379 lines
15 KiB
Plaintext
379 lines
15 KiB
Plaintext
SFTP(1) General Commands Manual SFTP(1)
|
|
|
|
NAME
|
|
sftp M-bM-^@M-^S secure file transfer program
|
|
|
|
SYNOPSIS
|
|
sftp [-46aCfpqrv] [-B buffer_size] [-b batchfile] [-c cipher]
|
|
[-D sftp_server_path] [-F ssh_config] [-i identity_file] [-l limit]
|
|
[-o ssh_option] [-P port] [-R num_requests] [-S program]
|
|
[-s subsystem | sftp_server] destination
|
|
|
|
DESCRIPTION
|
|
sftp is a file transfer program, similar to ftp(1), which performs all
|
|
operations over an encrypted ssh(1) transport. It may also use many
|
|
features of ssh, such as public key authentication and compression.
|
|
|
|
The destination may be specified either as [user@]host[:path] or as a URI
|
|
in the form sftp://[user@]host[:port][/path].
|
|
|
|
If the destination includes a path and it is not a directory, sftp will
|
|
retrieve files automatically if a non-interactive authentication method
|
|
is used; otherwise it will do so after successful interactive
|
|
authentication.
|
|
|
|
If no path is specified, or if the path is a directory, sftp will log in
|
|
to the specified host and enter interactive command mode, changing to the
|
|
remote directory if one was specified. An optional trailing slash can be
|
|
used to force the path to be interpreted as a directory.
|
|
|
|
Since the destination formats use colon characters to delimit host names
|
|
from path names or port numbers, IPv6 addresses must be enclosed in
|
|
square brackets to avoid ambiguity.
|
|
|
|
The options are as follows:
|
|
|
|
-4 Forces sftp to use IPv4 addresses only.
|
|
|
|
-6 Forces sftp to use IPv6 addresses only.
|
|
|
|
-a Attempt to continue interrupted transfers rather than overwriting
|
|
existing partial or complete copies of files. If the partial
|
|
contents differ from those being transferred, then the resultant
|
|
file is likely to be corrupt.
|
|
|
|
-B buffer_size
|
|
Specify the size of the buffer that sftp uses when transferring
|
|
files. Larger buffers require fewer round trips at the cost of
|
|
higher memory consumption. The default is 32768 bytes.
|
|
|
|
-b batchfile
|
|
Batch mode reads a series of commands from an input batchfile
|
|
instead of stdin. Since it lacks user interaction it should be
|
|
used in conjunction with non-interactive authentication to
|
|
obviate the need to enter a password at connection time (see
|
|
sshd(8) and ssh-keygen(1) for details). A batchfile of M-bM-^@M-^X-M-bM-^@M-^Y may
|
|
be used to indicate standard input. sftp will abort if any of
|
|
the following commands fail: get, put, reget, reput, rename, ln,
|
|
rm, mkdir, chdir, ls, lchdir, chmod, chown, chgrp, lpwd, df,
|
|
symlink, and lmkdir. Termination on error can be suppressed on a
|
|
command by command basis by prefixing the command with a M-bM-^@M-^X-M-bM-^@M-^Y
|
|
character (for example, -rm /tmp/blah*).
|
|
|
|
-C Enables compression (via ssh's -C flag).
|
|
|
|
-c cipher
|
|
Selects the cipher to use for encrypting the data transfers.
|
|
This option is directly passed to ssh(1).
|
|
|
|
-D sftp_server_path
|
|
Connect directly to a local sftp server (rather than via ssh(1)).
|
|
This option may be useful in debugging the client and server.
|
|
|
|
-F ssh_config
|
|
Specifies an alternative per-user configuration file for ssh(1).
|
|
This option is directly passed to ssh(1).
|
|
|
|
-f Requests that files be flushed to disk immediately after
|
|
transfer. When uploading files, this feature is only enabled if
|
|
the server implements the "fsync@openssh.com" extension.
|
|
|
|
-i identity_file
|
|
Selects the file from which the identity (private key) for public
|
|
key authentication is read. This option is directly passed to
|
|
ssh(1).
|
|
|
|
-l limit
|
|
Limits the used bandwidth, specified in Kbit/s.
|
|
|
|
-o ssh_option
|
|
Can be used to pass options to ssh in the format used in
|
|
ssh_config(5). This is useful for specifying options for which
|
|
there is no separate sftp command-line flag. For example, to
|
|
specify an alternate port use: sftp -oPort=24. For full details
|
|
of the options listed below, and their possible values, see
|
|
ssh_config(5).
|
|
|
|
AddressFamily
|
|
BatchMode
|
|
BindAddress
|
|
BindInterface
|
|
CanonicalDomains
|
|
CanonicalizeFallbackLocal
|
|
CanonicalizeHostname
|
|
CanonicalizeMaxDots
|
|
CanonicalizePermittedCNAMEs
|
|
CertificateFile
|
|
ChallengeResponseAuthentication
|
|
CheckHostIP
|
|
Ciphers
|
|
Compression
|
|
ConnectionAttempts
|
|
ConnectTimeout
|
|
ControlMaster
|
|
ControlPath
|
|
ControlPersist
|
|
GlobalKnownHostsFile
|
|
GSSAPIAuthentication
|
|
GSSAPIDelegateCredentials
|
|
HashKnownHosts
|
|
Host
|
|
HostbasedAuthentication
|
|
HostbasedKeyTypes
|
|
HostKeyAlgorithms
|
|
HostKeyAlias
|
|
HostName
|
|
IdentitiesOnly
|
|
IdentityAgent
|
|
IdentityFile
|
|
IPQoS
|
|
KbdInteractiveAuthentication
|
|
KbdInteractiveDevices
|
|
KexAlgorithms
|
|
LogLevel
|
|
MACs
|
|
NoHostAuthenticationForLocalhost
|
|
NumberOfPasswordPrompts
|
|
PasswordAuthentication
|
|
PKCS11Provider
|
|
Port
|
|
PreferredAuthentications
|
|
ProxyCommand
|
|
ProxyJump
|
|
PubkeyAcceptedKeyTypes
|
|
PubkeyAuthentication
|
|
RekeyLimit
|
|
SendEnv
|
|
ServerAliveInterval
|
|
ServerAliveCountMax
|
|
SetEnv
|
|
StrictHostKeyChecking
|
|
TCPKeepAlive
|
|
UpdateHostKeys
|
|
User
|
|
UserKnownHostsFile
|
|
VerifyHostKeyDNS
|
|
|
|
-P port
|
|
Specifies the port to connect to on the remote host.
|
|
|
|
-p Preserves modification times, access times, and modes from the
|
|
original files transferred.
|
|
|
|
-q Quiet mode: disables the progress meter as well as warning and
|
|
diagnostic messages from ssh(1).
|
|
|
|
-R num_requests
|
|
Specify how many requests may be outstanding at any one time.
|
|
Increasing this may slightly improve file transfer speed but will
|
|
increase memory usage. The default is 64 outstanding requests.
|
|
|
|
-r Recursively copy entire directories when uploading and
|
|
downloading. Note that sftp does not follow symbolic links
|
|
encountered in the tree traversal.
|
|
|
|
-S program
|
|
Name of the program to use for the encrypted connection. The
|
|
program must understand ssh(1) options.
|
|
|
|
-s subsystem | sftp_server
|
|
Specifies the SSH2 subsystem or the path for an sftp server on
|
|
the remote host. A path is useful when the remote sshd(8) does
|
|
not have an sftp subsystem configured.
|
|
|
|
-v Raise logging level. This option is also passed to ssh.
|
|
|
|
INTERACTIVE COMMANDS
|
|
Once in interactive mode, sftp understands a set of commands similar to
|
|
those of ftp(1). Commands are case insensitive. Pathnames that contain
|
|
spaces must be enclosed in quotes. Any special characters contained
|
|
within pathnames that are recognized by glob(3) must be escaped with
|
|
backslashes (M-bM-^@M-^X\M-bM-^@M-^Y).
|
|
|
|
bye Quit sftp.
|
|
|
|
cd [path]
|
|
Change remote directory to path. If path is not specified, then
|
|
change directory to the one the session started in.
|
|
|
|
chgrp grp path
|
|
Change group of file path to grp. path may contain glob(7)
|
|
characters and may match multiple files. grp must be a numeric
|
|
GID.
|
|
|
|
chmod mode path
|
|
Change permissions of file path to mode. path may contain
|
|
glob(7) characters and may match multiple files.
|
|
|
|
chown own path
|
|
Change owner of file path to own. path may contain glob(7)
|
|
characters and may match multiple files. own must be a numeric
|
|
UID.
|
|
|
|
df [-hi] [path]
|
|
Display usage information for the filesystem holding the current
|
|
directory (or path if specified). If the -h flag is specified,
|
|
the capacity information will be displayed using "human-readable"
|
|
suffixes. The -i flag requests display of inode information in
|
|
addition to capacity information. This command is only supported
|
|
on servers that implement the M-bM-^@M-^\statvfs@openssh.comM-bM-^@M-^] extension.
|
|
|
|
exit Quit sftp.
|
|
|
|
get [-afPpr] remote-path [local-path]
|
|
Retrieve the remote-path and store it on the local machine. If
|
|
the local path name is not specified, it is given the same name
|
|
it has on the remote machine. remote-path may contain glob(7)
|
|
characters and may match multiple files. If it does and
|
|
local-path is specified, then local-path must specify a
|
|
directory.
|
|
|
|
If the -a flag is specified, then attempt to resume partial
|
|
transfers of existing files. Note that resumption assumes that
|
|
any partial copy of the local file matches the remote copy. If
|
|
the remote file contents differ from the partial local copy then
|
|
the resultant file is likely to be corrupt.
|
|
|
|
If the -f flag is specified, then fsync(2) will be called after
|
|
the file transfer has completed to flush the file to disk.
|
|
|
|
If either the -P or -p flag is specified, then full file
|
|
permissions and access times are copied too.
|
|
|
|
If the -r flag is specified then directories will be copied
|
|
recursively. Note that sftp does not follow symbolic links when
|
|
performing recursive transfers.
|
|
|
|
help Display help text.
|
|
|
|
lcd [path]
|
|
Change local directory to path. If path is not specified, then
|
|
change directory to the local user's home directory.
|
|
|
|
lls [ls-options [path]]
|
|
Display local directory listing of either path or current
|
|
directory if path is not specified. ls-options may contain any
|
|
flags supported by the local system's ls(1) command. path may
|
|
contain glob(7) characters and may match multiple files.
|
|
|
|
lmkdir path
|
|
Create local directory specified by path.
|
|
|
|
ln [-s] oldpath newpath
|
|
Create a link from oldpath to newpath. If the -s flag is
|
|
specified the created link is a symbolic link, otherwise it is a
|
|
hard link.
|
|
|
|
lpwd Print local working directory.
|
|
|
|
ls [-1afhlnrSt] [path]
|
|
Display a remote directory listing of either path or the current
|
|
directory if path is not specified. path may contain glob(7)
|
|
characters and may match multiple files.
|
|
|
|
The following flags are recognized and alter the behaviour of ls
|
|
accordingly:
|
|
|
|
-1 Produce single columnar output.
|
|
|
|
-a List files beginning with a dot (M-bM-^@M-^X.M-bM-^@M-^Y).
|
|
|
|
-f Do not sort the listing. The default sort order is
|
|
lexicographical.
|
|
|
|
-h When used with a long format option, use unit suffixes:
|
|
Byte, Kilobyte, Megabyte, Gigabyte, Terabyte, Petabyte,
|
|
and Exabyte in order to reduce the number of digits to
|
|
four or fewer using powers of 2 for sizes (K=1024,
|
|
M=1048576, etc.).
|
|
|
|
-l Display additional details including permissions and
|
|
ownership information.
|
|
|
|
-n Produce a long listing with user and group information
|
|
presented numerically.
|
|
|
|
-r Reverse the sort order of the listing.
|
|
|
|
-S Sort the listing by file size.
|
|
|
|
-t Sort the listing by last modification time.
|
|
|
|
lumask umask
|
|
Set local umask to umask.
|
|
|
|
mkdir path
|
|
Create remote directory specified by path.
|
|
|
|
progress
|
|
Toggle display of progress meter.
|
|
|
|
put [-afPpr] local-path [remote-path]
|
|
Upload local-path and store it on the remote machine. If the
|
|
remote path name is not specified, it is given the same name it
|
|
has on the local machine. local-path may contain glob(7)
|
|
characters and may match multiple files. If it does and
|
|
remote-path is specified, then remote-path must specify a
|
|
directory.
|
|
|
|
If the -a flag is specified, then attempt to resume partial
|
|
transfers of existing files. Note that resumption assumes that
|
|
any partial copy of the remote file matches the local copy. If
|
|
the local file contents differ from the remote local copy then
|
|
the resultant file is likely to be corrupt.
|
|
|
|
If the -f flag is specified, then a request will be sent to the
|
|
server to call fsync(2) after the file has been transferred.
|
|
Note that this is only supported by servers that implement the
|
|
"fsync@openssh.com" extension.
|
|
|
|
If either the -P or -p flag is specified, then full file
|
|
permissions and access times are copied too.
|
|
|
|
If the -r flag is specified then directories will be copied
|
|
recursively. Note that sftp does not follow symbolic links when
|
|
performing recursive transfers.
|
|
|
|
pwd Display remote working directory.
|
|
|
|
quit Quit sftp.
|
|
|
|
reget [-Ppr] remote-path [local-path]
|
|
Resume download of remote-path. Equivalent to get with the -a
|
|
flag set.
|
|
|
|
reput [-Ppr] [local-path] remote-path
|
|
Resume upload of [local-path]. Equivalent to put with the -a
|
|
flag set.
|
|
|
|
rename oldpath newpath
|
|
Rename remote file from oldpath to newpath.
|
|
|
|
rm path
|
|
Delete remote file specified by path.
|
|
|
|
rmdir path
|
|
Remove remote directory specified by path.
|
|
|
|
symlink oldpath newpath
|
|
Create a symbolic link from oldpath to newpath.
|
|
|
|
version
|
|
Display the sftp protocol version.
|
|
|
|
!command
|
|
Execute command in local shell.
|
|
|
|
! Escape to local shell.
|
|
|
|
? Synonym for help.
|
|
|
|
SEE ALSO
|
|
ftp(1), ls(1), scp(1), ssh(1), ssh-add(1), ssh-keygen(1), ssh_config(5),
|
|
glob(7), sftp-server(8), sshd(8)
|
|
|
|
T. Ylonen and S. Lehtinen, SSH File Transfer Protocol, draft-ietf-secsh-
|
|
filexfer-00.txt, January 2001, work in progress material.
|
|
|
|
OpenBSD 6.4 July 23, 2018 OpenBSD 6.4
|