1180740SdesSFTP(1) OpenBSD Reference Manual SFTP(1) 2180740Sdes 3180740SdesNAME 4180740Sdes sftp - secure file transfer program 5180740Sdes 6180740SdesSYNOPSIS 7262566Sdes sftp [-1246aCfpqrv] [-B buffer_size] [-b batchfile] [-c cipher] 8218767Sdes [-D sftp_server_path] [-F ssh_config] [-i identity_file] [-l limit] 9204861Sdes [-o ssh_option] [-P port] [-R num_requests] [-S program] 10180740Sdes [-s subsystem | sftp_server] host 11189006Sdes sftp [user@]host[:file ...] 12189006Sdes sftp [user@]host[:dir[/]] 13180740Sdes sftp -b batchfile [user@]host 14180740Sdes 15180740SdesDESCRIPTION 16180740Sdes sftp is an interactive file transfer program, similar to ftp(1), which 17180740Sdes performs all operations over an encrypted ssh(1) transport. It may also 18214979Sdes use many features of ssh, such as public key authentication and 19214979Sdes compression. sftp connects and logs into the specified host, then enters 20214979Sdes an interactive command mode. 21180740Sdes 22214979Sdes The second usage format will retrieve files automatically if a non- 23214979Sdes interactive authentication method is used; otherwise it will do so after 24214979Sdes successful interactive authentication. 25180740Sdes 26180740Sdes The third usage format allows sftp to start in a remote directory. 27180740Sdes 28180740Sdes The final usage format allows for automated sessions using the -b option. 29214979Sdes In such cases, it is necessary to configure non-interactive 30214979Sdes authentication to obviate the need to enter a password at connection time 31225825Sdes (see sshd(8) and ssh-keygen(1) for details). 32180740Sdes 33225825Sdes Since some usage formats use colon characters to delimit host names from 34225825Sdes path names, IPv6 addresses must be enclosed in square brackets to avoid 35225825Sdes ambiguity. 36225825Sdes 37225825Sdes The options are as follows: 38225825Sdes 39180740Sdes -1 Specify the use of protocol version 1. 40180740Sdes 41204861Sdes -2 Specify the use of protocol version 2. 42204861Sdes 43204861Sdes -4 Forces sftp to use IPv4 addresses only. 44204861Sdes 45204861Sdes -6 Forces sftp to use IPv6 addresses only. 46204861Sdes 47262566Sdes -a Attempt to continue interrupted downloads rather than overwriting 48262566Sdes existing partial or complete copies of files. If the remote file 49262566Sdes contents differ from the partial local copy then the resultant 50262566Sdes file is likely to be corrupt. 51262566Sdes 52180740Sdes -B buffer_size 53180740Sdes Specify the size of the buffer that sftp uses when transferring 54180740Sdes files. Larger buffers require fewer round trips at the cost of 55180740Sdes higher memory consumption. The default is 32768 bytes. 56180740Sdes 57180740Sdes -b batchfile 58214979Sdes Batch mode reads a series of commands from an input batchfile 59214979Sdes instead of stdin. Since it lacks user interaction it should be 60180740Sdes used in conjunction with non-interactive authentication. A 61180740Sdes batchfile of `-' may be used to indicate standard input. sftp 62180740Sdes will abort if any of the following commands fail: get, put, 63255670Sdes reget, rename, ln, rm, mkdir, chdir, ls, lchdir, chmod, chown, 64255670Sdes chgrp, lpwd, df, symlink, and lmkdir. Termination on error can 65255670Sdes be suppressed on a command by command basis by prefixing the 66255670Sdes command with a `-' character (for example, -rm /tmp/blah*). 67180740Sdes 68180740Sdes -C Enables compression (via ssh's -C flag). 69180740Sdes 70204861Sdes -c cipher 71204861Sdes Selects the cipher to use for encrypting the data transfers. 72204861Sdes This option is directly passed to ssh(1). 73204861Sdes 74204861Sdes -D sftp_server_path 75204861Sdes Connect directly to a local sftp server (rather than via ssh(1)). 76204861Sdes This option may be useful in debugging the client and server. 77204861Sdes 78180740Sdes -F ssh_config 79180740Sdes Specifies an alternative per-user configuration file for ssh(1). 80180740Sdes This option is directly passed to ssh(1). 81180740Sdes 82262566Sdes -f Requests that files be flushed to disk immediately after 83262566Sdes transfer. When uploading files, this feature is only enabled if 84262566Sdes the server implements the "fsync@openssh.com" extension. 85262566Sdes 86204861Sdes -i identity_file 87204861Sdes Selects the file from which the identity (private key) for public 88204861Sdes key authentication is read. This option is directly passed to 89204861Sdes ssh(1). 90204861Sdes 91218767Sdes -l limit 92218767Sdes Limits the used bandwidth, specified in Kbit/s. 93218767Sdes 94180740Sdes -o ssh_option 95180740Sdes Can be used to pass options to ssh in the format used in 96180740Sdes ssh_config(5). This is useful for specifying options for which 97180740Sdes there is no separate sftp command-line flag. For example, to 98180740Sdes specify an alternate port use: sftp -oPort=24. For full details 99180740Sdes of the options listed below, and their possible values, see 100180740Sdes ssh_config(5). 101180740Sdes 102180740Sdes AddressFamily 103180740Sdes BatchMode 104180740Sdes BindAddress 105262566Sdes CanonicalDomains 106262566Sdes CanonicalizeFallbackLocal 107262566Sdes CanonicalizeHostname 108262566Sdes CanonicalizeMaxDots 109262566Sdes CanonicalizePermittedCNAMEs 110180740Sdes ChallengeResponseAuthentication 111180740Sdes CheckHostIP 112180740Sdes Cipher 113180740Sdes Ciphers 114180740Sdes Compression 115180740Sdes CompressionLevel 116180740Sdes ConnectionAttempts 117180740Sdes ConnectTimeout 118180740Sdes ControlMaster 119180740Sdes ControlPath 120239844Sdes ControlPersist 121180740Sdes GlobalKnownHostsFile 122180740Sdes GSSAPIAuthentication 123180740Sdes GSSAPIDelegateCredentials 124180740Sdes HashKnownHosts 125180740Sdes Host 126180740Sdes HostbasedAuthentication 127180740Sdes HostKeyAlgorithms 128180740Sdes HostKeyAlias 129180740Sdes HostName 130180740Sdes IdentityFile 131180740Sdes IdentitiesOnly 132218767Sdes IPQoS 133239844Sdes KbdInteractiveAuthentication 134180740Sdes KbdInteractiveDevices 135218767Sdes KexAlgorithms 136180740Sdes LogLevel 137180740Sdes MACs 138180740Sdes NoHostAuthenticationForLocalhost 139180740Sdes NumberOfPasswordPrompts 140180740Sdes PasswordAuthentication 141204861Sdes PKCS11Provider 142180740Sdes Port 143180740Sdes PreferredAuthentications 144180740Sdes Protocol 145180740Sdes ProxyCommand 146180740Sdes PubkeyAuthentication 147180740Sdes RekeyLimit 148180740Sdes RhostsRSAAuthentication 149180740Sdes RSAAuthentication 150180740Sdes SendEnv 151180740Sdes ServerAliveInterval 152180740Sdes ServerAliveCountMax 153180740Sdes StrictHostKeyChecking 154180740Sdes TCPKeepAlive 155180740Sdes UsePrivilegedPort 156180740Sdes User 157180740Sdes UserKnownHostsFile 158180740Sdes VerifyHostKeyDNS 159180740Sdes 160204861Sdes -P port 161204861Sdes Specifies the port to connect to on the remote host. 162180740Sdes 163204861Sdes -p Preserves modification times, access times, and modes from the 164204861Sdes original files transferred. 165204861Sdes 166204861Sdes -q Quiet mode: disables the progress meter as well as warning and 167204861Sdes diagnostic messages from ssh(1). 168204861Sdes 169180740Sdes -R num_requests 170180740Sdes Specify how many requests may be outstanding at any one time. 171180740Sdes Increasing this may slightly improve file transfer speed but will 172180750Sdes increase memory usage. The default is 64 outstanding requests. 173180740Sdes 174214979Sdes -r Recursively copy entire directories when uploading and 175214979Sdes downloading. Note that sftp does not follow symbolic links 176214979Sdes encountered in the tree traversal. 177204861Sdes 178180740Sdes -S program 179180740Sdes Name of the program to use for the encrypted connection. The 180180740Sdes program must understand ssh(1) options. 181180740Sdes 182180740Sdes -s subsystem | sftp_server 183180740Sdes Specifies the SSH2 subsystem or the path for an sftp server on 184180740Sdes the remote host. A path is useful for using sftp over protocol 185214979Sdes version 1, or when the remote sshd(8) does not have an sftp 186214979Sdes subsystem configured. 187180740Sdes 188180740Sdes -v Raise logging level. This option is also passed to ssh. 189180740Sdes 190180740SdesINTERACTIVE COMMANDS 191180740Sdes Once in interactive mode, sftp understands a set of commands similar to 192180740Sdes those of ftp(1). Commands are case insensitive. Pathnames that contain 193180740Sdes spaces must be enclosed in quotes. Any special characters contained 194180740Sdes within pathnames that are recognized by glob(3) must be escaped with 195180740Sdes backslashes (`\'). 196180740Sdes 197180740Sdes bye Quit sftp. 198180740Sdes 199180740Sdes cd path 200180740Sdes Change remote directory to path. 201180740Sdes 202180740Sdes chgrp grp path 203214979Sdes Change group of file path to grp. path may contain glob(3) 204214979Sdes characters and may match multiple files. grp must be a numeric 205214979Sdes GID. 206180740Sdes 207180740Sdes chmod mode path 208180740Sdes Change permissions of file path to mode. path may contain 209180740Sdes glob(3) characters and may match multiple files. 210180740Sdes 211180740Sdes chown own path 212214979Sdes Change owner of file path to own. path may contain glob(3) 213214979Sdes characters and may match multiple files. own must be a numeric 214214979Sdes UID. 215180740Sdes 216180750Sdes df [-hi] [path] 217180750Sdes Display usage information for the filesystem holding the current 218180750Sdes directory (or path if specified). If the -h flag is specified, 219180750Sdes the capacity information will be displayed using "human-readable" 220180750Sdes suffixes. The -i flag requests display of inode information in 221180750Sdes addition to capacity information. This command is only supported 222180750Sdes on servers that implement the ``statvfs@openssh.com'' extension. 223180750Sdes 224180740Sdes exit Quit sftp. 225180740Sdes 226262566Sdes get [-afPpr] remote-path [local-path] 227180740Sdes Retrieve the remote-path and store it on the local machine. If 228180740Sdes the local path name is not specified, it is given the same name 229180740Sdes it has on the remote machine. remote-path may contain glob(3) 230214979Sdes characters and may match multiple files. If it does and 231214979Sdes local-path is specified, then local-path must specify a 232214979Sdes directory. 233180740Sdes 234255670Sdes If the -a flag is specified, then attempt to resume partial 235255670Sdes transfers of existing files. Note that resumption assumes that 236255670Sdes any partial copy of the local file matches the remote copy. If 237262566Sdes the remote file contents differ from the partial local copy then 238262566Sdes the resultant file is likely to be corrupt. 239255670Sdes 240262566Sdes If the -f flag is specified, then fsync(2) will be called after 241262566Sdes the file transfer has completed to flush the file to disk. 242262566Sdes 243214979Sdes If either the -P or -p flag is specified, then full file 244214979Sdes permissions and access times are copied too. 245204861Sdes 246214979Sdes If the -r flag is specified then directories will be copied 247214979Sdes recursively. Note that sftp does not follow symbolic links when 248204861Sdes performing recursive transfers. 249204861Sdes 250180740Sdes help Display help text. 251180740Sdes 252180740Sdes lcd path 253180740Sdes Change local directory to path. 254180740Sdes 255180740Sdes lls [ls-options [path]] 256214979Sdes Display local directory listing of either path or current 257214979Sdes directory if path is not specified. ls-options may contain any 258214979Sdes flags supported by the local system's ls(1) command. path may 259214979Sdes contain glob(3) characters and may match multiple files. 260180740Sdes 261180740Sdes lmkdir path 262180740Sdes Create local directory specified by path. 263180740Sdes 264218767Sdes ln [-s] oldpath newpath 265218767Sdes Create a link from oldpath to newpath. If the -s flag is 266218767Sdes specified the created link is a symbolic link, otherwise it is a 267218767Sdes hard link. 268180740Sdes 269180740Sdes lpwd Print local working directory. 270180740Sdes 271204861Sdes ls [-1afhlnrSt] [path] 272180740Sdes Display a remote directory listing of either path or the current 273180740Sdes directory if path is not specified. path may contain glob(3) 274180740Sdes characters and may match multiple files. 275180740Sdes 276180740Sdes The following flags are recognized and alter the behaviour of ls 277180740Sdes accordingly: 278180740Sdes 279180740Sdes -1 Produce single columnar output. 280180740Sdes 281180740Sdes -a List files beginning with a dot (`.'). 282180740Sdes 283214979Sdes -f Do not sort the listing. The default sort order is 284214979Sdes lexicographical. 285180740Sdes 286204861Sdes -h When used with a long format option, use unit suffixes: 287204861Sdes Byte, Kilobyte, Megabyte, Gigabyte, Terabyte, Petabyte, 288204861Sdes and Exabyte in order to reduce the number of digits to 289204861Sdes four or fewer using powers of 2 for sizes (K=1024, 290204861Sdes M=1048576, etc.). 291204861Sdes 292214979Sdes -l Display additional details including permissions and 293214979Sdes ownership information. 294180740Sdes 295180740Sdes -n Produce a long listing with user and group information 296180740Sdes presented numerically. 297180740Sdes 298180740Sdes -r Reverse the sort order of the listing. 299180740Sdes 300180740Sdes -S Sort the listing by file size. 301180740Sdes 302180740Sdes -t Sort the listing by last modification time. 303180740Sdes 304180740Sdes lumask umask 305180740Sdes Set local umask to umask. 306180740Sdes 307180740Sdes mkdir path 308180740Sdes Create remote directory specified by path. 309180740Sdes 310180740Sdes progress 311180740Sdes Toggle display of progress meter. 312180740Sdes 313262566Sdes put [-fPpr] local-path [remote-path] 314214979Sdes Upload local-path and store it on the remote machine. If the 315214979Sdes remote path name is not specified, it is given the same name it 316214979Sdes has on the local machine. local-path may contain glob(3) 317214979Sdes characters and may match multiple files. If it does and 318214979Sdes remote-path is specified, then remote-path must specify a 319214979Sdes directory. 320180740Sdes 321262566Sdes If the -f flag is specified, then a request will be sent to the 322262566Sdes server to call fsync(2) after the file has been transferred. 323262566Sdes Note that this is only supported by servers that implement the 324262566Sdes "fsync@openssh.com" extension. 325262566Sdes 326225825Sdes If either the -P or -p flag is specified, then full file 327214979Sdes permissions and access times are copied too. 328204861Sdes 329214979Sdes If the -r flag is specified then directories will be copied 330214979Sdes recursively. Note that sftp does not follow symbolic links when 331204861Sdes performing recursive transfers. 332204861Sdes 333180740Sdes pwd Display remote working directory. 334180740Sdes 335180740Sdes quit Quit sftp. 336180740Sdes 337255670Sdes reget [-Ppr] remote-path [local-path] 338255670Sdes Resume download of remote-path. Equivalent to get with the -a 339255670Sdes flag set. 340255670Sdes 341180740Sdes rename oldpath newpath 342180740Sdes Rename remote file from oldpath to newpath. 343180740Sdes 344180740Sdes rm path 345180740Sdes Delete remote file specified by path. 346180740Sdes 347180740Sdes rmdir path 348180740Sdes Remove remote directory specified by path. 349180740Sdes 350180740Sdes symlink oldpath newpath 351180740Sdes Create a symbolic link from oldpath to newpath. 352180740Sdes 353180740Sdes version 354180740Sdes Display the sftp protocol version. 355180740Sdes 356189006Sdes !command 357180740Sdes Execute command in local shell. 358180740Sdes 359180740Sdes ! Escape to local shell. 360180740Sdes 361180740Sdes ? Synonym for help. 362180740Sdes 363180740SdesSEE ALSO 364180740Sdes ftp(1), ls(1), scp(1), ssh(1), ssh-add(1), ssh-keygen(1), glob(3), 365180740Sdes ssh_config(5), sftp-server(8), sshd(8) 366180740Sdes 367258343Sdes T. Ylonen and S. Lehtinen, SSH File Transfer Protocol, draft-ietf-secsh- 368258343Sdes filexfer-00.txt, January 2001, work in progress material. 369180740Sdes 370264377SdesOpenBSD 5.5 October 20, 2013 OpenBSD 5.5 371