1.\" $NetBSD: sftp.1,v 1.19 2019/04/20 17:16:40 christos Exp $ 2.\" $OpenBSD: sftp.1,v 1.125 2019/01/22 06:58:31 jmc Exp $ 3.\" 4.\" Copyright (c) 2001 Damien Miller. All rights reserved. 5.\" 6.\" Redistribution and use in source and binary forms, with or without 7.\" modification, are permitted provided that the following conditions 8.\" are met: 9.\" 1. Redistributions of source code must retain the above copyright 10.\" notice, this list of conditions and the following disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 15.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 16.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 17.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 18.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 19.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 20.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 21.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 22.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 23.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 24.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 25.\" 26.Dd January 22 2019 27.Dt SFTP 1 28.Os 29.Sh NAME 30.Nm sftp 31.Nd secure file transfer program 32.Sh SYNOPSIS 33.Nm sftp 34.Op Fl 46aCfpqrv 35.Op Fl B Ar buffer_size 36.Op Fl b Ar batchfile 37.Op Fl c Ar cipher 38.Op Fl D Ar sftp_server_path 39.Op Fl F Ar ssh_config 40.Op Fl i Ar identity_file 41.Op Fl J Ar destination 42.Op Fl l Ar limit 43.Op Fl o Ar ssh_option 44.Op Fl P Ar port 45.Op Fl R Ar num_requests 46.Op Fl S Ar program 47.Op Fl s Ar subsystem | sftp_server 48.Ar destination 49.Sh DESCRIPTION 50.Nm 51is a file transfer program, similar to 52.Xr ftp 1 , 53which performs all operations over an encrypted 54.Xr ssh 1 55transport. 56It may also use many features of ssh, such as public key authentication and 57compression. 58.Pp 59The 60.Ar destination 61may be specified either as 62.Sm off 63.Oo user @ Oc host Op : path 64.Sm on 65or as a URI in the form 66.Sm off 67.No sftp:// Oo user @ Oc host Oo : port Oc Op / path . 68.Sm on 69.Pp 70If the 71.Ar destination 72includes a 73.Ar path 74and it is not a directory, 75.Nm 76will retrieve files automatically if a non-interactive 77authentication method is used; otherwise it will do so after 78successful interactive authentication. 79.Pp 80If no 81.Ar path 82is specified, or if the 83.Ar path 84is a directory, 85.Nm 86will log in to the specified 87.Ar host 88and enter interactive command mode, changing to the remote directory 89if one was specified. 90An optional trailing slash can be used to force the 91.Ar path 92to be interpreted as a directory. 93.Pp 94Since the destination formats use colon characters to delimit host 95names from path names or port numbers, IPv6 addresses must be 96enclosed in square brackets to avoid ambiguity. 97.Pp 98The options are as follows: 99.Bl -tag -width Ds 100.It Fl 4 101Forces 102.Nm 103to use IPv4 addresses only. 104.It Fl 6 105Forces 106.Nm 107to use IPv6 addresses only. 108.It Fl a 109Attempt to continue interrupted transfers rather than overwriting 110existing partial or complete copies of files. 111If the partial contents differ from those being transferred, 112then the resultant file is likely to be corrupt. 113.It Fl B Ar buffer_size 114Specify the size of the buffer that 115.Nm 116uses when transferring files. 117Larger buffers require fewer round trips at the cost of higher 118memory consumption. 119The default is 32768 bytes. 120.It Fl b Ar batchfile 121Batch mode reads a series of commands from an input 122.Ar batchfile 123instead of 124.Em stdin . 125Since it lacks user interaction it should be used in conjunction with 126non-interactive authentication to obviate the need to enter a password 127at connection time (see 128.Xr sshd 8 129and 130.Xr ssh-keygen 1 131for details). 132.Pp 133A 134.Ar batchfile 135of 136.Sq \- 137may be used to indicate standard input. 138.Nm 139will abort if any of the following 140commands fail: 141.Ic get , put , reget , reput , rename , ln , 142.Ic rm , mkdir , chdir , ls , 143.Ic lchdir , chmod , chown , 144.Ic chgrp , lpwd , df , symlink , 145and 146.Ic lmkdir . 147.Pp 148Termination on error can be suppressed on a command by command basis by 149prefixing the command with a 150.Sq \- 151character (for example, 152.Ic -rm /tmp/blah* ) . 153Echo of the command may be suppressed by prefixing the command with a 154.Sq @ 155character. 156These two prefixes may be combined in any order, for example 157.Ic -@ls /bsd . 158.It Fl C 159Enables compression (via ssh's 160.Fl C 161flag). 162.It Fl c Ar cipher 163Selects the cipher to use for encrypting the data transfers. 164This option is directly passed to 165.Xr ssh 1 . 166.It Fl D Ar sftp_server_path 167Connect directly to a local sftp server 168(rather than via 169.Xr ssh 1 ) . 170This option may be useful in debugging the client and server. 171.It Fl F Ar ssh_config 172Specifies an alternative 173per-user configuration file for 174.Xr ssh 1 . 175This option is directly passed to 176.Xr ssh 1 . 177.It Fl f 178Requests that files be flushed to disk immediately after transfer. 179When uploading files, this feature is only enabled if the server 180implements the "fsync@openssh.com" extension. 181.It Fl i Ar identity_file 182Selects the file from which the identity (private key) for public key 183authentication is read. 184This option is directly passed to 185.Xr ssh 1 . 186.It Fl J Ar destination 187Connect to the target host by first making an 188.Nm 189connection to the jump host described by 190.Ar destination 191and then establishing a TCP forwarding to the ultimate destination from 192there. 193Multiple jump hops may be specified separated by comma characters. 194This is a shortcut to specify a 195.Cm ProxyJump 196configuration directive. 197This option is directly passed to 198.Xr ssh 1 . 199.It Fl l Ar limit 200Limits the used bandwidth, specified in Kbit/s. 201.It Fl o Ar ssh_option 202Can be used to pass options to 203.Nm ssh 204in the format used in 205.Xr ssh_config 5 . 206This is useful for specifying options 207for which there is no separate 208.Nm sftp 209command-line flag. 210For example, to specify an alternate port use: 211.Ic sftp -oPort=24 . 212For full details of the options listed below, and their possible values, see 213.Xr ssh_config 5 . 214.Pp 215.Bl -tag -width Ds -offset indent -compact 216.It AddressFamily 217.It BatchMode 218.It BindAddress 219.It BindInterface 220.It CanonicalDomains 221.It CanonicalizeFallbackLocal 222.It CanonicalizeHostname 223.It CanonicalizeMaxDots 224.It CanonicalizePermittedCNAMEs 225.It CASignatureAlgorithms 226.It CertificateFile 227.It ChallengeResponseAuthentication 228.It CheckHostIP 229.It Ciphers 230.It Compression 231.It ConnectionAttempts 232.It ConnectTimeout 233.It ControlMaster 234.It ControlPath 235.It ControlPersist 236.It GlobalKnownHostsFile 237.It GSSAPIAuthentication 238.It GSSAPIDelegateCredentials 239.It HashKnownHosts 240.It Host 241.It HostbasedAuthentication 242.It HostbasedKeyTypes 243.It HostKeyAlgorithms 244.It HostKeyAlias 245.It HostName 246.It IdentitiesOnly 247.It IdentityAgent 248.It IdentityFile 249.It IPQoS 250.It KbdInteractiveAuthentication 251.It KbdInteractiveDevices 252.It KexAlgorithms 253.It LogLevel 254.It MACs 255.It NoHostAuthenticationForLocalhost 256.It NumberOfPasswordPrompts 257.It PasswordAuthentication 258.It PKCS11Provider 259.It Port 260.It PreferredAuthentications 261.It ProxyCommand 262.It ProxyJump 263.It PubkeyAcceptedKeyTypes 264.It PubkeyAuthentication 265.It RekeyLimit 266.It SendEnv 267.It ServerAliveInterval 268.It ServerAliveCountMax 269.It SetEnv 270.It StrictHostKeyChecking 271.It TCPKeepAlive 272.It UpdateHostKeys 273.It User 274.It UserKnownHostsFile 275.It VerifyHostKeyDNS 276.El 277.It Fl P Ar port 278Specifies the port to connect to on the remote host. 279.It Fl p 280Preserves modification times, access times, and modes from the 281original files transferred. 282.It Fl q 283Quiet mode: disables the progress meter as well as warning and 284diagnostic messages from 285.Xr ssh 1 . 286.It Fl R Ar num_requests 287Specify how many requests may be outstanding at any one time. 288Increasing this may slightly improve file transfer speed 289but will increase memory usage. 290The default is 256 outstanding requests providing for 8MB 291of outstanding data with a 32KB buffer. 292.It Fl r 293Recursively copy entire directories when uploading and downloading. 294Note that 295.Nm 296does not follow symbolic links encountered in the tree traversal. 297.It Fl S Ar program 298Name of the 299.Ar program 300to use for the encrypted connection. 301The program must understand 302.Xr ssh 1 303options. 304.It Fl s Ar subsystem | sftp_server 305Specifies the SSH2 subsystem or the path for an sftp server 306on the remote host. 307A path is useful when the remote 308.Xr sshd 8 309does not have an sftp subsystem configured. 310.It Fl v 311Raise logging level. 312This option is also passed to ssh. 313.El 314.Sh INTERACTIVE COMMANDS 315Once in interactive mode, 316.Nm 317understands a set of commands similar to those of 318.Xr ftp 1 . 319Commands are case insensitive. 320Pathnames that contain spaces must be enclosed in quotes. 321Any special characters contained within pathnames that are recognized by 322.Xr glob 3 323must be escaped with backslashes 324.Pq Sq \e . 325.Bl -tag -width Ds 326.It Ic bye 327Quit 328.Nm sftp . 329.It Ic cd Op Ar path 330Change remote directory to 331.Ar path . 332If 333.Ar path 334is not specified, then change directory to the one the session started in. 335.It Xo Ic chgrp 336.Op Fl h 337.Ar grp 338.Ar path 339.Xc 340Change group of file 341.Ar path 342to 343.Ar grp . 344If the 345.Fl h 346flag is specified, then symlinks will not be followed. 347.Ar path 348may contain 349.Xr glob 7 350characters and may match multiple files. 351.Ar grp 352must be a numeric GID. 353.It Xo Ic chmod 354.Op Fl h 355.Ar mode 356.Ar path 357.Xc 358Change permissions of file 359.Ar path 360to 361.Ar mode . 362If the 363.Fl h 364flag is specified, then symlinks will not be followed. 365.Ar path 366may contain 367.Xr glob 7 368characters and may match multiple files. 369.It Xo Ic chown 370.Op Fl h 371.Ar own 372.Ar path 373.Xc 374Change owner of file 375.Ar path 376to 377.Ar own . 378If the 379.Fl h 380flag is specified, then symlinks will not be followed. 381.Ar path 382may contain 383.Xr glob 7 384characters and may match multiple files. 385.Ar own 386must be a numeric UID. 387.It Ic df Oo Fl hi Oc Oo Ar path Oc 388Display usage information for the filesystem holding the current directory 389(or 390.Ar path 391if specified). 392If the 393.Fl h 394flag is specified, the capacity information will be displayed using 395"human-readable" suffixes. 396The 397.Fl i 398flag requests display of inode information in addition to capacity information. 399This command is only supported on servers that implement the 400.Dq statvfs@openssh.com 401extension. 402.It Ic exit 403Quit 404.Nm sftp . 405.It Xo Ic get 406.Op Fl afPpr 407.Ar remote-path 408.Op Ar local-path 409.Xc 410Retrieve the 411.Ar remote-file 412and store it on the local machine. 413If the local 414path name is not specified, it is given the same name it has on the 415remote machine. 416.Ar remote-path 417may contain 418.Xr glob 7 419characters and may match multiple files. 420If it does and 421.Ar local-path 422is specified, then 423.Ar local-path 424must specify a directory. 425.Pp 426If the 427.Fl a 428flag is specified, then attempt to resume partial transfers of existing files. 429Note that resumption assumes that any partial copy of the local file matches 430the remote copy. 431If the remote file contents differ from the partial local copy then the 432resultant file is likely to be corrupt. 433.Pp 434If the 435.Fl f 436flag is specified, then 437.Xr fsync 2 438will be called after the file transfer has completed to flush the file 439to disk. 440.Pp 441If either the 442.Fl P 443or 444.Fl p 445flag is specified, then full file permissions and access times are 446copied too. 447.Pp 448If the 449.Fl r 450flag is specified then directories will be copied recursively. 451Note that 452.Nm 453does not follow symbolic links when performing recursive transfers. 454.It Ic help 455Display help text. 456.It Ic lcd Op Ar path 457Change local directory to 458.Ar path . 459If 460.Ar path 461is not specified, then change directory to the local user's home directory. 462.It Ic lls Op Ar ls-options Op Ar path 463Display local directory listing of either 464.Ar path 465or current directory if 466.Ar path 467is not specified. 468.Ar ls-options 469may contain any flags supported by the local system's 470.Xr ls 1 471command. 472.Ar path 473may contain 474.Xr glob 7 475characters and may match multiple files. 476.It Ic lmkdir Ar path 477Create local directory specified by 478.Ar path . 479.It Xo Ic ln 480.Op Fl s 481.Ar oldpath 482.Ar newpath 483.Xc 484Create a link from 485.Ar oldpath 486to 487.Ar newpath . 488If the 489.Fl s 490flag is specified the created link is a symbolic link, otherwise it is 491a hard link. 492.It Ic lpwd 493Print local working directory. 494.It Ic ls Oo Fl 1afhlnrSt Oc Oo Ar path Oc 495Display a remote directory listing of either 496.Ar path 497or the current directory if 498.Ar path 499is not specified. 500.Ar path 501may contain 502.Xr glob 7 503characters and may match multiple files. 504.Pp 505The following flags are recognized and alter the behaviour of 506.Ic ls 507accordingly: 508.Bl -tag -width Ds 509.It Fl 1 510Produce single columnar output. 511.It Fl a 512List files beginning with a dot 513.Pq Sq \&. . 514.It Fl f 515Do not sort the listing. 516The default sort order is lexicographical. 517.It Fl h 518When used with a long format option, use unit suffixes: Byte, Kilobyte, 519Megabyte, Gigabyte, Terabyte, Petabyte, and Exabyte in order to reduce 520the number of digits to four or fewer using powers of 2 for sizes (K=1024, 521M=1048576, etc.). 522.It Fl l 523Display additional details including permissions 524and ownership information. 525.It Fl n 526Produce a long listing with user and group information presented 527numerically. 528.It Fl r 529Reverse the sort order of the listing. 530.It Fl S 531Sort the listing by file size. 532.It Fl t 533Sort the listing by last modification time. 534.El 535.It Ic lumask Ar umask 536Set local umask to 537.Ar umask . 538.It Ic mkdir Ar path 539Create remote directory specified by 540.Ar path . 541.It Ic progress 542Toggle display of progress meter. 543.It Xo Ic put 544.Op Fl afPpr 545.Ar local-path 546.Op Ar remote-path 547.Xc 548Upload 549.Ar local-path 550and store it on the remote machine. 551If the remote path name is not specified, it is given the same name it has 552on the local machine. 553.Ar local-path 554may contain 555.Xr glob 7 556characters and may match multiple files. 557If it does and 558.Ar remote-path 559is specified, then 560.Ar remote-path 561must specify a directory. 562.Pp 563If the 564.Fl a 565flag is specified, then attempt to resume partial 566transfers of existing files. 567Note that resumption assumes that any partial copy of the remote file 568matches the local copy. 569If the local file contents differ from the remote local copy then 570the resultant file is likely to be corrupt. 571.Pp 572If the 573.Fl f 574flag is specified, then a request will be sent to the server to call 575.Xr fsync 2 576after the file has been transferred. 577Note that this is only supported by servers that implement 578the "fsync@openssh.com" extension. 579.Pp 580If either the 581.Fl P 582or 583.Fl p 584flag is specified, then full file permissions and access times are 585copied too. 586.Pp 587If the 588.Fl r 589flag is specified then directories will be copied recursively. 590Note that 591.Nm 592does not follow symbolic links when performing recursive transfers. 593.It Ic pwd 594Display remote working directory. 595.It Ic quit 596Quit 597.Nm sftp . 598.It Xo Ic reget 599.Op Fl Ppr 600.Ar remote-path 601.Op Ar local-path 602.Xc 603Resume download of 604.Ar remote-path . 605Equivalent to 606.Ic get 607with the 608.Fl a 609flag set. 610.It Xo Ic reput 611.Op Fl Ppr 612.Op Ar local-path 613.Ar remote-path 614.Xc 615Resume upload of 616.Op Ar local-path . 617Equivalent to 618.Ic put 619with the 620.Fl a 621flag set. 622.It Ic rename Ar oldpath Ar newpath 623Rename remote file from 624.Ar oldpath 625to 626.Ar newpath . 627.It Ic rm Ar path 628Delete remote file specified by 629.Ar path . 630.It Ic rmdir Ar path 631Remove remote directory specified by 632.Ar path . 633.It Ic symlink Ar oldpath Ar newpath 634Create a symbolic link from 635.Ar oldpath 636to 637.Ar newpath . 638.It Ic version 639Display the 640.Nm 641protocol version. 642.It Ic \&! Ns Ar command 643Execute 644.Ar command 645in local shell. 646.It Ic \&! 647Escape to local shell. 648.It Ic \&? 649Synonym for help. 650.El 651.Sh SEE ALSO 652.Xr ftp 1 , 653.Xr ls 1 , 654.Xr scp 1 , 655.Xr ssh 1 , 656.Xr ssh-add 1 , 657.Xr ssh-keygen 1 , 658.Xr ssh_config 5 , 659.Xr glob 7 , 660.Xr sftp-server 8 , 661.Xr sshd 8 662.Rs 663.%A T. Ylonen 664.%A S. Lehtinen 665.%T "SSH File Transfer Protocol" 666.%N draft-ietf-secsh-filexfer-00.txt 667.%D January 2001 668.%O work in progress material 669.Re 670