1.\" $OpenBSD: sftp.1,v 1.120 2018/09/20 06:58:48 jmc Exp $ 2.\" 3.\" Copyright (c) 2001 Damien Miller. All rights reserved. 4.\" 5.\" Redistribution and use in source and binary forms, with or without 6.\" modification, are permitted provided that the following conditions 7.\" are met: 8.\" 1. Redistributions of source code must retain the above copyright 9.\" notice, this list of conditions and the following disclaimer. 10.\" 2. Redistributions in binary form must reproduce the above copyright 11.\" notice, this list of conditions and the following disclaimer in the 12.\" documentation and/or other materials provided with the distribution. 13.\" 14.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 15.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 16.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 17.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 18.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 19.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 20.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 21.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 22.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 23.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24.\" 25.Dd $Mdocdate: September 20 2018 $ 26.Dt SFTP 1 27.Os 28.Sh NAME 29.Nm sftp 30.Nd secure file transfer program 31.Sh SYNOPSIS 32.Nm sftp 33.Op Fl 46aCfpqrv 34.Op Fl B Ar buffer_size 35.Op Fl b Ar batchfile 36.Op Fl c Ar cipher 37.Op Fl D Ar sftp_server_path 38.Op Fl F Ar ssh_config 39.Op Fl i Ar identity_file 40.Op Fl l Ar limit 41.Op Fl o Ar ssh_option 42.Op Fl P Ar port 43.Op Fl R Ar num_requests 44.Op Fl S Ar program 45.Op Fl s Ar subsystem | sftp_server 46.Ar destination 47.Sh DESCRIPTION 48.Nm 49is a file transfer program, similar to 50.Xr ftp 1 , 51which performs all operations over an encrypted 52.Xr ssh 1 53transport. 54It may also use many features of ssh, such as public key authentication and 55compression. 56.Pp 57The 58.Ar destination 59may be specified either as 60.Sm off 61.Oo user @ Oc host Op : path 62.Sm on 63or as a URI in the form 64.Sm off 65.No sftp:// Oo user @ Oc host Oo : port Oc Op / path . 66.Sm on 67.Pp 68If the 69.Ar destination 70includes a 71.Ar path 72and it is not a directory, 73.Nm 74will retrieve files automatically if a non-interactive 75authentication method is used; otherwise it will do so after 76successful interactive authentication. 77.Pp 78If no 79.Ar path 80is specified, or if the 81.Ar path 82is a directory, 83.Nm 84will log in to the specified 85.Ar host 86and enter interactive command mode, changing to the remote directory 87if one was specified. 88An optional trailing slash can be used to force the 89.Ar path 90to be interpreted as a directory. 91.Pp 92Since the destination formats use colon characters to delimit host 93names from path names or port numbers, IPv6 addresses must be 94enclosed in square brackets to avoid ambiguity. 95.Pp 96The options are as follows: 97.Bl -tag -width Ds 98.It Fl 4 99Forces 100.Nm 101to use IPv4 addresses only. 102.It Fl 6 103Forces 104.Nm 105to use IPv6 addresses only. 106.It Fl a 107Attempt to continue interrupted transfers rather than overwriting 108existing partial or complete copies of files. 109If the partial contents differ from those being transferred, 110then the resultant file is likely to be corrupt. 111.It Fl B Ar buffer_size 112Specify the size of the buffer that 113.Nm 114uses when transferring files. 115Larger buffers require fewer round trips at the cost of higher 116memory consumption. 117The default is 32768 bytes. 118.It Fl b Ar batchfile 119Batch mode reads a series of commands from an input 120.Ar batchfile 121instead of 122.Em stdin . 123Since it lacks user interaction it should be used in conjunction with 124non-interactive authentication to obviate the need to enter a password 125at connection time (see 126.Xr sshd 8 127and 128.Xr ssh-keygen 1 129for details). 130A 131.Ar batchfile 132of 133.Sq \- 134may be used to indicate standard input. 135.Nm 136will abort if any of the following 137commands fail: 138.Ic get , put , reget , reput, rename , ln , 139.Ic rm , mkdir , chdir , ls , 140.Ic lchdir , chmod , chown , 141.Ic chgrp , lpwd , df , symlink , 142and 143.Ic lmkdir . 144Termination on error can be suppressed on a command by command basis by 145prefixing the command with a 146.Sq \- 147character (for example, 148.Ic -rm /tmp/blah* ) . 149.It Fl C 150Enables compression (via ssh's 151.Fl C 152flag). 153.It Fl c Ar cipher 154Selects the cipher to use for encrypting the data transfers. 155This option is directly passed to 156.Xr ssh 1 . 157.It Fl D Ar sftp_server_path 158Connect directly to a local sftp server 159(rather than via 160.Xr ssh 1 ) . 161This option may be useful in debugging the client and server. 162.It Fl F Ar ssh_config 163Specifies an alternative 164per-user configuration file for 165.Xr ssh 1 . 166This option is directly passed to 167.Xr ssh 1 . 168.It Fl f 169Requests that files be flushed to disk immediately after transfer. 170When uploading files, this feature is only enabled if the server 171implements the "fsync@openssh.com" extension. 172.It Fl i Ar identity_file 173Selects the file from which the identity (private key) for public key 174authentication is read. 175This option is directly passed to 176.Xr ssh 1 . 177.It Fl l Ar limit 178Limits the used bandwidth, specified in Kbit/s. 179.It Fl o Ar ssh_option 180Can be used to pass options to 181.Nm ssh 182in the format used in 183.Xr ssh_config 5 . 184This is useful for specifying options 185for which there is no separate 186.Nm sftp 187command-line flag. 188For example, to specify an alternate port use: 189.Ic sftp -oPort=24 . 190For full details of the options listed below, and their possible values, see 191.Xr ssh_config 5 . 192.Pp 193.Bl -tag -width Ds -offset indent -compact 194.It AddressFamily 195.It BatchMode 196.It BindAddress 197.It BindInterface 198.It CanonicalDomains 199.It CanonicalizeFallbackLocal 200.It CanonicalizeHostname 201.It CanonicalizeMaxDots 202.It CanonicalizePermittedCNAMEs 203.It CASignatureAlgorithms 204.It CertificateFile 205.It ChallengeResponseAuthentication 206.It CheckHostIP 207.It Ciphers 208.It Compression 209.It ConnectionAttempts 210.It ConnectTimeout 211.It ControlMaster 212.It ControlPath 213.It ControlPersist 214.It GlobalKnownHostsFile 215.It GSSAPIAuthentication 216.It GSSAPIDelegateCredentials 217.It HashKnownHosts 218.It Host 219.It HostbasedAuthentication 220.It HostbasedKeyTypes 221.It HostKeyAlgorithms 222.It HostKeyAlias 223.It HostName 224.It IdentitiesOnly 225.It IdentityAgent 226.It IdentityFile 227.It IPQoS 228.It KbdInteractiveAuthentication 229.It KbdInteractiveDevices 230.It KexAlgorithms 231.It LogLevel 232.It MACs 233.It NoHostAuthenticationForLocalhost 234.It NumberOfPasswordPrompts 235.It PasswordAuthentication 236.It PKCS11Provider 237.It Port 238.It PreferredAuthentications 239.It ProxyCommand 240.It ProxyJump 241.It PubkeyAcceptedKeyTypes 242.It PubkeyAuthentication 243.It RekeyLimit 244.It SendEnv 245.It ServerAliveInterval 246.It ServerAliveCountMax 247.It SetEnv 248.It StrictHostKeyChecking 249.It TCPKeepAlive 250.It UpdateHostKeys 251.It User 252.It UserKnownHostsFile 253.It VerifyHostKeyDNS 254.El 255.It Fl P Ar port 256Specifies the port to connect to on the remote host. 257.It Fl p 258Preserves modification times, access times, and modes from the 259original files transferred. 260.It Fl q 261Quiet mode: disables the progress meter as well as warning and 262diagnostic messages from 263.Xr ssh 1 . 264.It Fl R Ar num_requests 265Specify how many requests may be outstanding at any one time. 266Increasing this may slightly improve file transfer speed 267but will increase memory usage. 268The default is 64 outstanding requests. 269.It Fl r 270Recursively copy entire directories when uploading and downloading. 271Note that 272.Nm 273does not follow symbolic links encountered in the tree traversal. 274.It Fl S Ar program 275Name of the 276.Ar program 277to use for the encrypted connection. 278The program must understand 279.Xr ssh 1 280options. 281.It Fl s Ar subsystem | sftp_server 282Specifies the SSH2 subsystem or the path for an sftp server 283on the remote host. 284A path is useful when the remote 285.Xr sshd 8 286does not have an sftp subsystem configured. 287.It Fl v 288Raise logging level. 289This option is also passed to ssh. 290.El 291.Sh INTERACTIVE COMMANDS 292Once in interactive mode, 293.Nm 294understands a set of commands similar to those of 295.Xr ftp 1 . 296Commands are case insensitive. 297Pathnames that contain spaces must be enclosed in quotes. 298Any special characters contained within pathnames that are recognized by 299.Xr glob 3 300must be escaped with backslashes 301.Pq Sq \e . 302.Bl -tag -width Ds 303.It Ic bye 304Quit 305.Nm sftp . 306.It Ic cd Op Ar path 307Change remote directory to 308.Ar path . 309If 310.Ar path 311is not specified, then change directory to the one the session started in. 312.It Ic chgrp Ar grp Ar path 313Change group of file 314.Ar path 315to 316.Ar grp . 317.Ar path 318may contain 319.Xr glob 7 320characters and may match multiple files. 321.Ar grp 322must be a numeric GID. 323.It Ic chmod Ar mode Ar path 324Change permissions of file 325.Ar path 326to 327.Ar mode . 328.Ar path 329may contain 330.Xr glob 7 331characters and may match multiple files. 332.It Ic chown Ar own Ar path 333Change owner of file 334.Ar path 335to 336.Ar own . 337.Ar path 338may contain 339.Xr glob 7 340characters and may match multiple files. 341.Ar own 342must be a numeric UID. 343.It Xo Ic df 344.Op Fl hi 345.Op Ar path 346.Xc 347Display usage information for the filesystem holding the current directory 348(or 349.Ar path 350if specified). 351If the 352.Fl h 353flag is specified, the capacity information will be displayed using 354"human-readable" suffixes. 355The 356.Fl i 357flag requests display of inode information in addition to capacity information. 358This command is only supported on servers that implement the 359.Dq statvfs@openssh.com 360extension. 361.It Ic exit 362Quit 363.Nm sftp . 364.It Xo Ic get 365.Op Fl afPpr 366.Ar remote-path 367.Op Ar local-path 368.Xc 369Retrieve the 370.Ar remote-path 371and store it on the local machine. 372If the local 373path name is not specified, it is given the same name it has on the 374remote machine. 375.Ar remote-path 376may contain 377.Xr glob 7 378characters and may match multiple files. 379If it does and 380.Ar local-path 381is specified, then 382.Ar local-path 383must specify a directory. 384.Pp 385If the 386.Fl a 387flag is specified, then attempt to resume partial transfers of existing files. 388Note that resumption assumes that any partial copy of the local file matches 389the remote copy. 390If the remote file contents differ from the partial local copy then the 391resultant file is likely to be corrupt. 392.Pp 393If the 394.Fl f 395flag is specified, then 396.Xr fsync 2 397will be called after the file transfer has completed to flush the file 398to disk. 399.Pp 400If either the 401.Fl P 402or 403.Fl p 404flag is specified, then full file permissions and access times are 405copied too. 406.Pp 407If the 408.Fl r 409flag is specified then directories will be copied recursively. 410Note that 411.Nm 412does not follow symbolic links when performing recursive transfers. 413.It Ic help 414Display help text. 415.It Ic lcd Op Ar path 416Change local directory to 417.Ar path . 418If 419.Ar path 420is not specified, then change directory to the local user's home directory. 421.It Ic lls Op Ar ls-options Op Ar path 422Display local directory listing of either 423.Ar path 424or current directory if 425.Ar path 426is not specified. 427.Ar ls-options 428may contain any flags supported by the local system's 429.Xr ls 1 430command. 431.Ar path 432may contain 433.Xr glob 7 434characters and may match multiple files. 435.It Ic lmkdir Ar path 436Create local directory specified by 437.Ar path . 438.It Xo Ic ln 439.Op Fl s 440.Ar oldpath 441.Ar newpath 442.Xc 443Create a link from 444.Ar oldpath 445to 446.Ar newpath . 447If the 448.Fl s 449flag is specified the created link is a symbolic link, otherwise it is 450a hard link. 451.It Ic lpwd 452Print local working directory. 453.It Xo Ic ls 454.Op Fl 1afhlnrSt 455.Op Ar path 456.Xc 457Display a remote directory listing of either 458.Ar path 459or the current directory if 460.Ar path 461is not specified. 462.Ar path 463may contain 464.Xr glob 7 465characters and may match multiple files. 466.Pp 467The following flags are recognized and alter the behaviour of 468.Ic ls 469accordingly: 470.Bl -tag -width Ds 471.It Fl 1 472Produce single columnar output. 473.It Fl a 474List files beginning with a dot 475.Pq Sq \&. . 476.It Fl f 477Do not sort the listing. 478The default sort order is lexicographical. 479.It Fl h 480When used with a long format option, use unit suffixes: Byte, Kilobyte, 481Megabyte, Gigabyte, Terabyte, Petabyte, and Exabyte in order to reduce 482the number of digits to four or fewer using powers of 2 for sizes (K=1024, 483M=1048576, etc.). 484.It Fl l 485Display additional details including permissions 486and ownership information. 487.It Fl n 488Produce a long listing with user and group information presented 489numerically. 490.It Fl r 491Reverse the sort order of the listing. 492.It Fl S 493Sort the listing by file size. 494.It Fl t 495Sort the listing by last modification time. 496.El 497.It Ic lumask Ar umask 498Set local umask to 499.Ar umask . 500.It Ic mkdir Ar path 501Create remote directory specified by 502.Ar path . 503.It Ic progress 504Toggle display of progress meter. 505.It Xo Ic put 506.Op Fl afPpr 507.Ar local-path 508.Op Ar remote-path 509.Xc 510Upload 511.Ar local-path 512and store it on the remote machine. 513If the remote path name is not specified, it is given the same name it has 514on the local machine. 515.Ar local-path 516may contain 517.Xr glob 7 518characters and may match multiple files. 519If it does and 520.Ar remote-path 521is specified, then 522.Ar remote-path 523must specify a directory. 524.Pp 525If the 526.Fl a 527flag is specified, then attempt to resume partial 528transfers of existing files. 529Note that resumption assumes that any partial copy of the remote file 530matches the local copy. 531If the local file contents differ from the remote local copy then 532the resultant file is likely to be corrupt. 533.Pp 534If the 535.Fl f 536flag is specified, then a request will be sent to the server to call 537.Xr fsync 2 538after the file has been transferred. 539Note that this is only supported by servers that implement 540the "fsync@openssh.com" extension. 541.Pp 542If either the 543.Fl P 544or 545.Fl p 546flag is specified, then full file permissions and access times are 547copied too. 548.Pp 549If the 550.Fl r 551flag is specified then directories will be copied recursively. 552Note that 553.Nm 554does not follow symbolic links when performing recursive transfers. 555.It Ic pwd 556Display remote working directory. 557.It Ic quit 558Quit 559.Nm sftp . 560.It Xo Ic reget 561.Op Fl Ppr 562.Ar remote-path 563.Op Ar local-path 564.Xc 565Resume download of 566.Ar remote-path . 567Equivalent to 568.Ic get 569with the 570.Fl a 571flag set. 572.It Xo Ic reput 573.Op Fl Ppr 574.Op Ar local-path 575.Ar remote-path 576.Xc 577Resume upload of 578.Op Ar local-path . 579Equivalent to 580.Ic put 581with the 582.Fl a 583flag set. 584.It Ic rename Ar oldpath Ar newpath 585Rename remote file from 586.Ar oldpath 587to 588.Ar newpath . 589.It Ic rm Ar path 590Delete remote file specified by 591.Ar path . 592.It Ic rmdir Ar path 593Remove remote directory specified by 594.Ar path . 595.It Ic symlink Ar oldpath Ar newpath 596Create a symbolic link from 597.Ar oldpath 598to 599.Ar newpath . 600.It Ic version 601Display the 602.Nm 603protocol version. 604.It Ic \&! Ns Ar command 605Execute 606.Ar command 607in local shell. 608.It Ic \&! 609Escape to local shell. 610.It Ic \&? 611Synonym for help. 612.El 613.Sh SEE ALSO 614.Xr ftp 1 , 615.Xr ls 1 , 616.Xr scp 1 , 617.Xr ssh 1 , 618.Xr ssh-add 1 , 619.Xr ssh-keygen 1 , 620.Xr ssh_config 5 , 621.Xr glob 7 , 622.Xr sftp-server 8 , 623.Xr sshd 8 624.Rs 625.%A T. Ylonen 626.%A S. Lehtinen 627.%T "SSH File Transfer Protocol" 628.%N draft-ietf-secsh-filexfer-00.txt 629.%D January 2001 630.%O work in progress material 631.Re 632