1.\" $NetBSD: sftp.1,v 1.21 2020/02/27 00:24:40 christos Exp $ 2.\" $OpenBSD: sftp.1,v 1.128 2019/11/30 07:07:59 jmc Exp $ 3.\" 4.\" Copyright (c) 2001 Damien Miller. All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 15.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 16.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 17.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 18.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 19.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 20.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 21.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 22.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 23.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 24.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 25.\" 26.Dd November 30 2019 27.Dt SFTP 1 28.Os 29.Sh NAME 30.Nm sftp 31.Nd OpenSSH secure file transfer 32.Sh SYNOPSIS 33.Nm sftp 34.Op Fl 46aCfpqrv 35.Op Fl B Ar buffer_size 36.Op Fl b Ar batchfile 37.Op Fl c Ar cipher 38.Op Fl D Ar sftp_server_path 39.Op Fl F Ar ssh_config 40.Op Fl i Ar identity_file 41.Op Fl J Ar destination 42.Op Fl l Ar limit 43.Op Fl o Ar ssh_option 44.Op Fl P Ar port 45.Op Fl R Ar num_requests 46.Op Fl S Ar program 47.Op Fl s Ar subsystem | sftp_server 48.Ar destination 49.Sh DESCRIPTION 50.Nm 51is a file transfer program, similar to 52.Xr ftp 1 , 53which performs all operations over an encrypted 54.Xr ssh 1 55transport. 56It may also use many features of ssh, such as public key authentication and 57compression. 58.Pp 59The 60.Ar destination 61may be specified either as 62.Sm off 63.Oo user @ Oc host Op : path 64.Sm on 65or as a URI in the form 66.Sm off 67.No sftp:// Oo user @ Oc host Oo : port Oc Op / path . 68.Sm on 69.Pp 70If the 71.Ar destination 72includes a 73.Ar path 74and it is not a directory, 75.Nm 76will retrieve files automatically if a non-interactive 77authentication method is used; otherwise it will do so after 78successful interactive authentication. 79.Pp 80If no 81.Ar path 82is specified, or if the 83.Ar path 84is a directory, 85.Nm 86will log in to the specified 87.Ar host 88and enter interactive command mode, changing to the remote directory 89if one was specified. 90An optional trailing slash can be used to force the 91.Ar path 92to be interpreted as a directory. 93.Pp 94Since the destination formats use colon characters to delimit host 95names from path names or port numbers, IPv6 addresses must be 96enclosed in square brackets to avoid ambiguity. 97.Pp 98The options are as follows: 99.Bl -tag -width Ds 100.It Fl 4 101Forces 102.Nm 103to use IPv4 addresses only. 104.It Fl 6 105Forces 106.Nm 107to use IPv6 addresses only. 108.It Fl a 109Attempt to continue interrupted transfers rather than overwriting 110existing partial or complete copies of files. 111If the partial contents differ from those being transferred, 112then the resultant file is likely to be corrupt. 113.It Fl B Ar buffer_size 114Specify the size of the buffer that 115.Nm 116uses when transferring files. 117Larger buffers require fewer round trips at the cost of higher 118memory consumption. 119The default is 32768 bytes. 120.It Fl b Ar batchfile 121Batch mode reads a series of commands from an input 122.Ar batchfile 123instead of 124.Em stdin . 125Since it lacks user interaction it should be used in conjunction with 126non-interactive authentication to obviate the need to enter a password 127at connection time (see 128.Xr sshd 8 129and 130.Xr ssh-keygen 1 131for details). 132.Pp 133A 134.Ar batchfile 135of 136.Sq \- 137may be used to indicate standard input. 138.Nm 139will abort if any of the following 140commands fail: 141.Ic get , put , reget , reput , rename , ln , 142.Ic rm , mkdir , chdir , ls , 143.Ic lchdir , chmod , chown , 144.Ic chgrp , lpwd , df , symlink , 145and 146.Ic lmkdir . 147.Pp 148Termination on error can be suppressed on a command by command basis by 149prefixing the command with a 150.Sq \- 151character (for example, 152.Ic -rm /tmp/blah* ) . 153Echo of the command may be suppressed by prefixing the command with a 154.Sq @ 155character. 156These two prefixes may be combined in any order, for example 157.Ic -@ls /bsd . 158.It Fl C 159Enables compression (via ssh's 160.Fl C 161flag). 162.It Fl c Ar cipher 163Selects the cipher to use for encrypting the data transfers. 164This option is directly passed to 165.Xr ssh 1 . 166.It Fl D Ar sftp_server_path 167Connect directly to a local sftp server 168(rather than via 169.Xr ssh 1 ) . 170This option may be useful in debugging the client and server. 171.It Fl F Ar ssh_config 172Specifies an alternative 173per-user configuration file for 174.Xr ssh 1 . 175This option is directly passed to 176.Xr ssh 1 . 177.It Fl f 178Requests that files be flushed to disk immediately after transfer. 179When uploading files, this feature is only enabled if the server 180implements the "fsync@openssh.com" extension. 181.It Fl i Ar identity_file 182Selects the file from which the identity (private key) for public key 183authentication is read. 184This option is directly passed to 185.Xr ssh 1 . 186.It Fl J Ar destination 187Connect to the target host by first making an 188.Nm 189connection to the jump host described by 190.Ar destination 191and then establishing a TCP forwarding to the ultimate destination from 192there. 193Multiple jump hops may be specified separated by comma characters. 194This is a shortcut to specify a 195.Cm ProxyJump 196configuration directive. 197This option is directly passed to 198.Xr ssh 1 . 199.It Fl l Ar limit 200Limits the used bandwidth, specified in Kbit/s. 201.It Fl o Ar ssh_option 202Can be used to pass options to 203.Nm ssh 204in the format used in 205.Xr ssh_config 5 . 206This is useful for specifying options 207for which there is no separate 208.Nm sftp 209command-line flag. 210For example, to specify an alternate port use: 211.Ic sftp -oPort=24 . 212For full details of the options listed below, and their possible values, see 213.Xr ssh_config 5 . 214.Pp 215.Bl -tag -width Ds -offset indent -compact 216.It AddressFamily 217.It BatchMode 218.It BindAddress 219.It BindInterface 220.It CanonicalDomains 221.It CanonicalizeFallbackLocal 222.It CanonicalizeHostname 223.It CanonicalizeMaxDots 224.It CanonicalizePermittedCNAMEs 225.It CASignatureAlgorithms 226.It CertificateFile 227.It ChallengeResponseAuthentication 228.It CheckHostIP 229.It Ciphers 230.It Compression 231.It ConnectionAttempts 232.It ConnectTimeout 233.It ControlMaster 234.It ControlPath 235.It ControlPersist 236.It GlobalKnownHostsFile 237.It GSSAPIAuthentication 238.It GSSAPIDelegateCredentials 239.It HashKnownHosts 240.It Host 241.It HostbasedAuthentication 242.It HostbasedKeyTypes 243.It HostKeyAlgorithms 244.It HostKeyAlias 245.It Hostname 246.It IdentitiesOnly 247.It IdentityAgent 248.It IdentityFile 249.It IPQoS 250.It KbdInteractiveAuthentication 251.It KbdInteractiveDevices 252.It KexAlgorithms 253.It LogLevel 254.It MACs 255.It NoHostAuthenticationForLocalhost 256.It NumberOfPasswordPrompts 257.It PasswordAuthentication 258.It PKCS11Provider 259.It Port 260.It PreferredAuthentications 261.It ProxyCommand 262.It ProxyJump 263.It PubkeyAcceptedKeyTypes 264.It PubkeyAuthentication 265.It RekeyLimit 266.It SendEnv 267.It ServerAliveInterval 268.It ServerAliveCountMax 269.It SetEnv 270.It StrictHostKeyChecking 271.It TCPKeepAlive 272.It UpdateHostKeys 273.It User 274.It UserKnownHostsFile 275.It VerifyHostKeyDNS 276.El 277.It Fl P Ar port 278Specifies the port to connect to on the remote host. 279.It Fl p 280Preserves modification times, access times, and modes from the 281original files transferred. 282.It Fl q 283Quiet mode: disables the progress meter as well as warning and 284diagnostic messages from 285.Xr ssh 1 . 286.It Fl R Ar num_requests 287Specify how many requests may be outstanding at any one time. 288Increasing this may slightly improve file transfer speed 289but will increase memory usage. 290The default is 256 outstanding requests providing for 8MB 291of outstanding data with a 32KB buffer. 292.It Fl r 293Recursively copy entire directories when uploading and downloading. 294Note that 295.Nm 296does not follow symbolic links encountered in the tree traversal. 297.It Fl S Ar program 298Name of the 299.Ar program 300to use for the encrypted connection. 301The program must understand 302.Xr ssh 1 303options. 304.It Fl s Ar subsystem | sftp_server 305Specifies the SSH2 subsystem or the path for an sftp server 306on the remote host. 307A path is useful when the remote 308.Xr sshd 8 309does not have an sftp subsystem configured. 310.It Fl v 311Raise logging level. 312This option is also passed to ssh. 313.El 314.Sh INTERACTIVE COMMANDS 315Once in interactive mode, 316.Nm 317understands a set of commands similar to those of 318.Xr ftp 1 . 319Commands are case insensitive. 320Pathnames that contain spaces must be enclosed in quotes. 321Any special characters contained within pathnames that are recognized by 322.Xr glob 3 323must be escaped with backslashes 324.Pq Sq \e . 325.Bl -tag -width Ds 326.It Ic bye 327Quit 328.Nm sftp . 329.It Ic cd Op Ar path 330Change remote directory to 331.Ar path . 332If 333.Ar path 334is not specified, then change directory to the one the session started in. 335.It Xo Ic chgrp 336.Op Fl h 337.Ar grp 338.Ar path 339.Xc 340Change group of file 341.Ar path 342to 343.Ar grp . 344If the 345.Fl h 346flag is specified, then symlinks will not be followed. 347.Ar path 348may contain 349.Xr glob 7 350characters and may match multiple files. 351.Ar grp 352must be a numeric GID. 353.It Xo Ic chmod 354.Op Fl h 355.Ar mode 356.Ar path 357.Xc 358Change permissions of file 359.Ar path 360to 361.Ar mode . 362If the 363.Fl h 364flag is specified, then symlinks will not be followed. 365.Ar path 366may contain 367.Xr glob 7 368characters and may match multiple files. 369.It Xo Ic chown 370.Op Fl h 371.Ar own 372.Ar path 373.Xc 374Change owner of file 375.Ar path 376to 377.Ar own . 378If the 379.Fl h 380flag is specified, then symlinks will not be followed. 381.Ar path 382may contain 383.Xr glob 7 384characters and may match multiple files. 385.Ar own 386must be a numeric UID. 387.It Ic df Oo Fl hi Oc Oo Ar path Oc 388Display usage information for the filesystem holding the current directory 389(or 390.Ar path 391if specified). 392If the 393.Fl h 394flag is specified, the capacity information will be displayed using 395"human-readable" suffixes. 396The 397.Fl i 398flag requests display of inode information in addition to capacity information. 399This command is only supported on servers that implement the 400.Dq statvfs@openssh.com 401extension. 402.It Ic exit 403Quit 404.Nm sftp . 405.It Xo Ic get 406.Op Fl afpR 407.Ar remote-path 408.Op Ar local-path 409.Xc 410Retrieve the 411.Ar remote-file 412and store it on the local machine. 413If the local 414path name is not specified, it is given the same name it has on the 415remote machine. 416.Ar remote-path 417may contain 418.Xr glob 7 419characters and may match multiple files. 420If it does and 421.Ar local-path 422is specified, then 423.Ar local-path 424must specify a directory. 425.Pp 426If the 427.Fl a 428flag is specified, then attempt to resume partial transfers of existing files. 429Note that resumption assumes that any partial copy of the local file matches 430the remote copy. 431If the remote file contents differ from the partial local copy then the 432resultant file is likely to be corrupt. 433.Pp 434If the 435.Fl f 436flag is specified, then 437.Xr fsync 2 438will be called after the file transfer has completed to flush the file 439to disk. 440.Pp 441If the 442.Fl p 443.\" undocumented redundant alias 444.\" or 445.\" .Fl P 446flag is specified, then full file permissions and access times are 447copied too. 448.Pp 449If the 450.Fl R 451.\" undocumented redundant alias 452.\" or 453.\" .Fl r 454flag is specified then directories will be copied recursively. 455Note that 456.Nm 457does not follow symbolic links when performing recursive transfers. 458.It Ic help 459Display help text. 460.It Ic lcd Op Ar path 461Change local directory to 462.Ar path . 463If 464.Ar path 465is not specified, then change directory to the local user's home directory. 466.It Ic lls Op Ar ls-options Op Ar path 467Display local directory listing of either 468.Ar path 469or current directory if 470.Ar path 471is not specified. 472.Ar ls-options 473may contain any flags supported by the local system's 474.Xr ls 1 475command. 476.Ar path 477may contain 478.Xr glob 7 479characters and may match multiple files. 480.It Ic lmkdir Ar path 481Create local directory specified by 482.Ar path . 483.It Xo Ic ln 484.Op Fl s 485.Ar oldpath 486.Ar newpath 487.Xc 488Create a link from 489.Ar oldpath 490to 491.Ar newpath . 492If the 493.Fl s 494flag is specified the created link is a symbolic link, otherwise it is 495a hard link. 496.It Ic lpwd 497Print local working directory. 498.It Ic ls Oo Fl 1afhlnrSt Oc Oo Ar path Oc 499Display a remote directory listing of either 500.Ar path 501or the current directory if 502.Ar path 503is not specified. 504.Ar path 505may contain 506.Xr glob 7 507characters and may match multiple files. 508.Pp 509The following flags are recognized and alter the behaviour of 510.Ic ls 511accordingly: 512.Bl -tag -width Ds 513.It Fl 1 514Produce single columnar output. 515.It Fl a 516List files beginning with a dot 517.Pq Sq \&. . 518.It Fl f 519Do not sort the listing. 520The default sort order is lexicographical. 521.It Fl h 522When used with a long format option, use unit suffixes: Byte, Kilobyte, 523Megabyte, Gigabyte, Terabyte, Petabyte, and Exabyte in order to reduce 524the number of digits to four or fewer using powers of 2 for sizes (K=1024, 525M=1048576, etc.). 526.It Fl l 527Display additional details including permissions 528and ownership information. 529.It Fl n 530Produce a long listing with user and group information presented 531numerically. 532.It Fl r 533Reverse the sort order of the listing. 534.It Fl S 535Sort the listing by file size. 536.It Fl t 537Sort the listing by last modification time. 538.El 539.It Ic lumask Ar umask 540Set local umask to 541.Ar umask . 542.It Ic mkdir Ar path 543Create remote directory specified by 544.Ar path . 545.It Ic progress 546Toggle display of progress meter. 547.It Xo Ic put 548.Op Fl afpR 549.Ar local-path 550.Op Ar remote-path 551.Xc 552Upload 553.Ar local-path 554and store it on the remote machine. 555If the remote path name is not specified, it is given the same name it has 556on the local machine. 557.Ar local-path 558may contain 559.Xr glob 7 560characters and may match multiple files. 561If it does and 562.Ar remote-path 563is specified, then 564.Ar remote-path 565must specify a directory. 566.Pp 567If the 568.Fl a 569flag is specified, then attempt to resume partial 570transfers of existing files. 571Note that resumption assumes that any partial copy of the remote file 572matches the local copy. 573If the local file contents differ from the remote local copy then 574the resultant file is likely to be corrupt. 575.Pp 576If the 577.Fl f 578flag is specified, then a request will be sent to the server to call 579.Xr fsync 2 580after the file has been transferred. 581Note that this is only supported by servers that implement 582the "fsync@openssh.com" extension. 583.Pp 584If the 585.Fl p 586.\" undocumented redundant alias 587.\" or 588.\" .Fl P 589flag is specified, then full file permissions and access times are 590copied too. 591.Pp 592If the 593.Fl R 594.\" undocumented redundant alias 595.\" or 596.\" .Fl r 597flag is specified then directories will be copied recursively. 598Note that 599.Nm 600does not follow symbolic links when performing recursive transfers. 601.It Ic pwd 602Display remote working directory. 603.It Ic quit 604Quit 605.Nm sftp . 606.It Xo Ic reget 607.Op Fl fpR 608.Ar remote-path 609.Op Ar local-path 610.Xc 611Resume download of 612.Ar remote-path . 613Equivalent to 614.Ic get 615with the 616.Fl a 617flag set. 618.It Xo Ic reput 619.Op Fl fpR 620.Ar local-path 621.Op Ar remote-path 622.Xc 623Resume upload of 624.Ar local-path . 625Equivalent to 626.Ic put 627with the 628.Fl a 629flag set. 630.It Ic rename Ar oldpath Ar newpath 631Rename remote file from 632.Ar oldpath 633to 634.Ar newpath . 635.It Ic rm Ar path 636Delete remote file specified by 637.Ar path . 638.It Ic rmdir Ar path 639Remove remote directory specified by 640.Ar path . 641.It Ic symlink Ar oldpath Ar newpath 642Create a symbolic link from 643.Ar oldpath 644to 645.Ar newpath . 646.It Ic version 647Display the 648.Nm 649protocol version. 650.It Ic \&! Ns Ar command 651Execute 652.Ar command 653in local shell. 654.It Ic \&! 655Escape to local shell. 656.It Ic \&? 657Synonym for help. 658.El 659.Sh SEE ALSO 660.Xr ftp 1 , 661.Xr ls 1 , 662.Xr scp 1 , 663.Xr ssh 1 , 664.Xr ssh-add 1 , 665.Xr ssh-keygen 1 , 666.Xr ssh_config 5 , 667.Xr glob 7 , 668.Xr sftp-server 8 , 669.Xr sshd 8 670.Rs 671.%A T. Ylonen 672.%A S. Lehtinen 673.%T "SSH File Transfer Protocol" 674.%N draft-ietf-secsh-filexfer-00.txt 675.%D January 2001 676.%O work in progress material 677.Re 678