1.\" $MirOS: src/usr.bin/ssh/sftp.1,v 1.8 2009/10/04 14:29:09 tg Exp $ 2.\" $OpenBSD: sftp.1,v 1.76 2009/08/19 04:56:03 jmc Exp $ 3.\" 4.\" Copyright (c) 2001 Damien Miller. All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 15.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 16.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 17.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 18.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 19.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 20.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 21.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 22.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 23.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 24.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 25.\" 26.Dd $Mdocdate: October 4 2009 $ 27.Dt SFTP 1 28.Os 29.Sh NAME 30.Nm sftp 31.Nd secure file transfer program 32.Sh SYNOPSIS 33.Nm sftp 34.Bk -words 35.Op Fl 1246Cpqrv 36.Op Fl B Ar buffer_size 37.Op Fl b Ar batchfile 38.Op Fl c Ar cipher 39.Op Fl D Ar sftp_server_path 40.Op Fl F Ar ssh_config 41.Op Fl i Ar identity_file 42.Op Fl o Ar ssh_option 43.Op Fl P Ar port 44.Op Fl R Ar num_requests 45.Op Fl S Ar program 46.Op Fl s Ar subsystem | sftp_server 47.Ar host 48.Ek 49.Nm sftp 50.Oo Ar user Ns @ Oc Ns 51.Ar host Ns Op : Ns Ar 52.Nm sftp 53.Oo Ar user Ns @ Oc Ns 54.Ar host Ns Oo : Ns Ar dir Ns 55.Op Ar / Oc 56.Nm sftp 57.Fl b Ar batchfile 58.Oo Ar user Ns @ Oc Ns Ar host 59.Sh DESCRIPTION 60.Nm 61is an interactive file transfer program, similar to 62.Xr ftp 1 , 63which performs all operations over an encrypted 64.Xr ssh 1 65transport. 66It may also use many features of ssh, such as public key authentication and 67compression. 68.Nm 69connects and logs into the specified 70.Ar host , 71then enters an interactive command mode. 72.Pp 73The second usage format will retrieve files automatically if a non-interactive 74authentication method is used; otherwise it will do so after 75successful interactive authentication. 76.Pp 77The third usage format allows 78.Nm 79to start in a remote directory. 80.Pp 81The final usage format allows for automated sessions using the 82.Fl b 83option. 84In such cases, it is necessary to configure non-interactive authentication 85to obviate the need to enter a password at connection time (see 86.Xr sshd 8 87and 88.Xr ssh-keygen 1 89for details). 90The options are as follows: 91.Bl -tag -width Ds 92.It Fl 1 93Specify the use of protocol version 1. 94.It Fl 2 95Specify the use of protocol version 2. 96.It Fl 4 97Forces 98.Nm 99to use IPv4 addresses only. 100.It Fl 6 101Forces 102.Nm 103to use IPv6 addresses only. 104.It Fl B Ar buffer_size 105Specify the size of the buffer that 106.Nm 107uses when transferring files. 108Larger buffers require fewer round trips at the cost of higher 109memory consumption. 110The default is 32768 bytes. 111.It Fl b Ar batchfile 112Batch mode reads a series of commands from an input 113.Ar batchfile 114instead of 115.Em stdin . 116Since it lacks user interaction it should be used in conjunction with 117non-interactive authentication. 118A 119.Ar batchfile 120of 121.Sq \- 122may be used to indicate standard input. 123.Nm 124will abort if any of the following 125commands fail: 126.Ic get , put , rename , ln , 127.Ic rm , mkdir , chdir , ls , 128.Ic lchdir , chmod , chown , 129.Ic chgrp , lpwd , df , 130and 131.Ic lmkdir . 132Termination on error can be suppressed on a command by command basis by 133prefixing the command with a 134.Sq \- 135character (for example, 136.Ic -rm /tmp/blah* ) . 137.It Fl C 138Enables compression (via ssh's 139.Fl C 140flag). 141.It Fl c Ar cipher 142Selects the cipher to use for encrypting the data transfers. 143This option is directly passed to 144.Xr ssh 1 . 145.It Fl D Ar sftp_server_path 146Connect directly to a local sftp server 147(rather than via 148.Xr ssh 1 ) . 149This option may be useful in debugging the client and server. 150.It Fl F Ar ssh_config 151Specifies an alternative 152per-user configuration file for 153.Xr ssh 1 . 154This option is directly passed to 155.Xr ssh 1 . 156.It Fl i Ar identity_file 157Selects the file from which the identity (private key) for public key 158authentication is read. 159This option is directly passed to 160.Xr ssh 1 . 161.It Fl o Ar ssh_option 162Can be used to pass options to 163.Nm ssh 164in the format used in 165.Xr ssh_config 5 . 166This is useful for specifying options 167for which there is no separate 168.Nm sftp 169command-line flag. 170For example, to specify an alternate port use: 171.Ic sftp -oPort=24 . 172For full details of the options listed below, and their possible values, see 173.Xr ssh_config 5 . 174.Pp 175.Bl -tag -width Ds -offset indent -compact 176.It AddressFamily 177.It BatchMode 178.It BindAddress 179.It ChallengeResponseAuthentication 180.It CheckHostIP 181.It Cipher 182.It Ciphers 183.It Compression 184.It CompressionLevel 185.It ConnectionAttempts 186.It ConnectTimeout 187.It ControlMaster 188.It ControlPath 189.It GlobalKnownHostsFile 190.It HashKnownHosts 191.It Host 192.It HostbasedAuthentication 193.It HostKeyAlgorithms 194.It HostKeyAlias 195.It Hostname 196.It IdentityFile 197.It IdentitiesOnly 198.It KbdInteractiveDevices 199.It LogLevel 200.It MACs 201.It NoHostAuthenticationForLocalhost 202.It NumberOfPasswordPrompts 203.It PasswordAuthentication 204.It Port 205.It PreferredAuthentications 206.It Protocol 207.It ProxyCommand 208.It PubkeyAuthentication 209.It RekeyLimit 210.It RhostsRSAAuthentication 211.It RSAAuthentication 212.It SendEnv 213.It ServerAliveInterval 214.It ServerAliveCountMax 215.It SmartcardDevice 216.It StrictHostKeyChecking 217.It TCPKeepAlive 218.It UsePrivilegedPort 219.It User 220.It UserKnownHostsFile 221.It VerifyHostKeyDNS 222.El 223.It Fl P Ar port 224Specifies the port to connect to on the remote host. 225.It Fl p 226Preserves modification times, access times, and modes from the 227original files transferred. 228.It Fl q 229Quiet mode: disables the progress meter as well as warning and 230diagnostic messages from 231.Xr ssh 1 . 232.It Fl R Ar num_requests 233Specify how many requests may be outstanding at any one time. 234Increasing this may slightly improve file transfer speed 235but will increase memory usage. 236The default is 64 outstanding requests. 237.It Fl r 238Recursively copy entire directories when uploading and downloading. 239Note that 240.Nm 241does not follow symbolic links encountered in the tree traversal. 242.It Fl S Ar program 243Name of the 244.Ar program 245to use for the encrypted connection. 246The program must understand 247.Xr ssh 1 248options. 249.It Fl s Ar subsystem | sftp_server 250Specifies the SSH2 subsystem or the path for an sftp server 251on the remote host. 252A path is useful for using 253.Nm 254over protocol version 1, or when the remote 255.Xr sshd 8 256does not have an sftp subsystem configured. 257.It Fl v 258Raise logging level. 259This option is also passed to ssh. 260.El 261.Sh INTERACTIVE COMMANDS 262Once in interactive mode, 263.Nm 264understands a set of commands similar to those of 265.Xr ftp 1 . 266Commands are case insensitive. 267Pathnames that contain spaces must be enclosed in quotes. 268Any special characters contained within pathnames that are recognized by 269.Xr glob 3 270must be escaped with backslashes 271.Pq Sq \e . 272.Bl -tag -width Ds 273.It Ic bye 274Quit 275.Nm sftp . 276.It Ic cd Ar path 277Change remote directory to 278.Ar path . 279.It Ic chgrp Ar grp Ar path 280Change group of file 281.Ar path 282to 283.Ar grp . 284.Ar path 285may contain 286.Xr glob 3 287characters and may match multiple files. 288.Ar grp 289must be a numeric GID. 290.It Ic chmod Ar mode Ar path 291Change permissions of file 292.Ar path 293to 294.Ar mode . 295.Ar path 296may contain 297.Xr glob 3 298characters and may match multiple files. 299.It Ic chown Ar own Ar path 300Change owner of file 301.Ar path 302to 303.Ar own . 304.Ar path 305may contain 306.Xr glob 3 307characters and may match multiple files. 308.Ar own 309must be a numeric UID. 310.It Xo Ic df 311.Op Fl hi 312.Op Ar path 313.Xc 314Display usage information for the filesystem holding the current directory 315(or 316.Ar path 317if specified). 318If the 319.Fl h 320flag is specified, the capacity information will be displayed using 321"human-readable" suffixes. 322The 323.Fl i 324flag requests display of inode information in addition to capacity information. 325This command is only supported on servers that implement the 326.Dq statvfs@openssh.com 327extension. 328.It Ic exit 329Quit 330.Nm sftp . 331.It Xo Ic get 332.Op Fl Ppr 333.Ar remote-path 334.Op Ar local-path 335.Xc 336Retrieve the 337.Ar remote-path 338and store it on the local machine. 339If the local 340path name is not specified, it is given the same name it has on the 341remote machine. 342.Ar remote-path 343may contain 344.Xr glob 3 345characters and may match multiple files. 346If it does and 347.Ar local-path 348is specified, then 349.Ar local-path 350must specify a directory. 351.Pp 352If either the 353.Fl P 354or 355.Fl p 356flag is specified, then full file permissions and access times are 357copied too. 358.Pp 359If the 360.Fl r 361flag is specified then directories will be copied recursively. 362Note that 363.Nm 364does not follow symbolic links when performing recursive transfers. 365.It Ic help 366Display help text. 367.It Ic lcd Ar path 368Change local directory to 369.Ar path . 370.It Ic lls Op Ar ls-options Op Ar path 371Display local directory listing of either 372.Ar path 373or current directory if 374.Ar path 375is not specified. 376.Ar ls-options 377may contain any flags supported by the local system's 378.Xr ls 1 379command. 380.Ar path 381may contain 382.Xr glob 3 383characters and may match multiple files. 384.It Ic lmkdir Ar path 385Create local directory specified by 386.Ar path . 387.It Ic ln Ar oldpath Ar newpath 388Create a symbolic link from 389.Ar oldpath 390to 391.Ar newpath . 392.It Ic lpwd 393Print local working directory. 394.It Xo Ic ls 395.Op Fl 1aflnrSt 396.Op Ar path 397.Xc 398Display a remote directory listing of either 399.Ar path 400or the current directory if 401.Ar path 402is not specified. 403.Ar path 404may contain 405.Xr glob 3 406characters and may match multiple files. 407.Pp 408The following flags are recognized and alter the behaviour of 409.Ic ls 410accordingly: 411.Bl -tag -width Ds 412.It Fl 1 413Produce single columnar output. 414.It Fl a 415List files beginning with a dot 416.Pq Sq \&. . 417.It Fl f 418Do not sort the listing. 419The default sort order is lexicographical. 420.It Fl l 421Display additional details including permissions 422and ownership information. 423.It Fl n 424Produce a long listing with user and group information presented 425numerically. 426.It Fl r 427Reverse the sort order of the listing. 428.It Fl S 429Sort the listing by file size. 430.It Fl t 431Sort the listing by last modification time. 432.El 433.It Ic lumask Ar umask 434Set local umask to 435.Ar umask . 436.It Ic mkdir Ar path 437Create remote directory specified by 438.Ar path . 439.It Ic progress 440Toggle display of progress meter. 441.It Xo Ic put 442.Op Fl Ppr 443.Ar local-path 444.Op Ar remote-path 445.Xc 446Upload 447.Ar local-path 448and store it on the remote machine. 449If the remote path name is not specified, it is given the same name it has 450on the local machine. 451.Ar local-path 452may contain 453.Xr glob 3 454characters and may match multiple files. 455If it does and 456.Ar remote-path 457is specified, then 458.Ar remote-path 459must specify a directory. 460.Pp 461If ether the 462.Fl P 463or 464.Fl p 465flag is specified, then full file permissions and access times are 466copied too. 467.Pp 468If the 469.Fl r 470flag is specified then directories will be copied recursively. 471Note that 472.Nm 473does not follow symbolic links when performing recursive transfers. 474.It Ic pwd 475Display remote working directory. 476.It Ic quit 477Quit 478.Nm sftp . 479.It Ic rename Ar oldpath Ar newpath 480Rename remote file from 481.Ar oldpath 482to 483.Ar newpath . 484.It Ic rm Ar path 485Delete remote file specified by 486.Ar path . 487.It Ic rmdir Ar path 488Remove remote directory specified by 489.Ar path . 490.It Ic symlink Ar oldpath Ar newpath 491Create a symbolic link from 492.Ar oldpath 493to 494.Ar newpath . 495.It Ic version 496Display the 497.Nm 498protocol version. 499.It Ic \&! Ns Ar command 500Execute 501.Ar command 502in local shell. 503.It Ic \&! 504Escape to local shell. 505.It Ic \&? 506Synonym for help. 507.El 508.Sh SEE ALSO 509.Xr ftp 1 , 510.Xr ls 1 , 511.Xr scp 1 , 512.Xr ssh 1 , 513.Xr ssh-add 1 , 514.Xr ssh-keygen 1 , 515.Xr glob 3 , 516.Xr ssh_config 5 , 517.Xr sftp-server 8 , 518.Xr sshd 8 519.Rs 520.%A T. Ylonen 521.%A S. Lehtinen 522.%T "SSH File Transfer Protocol" 523.%N draft-ietf-secsh-filexfer-00.txt 524.%D January 2001 525.%O work in progress material 526.Re 527