Annotation of src/usr.bin/ssh/sftp.1, Revision 1.83
1.83 ! markus 1: .\" $OpenBSD: sftp.1,v 1.82 2010/01/13 12:48:34 jmc Exp $
1.1 djm 2: .\"
1.9 deraadt 3: .\" Copyright (c) 2001 Damien Miller. All rights reserved.
1.1 djm 4: .\"
5: .\" Redistribution and use in source and binary forms, with or without
6: .\" modification, are permitted provided that the following conditions
7: .\" are met:
8: .\" 1. Redistributions of source code must retain the above copyright
9: .\" notice, this list of conditions and the following disclaimer.
10: .\" 2. Redistributions in binary form must reproduce the above copyright
11: .\" notice, this list of conditions and the following disclaimer in the
12: .\" documentation and/or other materials provided with the distribution.
13: .\"
14: .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15: .\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16: .\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17: .\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
18: .\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19: .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20: .\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21: .\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22: .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23: .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24: .\"
1.82 jmc 25: .Dd $Mdocdate: January 13 2010 $
1.1 djm 26: .Dt SFTP 1
27: .Os
28: .Sh NAME
29: .Nm sftp
1.44 jmc 30: .Nd secure file transfer program
1.1 djm 31: .Sh SYNOPSIS
1.43 jmc 32: .Nm sftp
1.41 jmc 33: .Bk -words
1.74 djm 34: .Op Fl 1246Cpqrv
1.46 jmc 35: .Op Fl B Ar buffer_size
1.29 markus 36: .Op Fl b Ar batchfile
1.70 djm 37: .Op Fl c Ar cipher
1.72 djm 38: .Op Fl D Ar sftp_server_path
1.46 jmc 39: .Op Fl F Ar ssh_config
1.73 jmc 40: .Op Fl i Ar identity_file
1.29 markus 41: .Op Fl o Ar ssh_option
1.72 djm 42: .Op Fl P Ar port
1.30 djm 43: .Op Fl R Ar num_requests
1.26 stevesk 44: .Op Fl S Ar program
1.46 jmc 45: .Op Fl s Ar subsystem | sftp_server
1.26 stevesk 46: .Ar host
1.41 jmc 47: .Ek
1.43 jmc 48: .Nm sftp
1.68 djm 49: .Oo Ar user Ns @ Oc Ns
50: .Ar host Ns Op : Ns Ar
1.43 jmc 51: .Nm sftp
1.68 djm 52: .Oo Ar user Ns @ Oc Ns
1.41 jmc 53: .Ar host Ns Oo : Ns Ar dir Ns
1.69 sobrado 54: .Op Ar / Oc
1.43 jmc 55: .Nm sftp
1.42 djm 56: .Fl b Ar batchfile
1.45 jmc 57: .Oo Ar user Ns @ Oc Ns Ar host
1.1 djm 58: .Sh DESCRIPTION
59: .Nm
60: is an interactive file transfer program, similar to
61: .Xr ftp 1 ,
62: which performs all operations over an encrypted
63: .Xr ssh 1
64: transport.
65: It may also use many features of ssh, such as public key authentication and
66: compression.
67: .Nm
68: connects and logs into the specified
1.18 stevesk 69: .Ar host ,
1.1 djm 70: then enters an interactive command mode.
1.15 mouring 71: .Pp
1.21 itojun 72: The second usage format will retrieve files automatically if a non-interactive
1.18 stevesk 73: authentication method is used; otherwise it will do so after
74: successful interactive authentication.
1.15 mouring 75: .Pp
1.60 jaredy 76: The third usage format allows
77: .Nm
78: to start in a remote directory.
1.1 djm 79: .Pp
1.44 jmc 80: The final usage format allows for automated sessions using the
1.42 djm 81: .Fl b
1.44 jmc 82: option.
1.62 jmc 83: In such cases, it is necessary to configure non-interactive authentication
1.44 jmc 84: to obviate the need to enter a password at connection time (see
1.42 djm 85: .Xr sshd 8
1.43 jmc 86: and
1.42 djm 87: .Xr ssh-keygen 1
1.44 jmc 88: for details).
1.1 djm 89: The options are as follows:
90: .Bl -tag -width Ds
1.46 jmc 91: .It Fl 1
92: Specify the use of protocol version 1.
1.70 djm 93: .It Fl 2
94: Specify the use of protocol version 2.
95: .It Fl 4
96: Forces
97: .Nm
98: to use IPv4 addresses only.
99: .It Fl 6
100: Forces
101: .Nm
102: to use IPv6 addresses only.
1.46 jmc 103: .It Fl B Ar buffer_size
104: Specify the size of the buffer that
105: .Nm
106: uses when transferring files.
107: Larger buffers require fewer round trips at the cost of higher
108: memory consumption.
109: The default is 32768 bytes.
1.10 deraadt 110: .It Fl b Ar batchfile
111: Batch mode reads a series of commands from an input
1.13 stevesk 112: .Ar batchfile
1.10 deraadt 113: instead of
1.13 stevesk 114: .Em stdin .
115: Since it lacks user interaction it should be used in conjunction with
1.51 jmc 116: non-interactive authentication.
1.50 djm 117: A
1.51 jmc 118: .Ar batchfile
119: of
120: .Sq \-
1.50 djm 121: may be used to indicate standard input.
1.13 stevesk 122: .Nm
1.21 itojun 123: will abort if any of the following
124: commands fail:
1.33 deraadt 125: .Ic get , put , rename , ln ,
1.41 jmc 126: .Ic rm , mkdir , chdir , ls ,
1.66 jmc 127: .Ic lchdir , chmod , chown ,
128: .Ic chgrp , lpwd , df ,
1.10 deraadt 129: and
1.13 stevesk 130: .Ic lmkdir .
1.41 jmc 131: Termination on error can be suppressed on a command by command basis by
132: prefixing the command with a
1.51 jmc 133: .Sq \-
1.44 jmc 134: character (for example,
135: .Ic -rm /tmp/blah* ) .
1.71 jmc 136: .It Fl C
137: Enables compression (via ssh's
138: .Fl C
139: flag).
1.70 djm 140: .It Fl c Ar cipher
141: Selects the cipher to use for encrypting the data transfers.
142: This option is directly passed to
143: .Xr ssh 1 .
1.72 djm 144: .It Fl D Ar sftp_server_path
145: Connect directly to a local sftp server
146: (rather than via
147: .Xr ssh 1 ) .
148: This option may be useful in debugging the client and server.
1.46 jmc 149: .It Fl F Ar ssh_config
150: Specifies an alternative
151: per-user configuration file for
152: .Xr ssh 1 .
153: This option is directly passed to
154: .Xr ssh 1 .
1.70 djm 155: .It Fl i Ar identity_file
156: Selects the file from which the identity (private key) for public key
157: authentication is read.
158: This option is directly passed to
159: .Xr ssh 1 .
1.1 djm 160: .It Fl o Ar ssh_option
1.23 stevesk 161: Can be used to pass options to
162: .Nm ssh
1.35 stevesk 163: in the format used in
164: .Xr ssh_config 5 .
165: This is useful for specifying options
1.23 stevesk 166: for which there is no separate
167: .Nm sftp
1.44 jmc 168: command-line flag.
169: For example, to specify an alternate port use:
1.26 stevesk 170: .Ic sftp -oPort=24 .
1.46 jmc 171: For full details of the options listed below, and their possible values, see
172: .Xr ssh_config 5 .
173: .Pp
174: .Bl -tag -width Ds -offset indent -compact
175: .It AddressFamily
176: .It BatchMode
177: .It BindAddress
178: .It ChallengeResponseAuthentication
179: .It CheckHostIP
180: .It Cipher
181: .It Ciphers
182: .It Compression
183: .It CompressionLevel
184: .It ConnectionAttempts
1.54 dtucker 185: .It ConnectTimeout
1.55 djm 186: .It ControlMaster
187: .It ControlPath
1.46 jmc 188: .It GlobalKnownHostsFile
189: .It GSSAPIAuthentication
190: .It GSSAPIDelegateCredentials
1.61 jmc 191: .It HashKnownHosts
1.46 jmc 192: .It Host
193: .It HostbasedAuthentication
194: .It HostKeyAlgorithms
195: .It HostKeyAlias
196: .It HostName
197: .It IdentityFile
1.52 markus 198: .It IdentitiesOnly
1.58 djm 199: .It KbdInteractiveDevices
1.46 jmc 200: .It LogLevel
201: .It MACs
202: .It NoHostAuthenticationForLocalhost
203: .It NumberOfPasswordPrompts
204: .It PasswordAuthentication
1.83 ! markus 205: .It PKCS11Provider
1.46 jmc 206: .It Port
207: .It PreferredAuthentications
208: .It Protocol
209: .It ProxyCommand
210: .It PubkeyAuthentication
1.63 dtucker 211: .It RekeyLimit
1.46 jmc 212: .It RhostsRSAAuthentication
213: .It RSAAuthentication
1.53 jmc 214: .It SendEnv
1.49 markus 215: .It ServerAliveInterval
216: .It ServerAliveCountMax
1.46 jmc 217: .It StrictHostKeyChecking
1.48 markus 218: .It TCPKeepAlive
1.46 jmc 219: .It UsePrivilegedPort
220: .It User
221: .It UserKnownHostsFile
222: .It VerifyHostKeyDNS
223: .El
1.72 djm 224: .It Fl P Ar port
225: Specifies the port to connect to on the remote host.
1.74 djm 226: .It Fl p
227: Preserves modification times, access times, and modes from the
228: original files transferred.
1.70 djm 229: .It Fl q
230: Quiet mode: disables the progress meter as well as warning and
231: diagnostic messages from
232: .Xr ssh 1 .
1.30 djm 233: .It Fl R Ar num_requests
1.44 jmc 234: Specify how many requests may be outstanding at any one time.
235: Increasing this may slightly improve file transfer speed
236: but will increase memory usage.
1.67 djm 237: The default is 64 outstanding requests.
1.74 djm 238: .It Fl r
239: Recursively copy entire directories when uploading and downloading.
240: Note that
241: .Nm
242: does not follow symbolic links encountered in the tree traversal.
1.26 stevesk 243: .It Fl S Ar program
244: Name of the
245: .Ar program
246: to use for the encrypted connection.
247: The program must understand
248: .Xr ssh 1
249: options.
1.46 jmc 250: .It Fl s Ar subsystem | sftp_server
251: Specifies the SSH2 subsystem or the path for an sftp server
252: on the remote host.
253: A path is useful for using
254: .Nm
255: over protocol version 1, or when the remote
256: .Xr sshd 8
257: does not have an sftp subsystem configured.
258: .It Fl v
259: Raise logging level.
260: This option is also passed to ssh.
1.1 djm 261: .El
262: .Sh INTERACTIVE COMMANDS
1.2 djm 263: Once in interactive mode,
264: .Nm
1.21 itojun 265: understands a set of commands similar to those of
1.1 djm 266: .Xr ftp 1 .
1.60 jaredy 267: Commands are case insensitive.
268: Pathnames that contain spaces must be enclosed in quotes.
269: Any special characters contained within pathnames that are recognized by
270: .Xr glob 3
271: must be escaped with backslashes
272: .Pq Sq \e .
273: .Bl -tag -width Ds
1.22 markus 274: .It Ic bye
1.44 jmc 275: Quit
276: .Nm sftp .
1.3 deraadt 277: .It Ic cd Ar path
1.21 itojun 278: Change remote directory to
1.3 deraadt 279: .Ar path .
280: .It Ic chgrp Ar grp Ar path
1.21 itojun 281: Change group of file
1.5 stevesk 282: .Ar path
283: to
1.1 djm 284: .Ar grp .
1.60 jaredy 285: .Ar path
286: may contain
287: .Xr glob 3
288: characters and may match multiple files.
1.1 djm 289: .Ar grp
1.5 stevesk 290: must be a numeric GID.
1.3 deraadt 291: .It Ic chmod Ar mode Ar path
1.21 itojun 292: Change permissions of file
1.5 stevesk 293: .Ar path
294: to
1.3 deraadt 295: .Ar mode .
1.60 jaredy 296: .Ar path
297: may contain
298: .Xr glob 3
299: characters and may match multiple files.
1.3 deraadt 300: .It Ic chown Ar own Ar path
1.21 itojun 301: Change owner of file
1.5 stevesk 302: .Ar path
303: to
1.1 djm 304: .Ar own .
1.60 jaredy 305: .Ar path
306: may contain
307: .Xr glob 3
308: characters and may match multiple files.
1.1 djm 309: .Ar own
310: must be a numeric UID.
1.65 djm 311: .It Xo Ic df
312: .Op Fl hi
313: .Op Ar path
314: .Xc
315: Display usage information for the filesystem holding the current directory
316: (or
317: .Ar path
318: if specified).
319: If the
320: .Fl h
321: flag is specified, the capacity information will be displayed using
322: "human-readable" suffixes.
323: The
324: .Fl i
325: flag requests display of inode information in addition to capacity information.
326: This command is only supported on servers that implement the
327: .Dq statvfs@openssh.com
328: extension.
1.11 deraadt 329: .It Ic exit
1.44 jmc 330: Quit
331: .Nm sftp .
1.7 djm 332: .It Xo Ic get
1.74 djm 333: .Op Fl Ppr
1.7 djm 334: .Ar remote-path
335: .Op Ar local-path
336: .Xc
1.1 djm 337: Retrieve the
1.5 stevesk 338: .Ar remote-path
1.1 djm 339: and store it on the local machine.
340: If the local
1.21 itojun 341: path name is not specified, it is given the same name it has on the
1.44 jmc 342: remote machine.
1.60 jaredy 343: .Ar remote-path
344: may contain
345: .Xr glob 3
346: characters and may match multiple files.
347: If it does and
348: .Ar local-path
349: is specified, then
350: .Ar local-path
351: must specify a directory.
1.74 djm 352: .Pp
1.76 jmc 353: If either the
1.75 djm 354: .Fl P
1.74 djm 355: or
356: .Fl p
1.60 jaredy 357: flag is specified, then full file permissions and access times are
1.7 djm 358: copied too.
1.74 djm 359: .Pp
360: If the
361: .Fl r
362: flag is specified then directories will be copied recursively.
363: Note that
364: .Nm
365: does not follow symbolic links when performing recursive transfers.
1.11 deraadt 366: .It Ic help
367: Display help text.
1.46 jmc 368: .It Ic lcd Ar path
369: Change local directory to
370: .Ar path .
1.3 deraadt 371: .It Ic lls Op Ar ls-options Op Ar path
1.21 itojun 372: Display local directory listing of either
1.1 djm 373: .Ar path
374: or current directory if
375: .Ar path
1.5 stevesk 376: is not specified.
1.60 jaredy 377: .Ar ls-options
378: may contain any flags supported by the local system's
379: .Xr ls 1
380: command.
381: .Ar path
382: may contain
383: .Xr glob 3
384: characters and may match multiple files.
1.3 deraadt 385: .It Ic lmkdir Ar path
1.1 djm 386: Create local directory specified by
1.3 deraadt 387: .Ar path .
1.12 djm 388: .It Ic ln Ar oldpath Ar newpath
1.21 itojun 389: Create a symbolic link from
1.12 djm 390: .Ar oldpath
391: to
392: .Ar newpath .
1.3 deraadt 393: .It Ic lpwd
394: Print local working directory.
1.36 djm 395: .It Xo Ic ls
1.82 jmc 396: .Op Fl 1afhlnrSt
1.36 djm 397: .Op Ar path
398: .Xc
1.60 jaredy 399: Display a remote directory listing of either
1.1 djm 400: .Ar path
1.60 jaredy 401: or the current directory if
1.5 stevesk 402: .Ar path
1.44 jmc 403: is not specified.
1.60 jaredy 404: .Ar path
405: may contain
406: .Xr glob 3
407: characters and may match multiple files.
408: .Pp
409: The following flags are recognized and alter the behaviour of
410: .Ic ls
411: accordingly:
412: .Bl -tag -width Ds
413: .It Fl 1
414: Produce single columnar output.
415: .It Fl a
416: List files beginning with a dot
417: .Pq Sq \&. .
418: .It Fl f
419: Do not sort the listing.
420: The default sort order is lexicographical.
1.81 djm 421: .It Fl h
422: When used with a long format option, use unit suffixes: Byte, Kilobyte,
423: Megabyte, Gigabyte, Terabyte, Petabyte, and Exabyte in order to reduce
424: the number of digits to four or fewer using powers of 2 for sizes (K=1024,
425: M=1048576, etc.).
1.82 jmc 426: .It Fl l
427: Display additional details including permissions
428: and ownership information.
1.60 jaredy 429: .It Fl n
430: Produce a long listing with user and group information presented
1.56 djm 431: numerically.
1.60 jaredy 432: .It Fl r
433: Reverse the sort order of the listing.
434: .It Fl S
435: Sort the listing by file size.
436: .It Fl t
437: Sort the listing by last modification time.
438: .El
1.3 deraadt 439: .It Ic lumask Ar umask
1.21 itojun 440: Set local umask to
1.3 deraadt 441: .Ar umask .
442: .It Ic mkdir Ar path
1.1 djm 443: Create remote directory specified by
1.3 deraadt 444: .Ar path .
1.40 fgsch 445: .It Ic progress
446: Toggle display of progress meter.
1.7 djm 447: .It Xo Ic put
1.75 djm 448: .Op Fl Ppr
1.7 djm 449: .Ar local-path
1.37 djm 450: .Op Ar remote-path
1.7 djm 451: .Xc
1.1 djm 452: Upload
1.5 stevesk 453: .Ar local-path
1.44 jmc 454: and store it on the remote machine.
455: If the remote path name is not specified, it is given the same name it has
456: on the local machine.
1.60 jaredy 457: .Ar local-path
458: may contain
459: .Xr glob 3
460: characters and may match multiple files.
461: If it does and
462: .Ar remote-path
463: is specified, then
464: .Ar remote-path
465: must specify a directory.
1.74 djm 466: .Pp
467: If ether the
1.7 djm 468: .Fl P
1.74 djm 469: or
470: .Fl p
471: flag is specified, then full file permissions and access times are
1.7 djm 472: copied too.
1.74 djm 473: .Pp
474: If the
475: .Fl r
476: flag is specified then directories will be copied recursively.
477: Note that
478: .Nm
479: does not follow symbolic links when performing recursive transfers.
1.3 deraadt 480: .It Ic pwd
481: Display remote working directory.
482: .It Ic quit
1.44 jmc 483: Quit
484: .Nm sftp .
1.3 deraadt 485: .It Ic rename Ar oldpath Ar newpath
1.1 djm 486: Rename remote file from
487: .Ar oldpath
488: to
1.3 deraadt 489: .Ar newpath .
1.46 jmc 490: .It Ic rm Ar path
491: Delete remote file specified by
492: .Ar path .
1.3 deraadt 493: .It Ic rmdir Ar path
1.1 djm 494: Remove remote directory specified by
1.3 deraadt 495: .Ar path .
1.12 djm 496: .It Ic symlink Ar oldpath Ar newpath
1.21 itojun 497: Create a symbolic link from
1.12 djm 498: .Ar oldpath
499: to
500: .Ar newpath .
1.38 fgsch 501: .It Ic version
502: Display the
503: .Nm
504: protocol version.
1.69 sobrado 505: .It Ic \&! Ns Ar command
1.21 itojun 506: Execute
1.1 djm 507: .Ar command
1.3 deraadt 508: in local shell.
1.45 jmc 509: .It Ic \&!
1.3 deraadt 510: Escape to local shell.
1.45 jmc 511: .It Ic \&?
1.5 stevesk 512: Synonym for help.
1.4 itojun 513: .El
1.1 djm 514: .Sh SEE ALSO
1.46 jmc 515: .Xr ftp 1 ,
1.60 jaredy 516: .Xr ls 1 ,
1.17 markus 517: .Xr scp 1 ,
1.1 djm 518: .Xr ssh 1 ,
519: .Xr ssh-add 1 ,
520: .Xr ssh-keygen 1 ,
1.60 jaredy 521: .Xr glob 3 ,
1.35 stevesk 522: .Xr ssh_config 5 ,
1.17 markus 523: .Xr sftp-server 8 ,
524: .Xr sshd 8
525: .Rs
1.20 deraadt 526: .%A T. Ylonen
527: .%A S. Lehtinen
1.17 markus 528: .%T "SSH File Transfer Protocol"
529: .%N draft-ietf-secsh-filexfer-00.txt
530: .%D January 2001
531: .%O work in progress material
532: .Re