeResponseAuthentication
202.It CheckHostIP
203.It Cipher
204.It Ciphers
205.It Compression
206.It CompressionLevel
207.It ConnectionAttempts
208.It ConnectTimeout
209.It ControlMaster
210.It ControlPath
211.It ControlPersist
212.It GlobalKnownHostsFile
213.It GSSAPIAuthentication
214.It GSSAPIDelegateCredentials
215.It HashKnownHosts
216.It Host
217.It HostbasedAuthentication
218.It HostKeyAlgorithms
219.It HostKeyAlias
220.It HostName
221.It IdentityFile
222.It IdentitiesOnly
223.It IPQoS
224.It KbdInteractiveAuthentication
225.It KbdInteractiveDevices
226.It KexAlgorithms
227.It LogLevel
228.It MACs
229.It NoHostAuthenticationForLocalhost
230.It NumberOfPasswordPrompts
231.It PasswordAuthentication
232.It PKCS11Provider
233.It Port
234.It PreferredAuthentications
235.It Protocol
236.It ProxyCommand
237.It PubkeyAuthentication
238.It RekeyLimit
239.It RhostsRSAAuthentication
240.It RSAAuthentication
241.It SendEnv
242.It ServerAliveInterval
243.It ServerAliveCountMax
244.It StrictHostKeyChecking
245.It TCPKeepAlive
246.It UsePrivilegedPort
247.It User
248.It UserKnownHostsFile
249.It VerifyHostKeyDNS
250.El
251.It Fl P Ar port
252Specifies the port to connect to on the remote host.
253.It Fl p
254Preserves modification times, access times, and modes from the
255original files transferred.
256.It Fl q
257Quiet mode: disables the progress meter as well as warning and
258diagnostic messages from
259.Xr ssh 1 .
260.It Fl R Ar num_requests
261Specify how many requests may be outstanding at any one time.
262Increasing this may slightly improve file transfer speed
263but will increase memory usage.
264The default is 256 outstanding requests providing for 8MB
265of outstanding data with a 32KB buffer.
266.It Fl r
267Recursively copy entire directories when uploading and downloading.
268Note that
269.Nm
270does not follow symbolic links encountered in the tree traversal.
271.It Fl S Ar program
272Name of the
273.Ar program
274to use for the encrypted connection.
275The program must understand
276.Xr ssh 1
277options.
278.It Fl s Ar subsystem | sftp_server
279Specifies the SSH2 subsystem or the path for an sftp server
280on the remote host.
281A path is useful for using
282.Nm
283over protocol version 1, or when the remote
284.Xr sshd 8
285does not have an sftp subsystem configured.
286.It Fl v
287Raise logging level.
288This option is also passed to ssh.
289.El
290.Sh INTERACTIVE COMMANDS
291Once in interactive mode,
292.Nm
293understands a set of commands similar to those of
294.Xr ftp 1 .
295Commands are case insensitive.
296Pathnames that contain spaces must be enclosed in quotes.
297Any special characters contained within pathnames that are recognized by
298.Xr glob 3
299must be escaped with backslashes
300.Pq Sq \e .
301.Bl -tag -width Ds
302.It Ic bye
303Quit
304.Nm sftp .
305.It Ic cd Ar path
306Change remote directory to
307.Ar path .
308.It Ic chgrp Ar grp Ar path
309Change group of file
310.Ar path
311to
312.Ar grp .
313.Ar path
314may contain
315.Xr glob 3
316characters and may match multiple files.
317.Ar grp
318must be a numeric GID.
319.It Ic chmod Ar mode Ar path
320Change permissions of file
321.Ar path
322to
323.Ar mode .
324.Ar path
325may contain
326.Xr glob 3
327characters and may match multiple files.
328.It Ic chown Ar own Ar path
329Change owner of file
330.Ar path
331to
332.Ar own .
333.Ar path
334may contain
335.Xr glob 3
336characters and may match multiple files.
337.Ar own
338must be a numeric UID.
339.It Xo Ic df
340.Op Fl hi
341.Op Ar path
342.Xc
343Display usage information for the filesystem holding the current directory
344(or
345.Ar path
346if specified).
347If the
348.Fl h
349flag is specified, the capacity information will be displayed using
350"human-readable" suffixes.
351The
352.Fl i
353flag requests display of inode information in addition to capacity information.
354This command is only supported on servers that implement the
355.Dq statvfs@openssh.com
356extension.
357.It Ic exit
358Quit
359.Nm sftp .
360.It Xo Ic get
361.Op Fl afPpr
362.Ar remote-path
363.Op Ar local-path
364.Xc
365Retrieve the
366.Ar remote-path
367and store it on the local machine.
368If the local
369path name is not specified, it is given the same name it has on the
370remote machine.
371.Ar remote-path
372may contain
373.Xr glob 3
374characters and may match multiple files.
375If it does and
376.Ar local-path
377is specified, then
378.Ar local-path
379must specify a directory.
380.Pp
381If the
382.Fl a
383flag is specified, then attempt to resume partial transfers of existing files.
384Note that resumption assumes that any partial copy of the local file matches
385the remote copy.
386If the remote file contents differ from the partial local copy then the
387resultant file is likely to be corrupt.
388.Pp
389If the
390.Fl f
391flag is specified, then
392.Xr fsync 2
393will be called after the file transfer has completed to flush the file
394to disk.
395.Pp
396If either the
397.Fl P
398or
399.Fl p
400flag is specified, then full file permissions and access times are
401copied too.
402.Pp
403If the
404.Fl r
405flag is specified then directories will be copied recursively.
406Note that
407.Nm
408does not follow symbolic links when performing recursive transfers.
409.It Ic help
410Display help text.
411.It Ic lcd Ar path
412Change local directory to
413.Ar path .
414.It Ic lls Op Ar ls-options Op Ar path
415Display local directory listing of either
416.Ar path
417or current directory if
418.Ar path
419is not specified.
420.Ar ls-options
421may contain any flags supported by the local system's
422.Xr ls 1
423command.
424.Ar path
425may contain
426.Xr glob 3
427characters and may match multiple files.
428.It Ic lmkdir Ar path
429Create local directory specified by
430.Ar path .
431.It Xo Ic ln
432.Op Fl s
433.Ar oldpath
434.Ar newpath
435.Xc
436Create a link from
437.Ar oldpath
438to
439.Ar newpath .
440If the
441.Fl s
442flag is specified the created link is a symbolic link, otherwise it is
443a hard link.
444.It Ic lpwd
445Print local working directory.
446.It Xo Ic ls
447.Op Fl 1afhlnrSt
448.Op Ar path
449.Xc
450Display a remote directory listing of either
451.Ar path
452or the current directory if
453.Ar path
454is not specified.
455.Ar path
456may contain
457.Xr glob 3
458characters and may match multiple files.
459.Pp
460The following flags are recognized and alter the behaviour of
461.Ic ls
462accordingly:
463.Bl -tag -width Ds
464.It Fl 1
465Produce single columnar output.
466.It Fl a
467List files beginning with a dot
468.Pq Sq \&. .
469.It Fl f
470Do not sort the listing.
471The default sort order is lexicographical.
472.It Fl h
473When used with a long format option, use unit suffixes: Byte, Kilobyte,
474Megabyte, Gigabyte, Terabyte, Petabyte, and Exabyte in order to reduce
475the number of digits to four or fewer using powers of 2 for sizes (K=1024,
476M=1048576, etc.).
477.It Fl l
478Display additional details including permissions
479and ownership information.
480.It Fl n
481Produce a long listing with user and group information presented
482numerically.
483.It Fl r
484Reverse the sort order of the listing.
485.It Fl S
486Sort the listing by file size.
487.It Fl t
488Sort the listing by last modification time.
489.El
490.It Ic lumask Ar umask
491Set local umask to
492.Ar umask .
493.It Ic mkdir Ar path
494Create remote directory specified by
495.Ar path .
496.It Ic progress
497Toggle display of progress meter.
498.It Xo Ic put
499.Op Fl fPpr
500.Ar local-path
501.Op Ar remote-path
502.Xc
503Upload
504.Ar local-path
505and store it on the remote machine.
506If the remote path name is not specified, it is given the same name it has
507on the local machine.
508.Ar local-path
509may contain
510.Xr glob 3
511characters and may match multiple files.
512If it does and
513.Ar remote-path
514is specified, then
515.Ar remote-path
516must specify a directory.
517.Pp
518If the
519.Fl f
520flag is specified, then a request will be sent to the server to call
521.Xr fsync 2
522after the file has been transferred.
523Note that this is only supported by servers that implement
524the "fsync@openssh.com" extension.
525.Pp
526If either the
527.Fl P
528or
529.Fl p
530flag is specified, then full file permissions and access times are
531copied too.
532.Pp
533If the
534.Fl r
535flag is specified then directories will be copied recursively.
536Note that
537.Nm
538does not follow symbolic links when performing recursive transfers.
539.It Ic pwd
540Display remote working directory.
541.It Ic quit
542Quit
543.Nm sftp .
544.It Xo Ic reget
545.Op Fl Ppr
546.Ar remote-path
547.Op Ar local-path
548.Xc
549Resume download of
550.Ar remote-path .
551Equivalent to
552.Ic get
553with the
554.Fl a
555flag set.
556.It Ic rename Ar oldpath Ar newpath
557Rename remote file from
558.Ar oldpath
559to
560.Ar newpath .
561.It Ic rm Ar path
562Delete remote file specified by
563.Ar path .
564.It Ic rmdir Ar path
565Remove remote directory specified by
566.Ar path .
567.It Ic symlink Ar oldpath Ar newpath
568Create a symbolic link from
569.Ar oldpath
570to
571.Ar newpath .
572.It Ic version
573Display the
574.Nm
575protocol version.
576.It Ic \&! Ns Ar command
577Execute
578.Ar command
579in local shell.
580.It Ic \&!
581Escape to local shell.
582.It Ic \&?
583Synonym for help.
584.El
585.Sh SEE ALSO
586.Xr ftp 1 ,
587.Xr ls 1 ,
588.Xr scp 1 ,
589.Xr ssh 1 ,
590.Xr ssh-add 1 ,
591.Xr ssh-keygen 1 ,
592.Xr glob 3 ,
593.Xr ssh_config 5 ,
594.Xr sftp-server 8 ,
595.Xr sshd 8
596.Rs
597.%A T. Ylonen
598.%A S. Lehtinen
599.%T "SSH File Transfer Protocol"
600.%N draft-ietf-secsh-filexfer-00.txt
601.%D January 2001
602.%O work in progress material
603.Re
604