Annotation of src/usr.bin/ssh/sftp.1, Revision 1.84
1.84 ! jmc 1: .\" $OpenBSD: sftp.1,v 1.83 2010/02/08 10:50:20 markus Exp $
1.1 djm 2: .\"
1.9 deraadt 3: .\" Copyright (c) 2001 Damien Miller. All rights reserved.
1.1 djm 4: .\"
5: .\" Redistribution and use in source and binary forms, with or without
6: .\" modification, are permitted provided that the following conditions
7: .\" are met:
8: .\" 1. Redistributions of source code must retain the above copyright
9: .\" notice, this list of conditions and the following disclaimer.
10: .\" 2. Redistributions in binary form must reproduce the above copyright
11: .\" notice, this list of conditions and the following disclaimer in the
12: .\" documentation and/or other materials provided with the distribution.
13: .\"
14: .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15: .\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16: .\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17: .\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
18: .\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19: .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20: .\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21: .\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22: .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23: .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24: .\"
1.84 ! jmc 25: .Dd $Mdocdate: February 8 2010 $
1.1 djm 26: .Dt SFTP 1
27: .Os
28: .Sh NAME
29: .Nm sftp
1.44 jmc 30: .Nd secure file transfer program
1.1 djm 31: .Sh SYNOPSIS
1.43 jmc 32: .Nm sftp
1.41 jmc 33: .Bk -words
1.74 djm 34: .Op Fl 1246Cpqrv
1.46 jmc 35: .Op Fl B Ar buffer_size
1.29 markus 36: .Op Fl b Ar batchfile
1.70 djm 37: .Op Fl c Ar cipher
1.72 djm 38: .Op Fl D Ar sftp_server_path
1.46 jmc 39: .Op Fl F Ar ssh_config
1.73 jmc 40: .Op Fl i Ar identity_file
1.29 markus 41: .Op Fl o Ar ssh_option
1.72 djm 42: .Op Fl P Ar port
1.30 djm 43: .Op Fl R Ar num_requests
1.26 stevesk 44: .Op Fl S Ar program
1.46 jmc 45: .Op Fl s Ar subsystem | sftp_server
1.26 stevesk 46: .Ar host
1.41 jmc 47: .Ek
1.43 jmc 48: .Nm sftp
1.68 djm 49: .Oo Ar user Ns @ Oc Ns
50: .Ar host Ns Op : Ns Ar
1.43 jmc 51: .Nm sftp
1.84 ! jmc 52: .Oo
! 53: .Ar user Ns @ Oc Ns
1.41 jmc 54: .Ar host Ns Oo : Ns Ar dir Ns
1.84 ! jmc 55: .Op Ar /
! 56: .Oc
1.43 jmc 57: .Nm sftp
1.42 djm 58: .Fl b Ar batchfile
1.45 jmc 59: .Oo Ar user Ns @ Oc Ns Ar host
1.1 djm 60: .Sh DESCRIPTION
61: .Nm
62: is an interactive file transfer program, similar to
63: .Xr ftp 1 ,
64: which performs all operations over an encrypted
65: .Xr ssh 1
66: transport.
67: It may also use many features of ssh, such as public key authentication and
68: compression.
69: .Nm
70: connects and logs into the specified
1.18 stevesk 71: .Ar host ,
1.1 djm 72: then enters an interactive command mode.
1.15 mouring 73: .Pp
1.21 itojun 74: The second usage format will retrieve files automatically if a non-interactive
1.18 stevesk 75: authentication method is used; otherwise it will do so after
76: successful interactive authentication.
1.15 mouring 77: .Pp
1.60 jaredy 78: The third usage format allows
79: .Nm
80: to start in a remote directory.
1.1 djm 81: .Pp
1.44 jmc 82: The final usage format allows for automated sessions using the
1.42 djm 83: .Fl b
1.44 jmc 84: option.
1.62 jmc 85: In such cases, it is necessary to configure non-interactive authentication
1.44 jmc 86: to obviate the need to enter a password at connection time (see
1.42 djm 87: .Xr sshd 8
1.43 jmc 88: and
1.42 djm 89: .Xr ssh-keygen 1
1.44 jmc 90: for details).
1.1 djm 91: The options are as follows:
92: .Bl -tag -width Ds
1.46 jmc 93: .It Fl 1
94: Specify the use of protocol version 1.
1.70 djm 95: .It Fl 2
96: Specify the use of protocol version 2.
97: .It Fl 4
98: Forces
99: .Nm
100: to use IPv4 addresses only.
101: .It Fl 6
102: Forces
103: .Nm
104: to use IPv6 addresses only.
1.46 jmc 105: .It Fl B Ar buffer_size
106: Specify the size of the buffer that
107: .Nm
108: uses when transferring files.
109: Larger buffers require fewer round trips at the cost of higher
110: memory consumption.
111: The default is 32768 bytes.
1.10 deraadt 112: .It Fl b Ar batchfile
113: Batch mode reads a series of commands from an input
1.13 stevesk 114: .Ar batchfile
1.10 deraadt 115: instead of
1.13 stevesk 116: .Em stdin .
117: Since it lacks user interaction it should be used in conjunction with
1.51 jmc 118: non-interactive authentication.
1.50 djm 119: A
1.51 jmc 120: .Ar batchfile
121: of
122: .Sq \-
1.50 djm 123: may be used to indicate standard input.
1.13 stevesk 124: .Nm
1.21 itojun 125: will abort if any of the following
126: commands fail:
1.33 deraadt 127: .Ic get , put , rename , ln ,
1.41 jmc 128: .Ic rm , mkdir , chdir , ls ,
1.66 jmc 129: .Ic lchdir , chmod , chown ,
130: .Ic chgrp , lpwd , df ,
1.10 deraadt 131: and
1.13 stevesk 132: .Ic lmkdir .
1.41 jmc 133: Termination on error can be suppressed on a command by command basis by
134: prefixing the command with a
1.51 jmc 135: .Sq \-
1.44 jmc 136: character (for example,
137: .Ic -rm /tmp/blah* ) .
1.71 jmc 138: .It Fl C
139: Enables compression (via ssh's
140: .Fl C
141: flag).
1.70 djm 142: .It Fl c Ar cipher
143: Selects the cipher to use for encrypting the data transfers.
144: This option is directly passed to
145: .Xr ssh 1 .
1.72 djm 146: .It Fl D Ar sftp_server_path
147: Connect directly to a local sftp server
148: (rather than via
149: .Xr ssh 1 ) .
150: This option may be useful in debugging the client and server.
1.46 jmc 151: .It Fl F Ar ssh_config
152: Specifies an alternative
153: per-user configuration file for
154: .Xr ssh 1 .
155: This option is directly passed to
156: .Xr ssh 1 .
1.70 djm 157: .It Fl i Ar identity_file
158: Selects the file from which the identity (private key) for public key
159: authentication is read.
160: This option is directly passed to
161: .Xr ssh 1 .
1.1 djm 162: .It Fl o Ar ssh_option
1.23 stevesk 163: Can be used to pass options to
164: .Nm ssh
1.35 stevesk 165: in the format used in
166: .Xr ssh_config 5 .
167: This is useful for specifying options
1.23 stevesk 168: for which there is no separate
169: .Nm sftp
1.44 jmc 170: command-line flag.
171: For example, to specify an alternate port use:
1.26 stevesk 172: .Ic sftp -oPort=24 .
1.46 jmc 173: For full details of the options listed below, and their possible values, see
174: .Xr ssh_config 5 .
175: .Pp
176: .Bl -tag -width Ds -offset indent -compact
177: .It AddressFamily
178: .It BatchMode
179: .It BindAddress
180: .It ChallengeResponseAuthentication
181: .It CheckHostIP
182: .It Cipher
183: .It Ciphers
184: .It Compression
185: .It CompressionLevel
186: .It ConnectionAttempts
1.54 dtucker 187: .It ConnectTimeout
1.55 djm 188: .It ControlMaster
189: .It ControlPath
1.46 jmc 190: .It GlobalKnownHostsFile
191: .It GSSAPIAuthentication
192: .It GSSAPIDelegateCredentials
1.61 jmc 193: .It HashKnownHosts
1.46 jmc 194: .It Host
195: .It HostbasedAuthentication
196: .It HostKeyAlgorithms
197: .It HostKeyAlias
198: .It HostName
199: .It IdentityFile
1.52 markus 200: .It IdentitiesOnly
1.58 djm 201: .It KbdInteractiveDevices
1.46 jmc 202: .It LogLevel
203: .It MACs
204: .It NoHostAuthenticationForLocalhost
205: .It NumberOfPasswordPrompts
206: .It PasswordAuthentication
1.83 markus 207: .It PKCS11Provider
1.46 jmc 208: .It Port
209: .It PreferredAuthentications
210: .It Protocol
211: .It ProxyCommand
212: .It PubkeyAuthentication
1.63 dtucker 213: .It RekeyLimit
1.46 jmc 214: .It RhostsRSAAuthentication
215: .It RSAAuthentication
1.53 jmc 216: .It SendEnv
1.49 markus 217: .It ServerAliveInterval
218: .It ServerAliveCountMax
1.46 jmc 219: .It StrictHostKeyChecking
1.48 markus 220: .It TCPKeepAlive
1.46 jmc 221: .It UsePrivilegedPort
222: .It User
223: .It UserKnownHostsFile
224: .It VerifyHostKeyDNS
225: .El
1.72 djm 226: .It Fl P Ar port
227: Specifies the port to connect to on the remote host.
1.74 djm 228: .It Fl p
229: Preserves modification times, access times, and modes from the
230: original files transferred.
1.70 djm 231: .It Fl q
232: Quiet mode: disables the progress meter as well as warning and
233: diagnostic messages from
234: .Xr ssh 1 .
1.30 djm 235: .It Fl R Ar num_requests
1.44 jmc 236: Specify how many requests may be outstanding at any one time.
237: Increasing this may slightly improve file transfer speed
238: but will increase memory usage.
1.67 djm 239: The default is 64 outstanding requests.
1.74 djm 240: .It Fl r
241: Recursively copy entire directories when uploading and downloading.
242: Note that
243: .Nm
244: does not follow symbolic links encountered in the tree traversal.
1.26 stevesk 245: .It Fl S Ar program
246: Name of the
247: .Ar program
248: to use for the encrypted connection.
249: The program must understand
250: .Xr ssh 1
251: options.
1.46 jmc 252: .It Fl s Ar subsystem | sftp_server
253: Specifies the SSH2 subsystem or the path for an sftp server
254: on the remote host.
255: A path is useful for using
256: .Nm
257: over protocol version 1, or when the remote
258: .Xr sshd 8
259: does not have an sftp subsystem configured.
260: .It Fl v
261: Raise logging level.
262: This option is also passed to ssh.
1.1 djm 263: .El
264: .Sh INTERACTIVE COMMANDS
1.2 djm 265: Once in interactive mode,
266: .Nm
1.21 itojun 267: understands a set of commands similar to those of
1.1 djm 268: .Xr ftp 1 .
1.60 jaredy 269: Commands are case insensitive.
270: Pathnames that contain spaces must be enclosed in quotes.
271: Any special characters contained within pathnames that are recognized by
272: .Xr glob 3
273: must be escaped with backslashes
274: .Pq Sq \e .
275: .Bl -tag -width Ds
1.22 markus 276: .It Ic bye
1.44 jmc 277: Quit
278: .Nm sftp .
1.3 deraadt 279: .It Ic cd Ar path
1.21 itojun 280: Change remote directory to
1.3 deraadt 281: .Ar path .
282: .It Ic chgrp Ar grp Ar path
1.21 itojun 283: Change group of file
1.5 stevesk 284: .Ar path
285: to
1.1 djm 286: .Ar grp .
1.60 jaredy 287: .Ar path
288: may contain
289: .Xr glob 3
290: characters and may match multiple files.
1.1 djm 291: .Ar grp
1.5 stevesk 292: must be a numeric GID.
1.3 deraadt 293: .It Ic chmod Ar mode Ar path
1.21 itojun 294: Change permissions of file
1.5 stevesk 295: .Ar path
296: to
1.3 deraadt 297: .Ar mode .
1.60 jaredy 298: .Ar path
299: may contain
300: .Xr glob 3
301: characters and may match multiple files.
1.3 deraadt 302: .It Ic chown Ar own Ar path
1.21 itojun 303: Change owner of file
1.5 stevesk 304: .Ar path
305: to
1.1 djm 306: .Ar own .
1.60 jaredy 307: .Ar path
308: may contain
309: .Xr glob 3
310: characters and may match multiple files.
1.1 djm 311: .Ar own
312: must be a numeric UID.
1.65 djm 313: .It Xo Ic df
314: .Op Fl hi
315: .Op Ar path
316: .Xc
317: Display usage information for the filesystem holding the current directory
318: (or
319: .Ar path
320: if specified).
321: If the
322: .Fl h
323: flag is specified, the capacity information will be displayed using
324: "human-readable" suffixes.
325: The
326: .Fl i
327: flag requests display of inode information in addition to capacity information.
328: This command is only supported on servers that implement the
329: .Dq statvfs@openssh.com
330: extension.
1.11 deraadt 331: .It Ic exit
1.44 jmc 332: Quit
333: .Nm sftp .
1.7 djm 334: .It Xo Ic get
1.74 djm 335: .Op Fl Ppr
1.7 djm 336: .Ar remote-path
337: .Op Ar local-path
338: .Xc
1.1 djm 339: Retrieve the
1.5 stevesk 340: .Ar remote-path
1.1 djm 341: and store it on the local machine.
342: If the local
1.21 itojun 343: path name is not specified, it is given the same name it has on the
1.44 jmc 344: remote machine.
1.60 jaredy 345: .Ar remote-path
346: may contain
347: .Xr glob 3
348: characters and may match multiple files.
349: If it does and
350: .Ar local-path
351: is specified, then
352: .Ar local-path
353: must specify a directory.
1.74 djm 354: .Pp
1.76 jmc 355: If either the
1.75 djm 356: .Fl P
1.74 djm 357: or
358: .Fl p
1.60 jaredy 359: flag is specified, then full file permissions and access times are
1.7 djm 360: copied too.
1.74 djm 361: .Pp
362: If the
363: .Fl r
364: flag is specified then directories will be copied recursively.
365: Note that
366: .Nm
367: does not follow symbolic links when performing recursive transfers.
1.11 deraadt 368: .It Ic help
369: Display help text.
1.46 jmc 370: .It Ic lcd Ar path
371: Change local directory to
372: .Ar path .
1.3 deraadt 373: .It Ic lls Op Ar ls-options Op Ar path
1.21 itojun 374: Display local directory listing of either
1.1 djm 375: .Ar path
376: or current directory if
377: .Ar path
1.5 stevesk 378: is not specified.
1.60 jaredy 379: .Ar ls-options
380: may contain any flags supported by the local system's
381: .Xr ls 1
382: command.
383: .Ar path
384: may contain
385: .Xr glob 3
386: characters and may match multiple files.
1.3 deraadt 387: .It Ic lmkdir Ar path
1.1 djm 388: Create local directory specified by
1.3 deraadt 389: .Ar path .
1.12 djm 390: .It Ic ln Ar oldpath Ar newpath
1.21 itojun 391: Create a symbolic link from
1.12 djm 392: .Ar oldpath
393: to
394: .Ar newpath .
1.3 deraadt 395: .It Ic lpwd
396: Print local working directory.
1.36 djm 397: .It Xo Ic ls
1.82 jmc 398: .Op Fl 1afhlnrSt
1.36 djm 399: .Op Ar path
400: .Xc
1.60 jaredy 401: Display a remote directory listing of either
1.1 djm 402: .Ar path
1.60 jaredy 403: or the current directory if
1.5 stevesk 404: .Ar path
1.44 jmc 405: is not specified.
1.60 jaredy 406: .Ar path
407: may contain
408: .Xr glob 3
409: characters and may match multiple files.
410: .Pp
411: The following flags are recognized and alter the behaviour of
412: .Ic ls
413: accordingly:
414: .Bl -tag -width Ds
415: .It Fl 1
416: Produce single columnar output.
417: .It Fl a
418: List files beginning with a dot
419: .Pq Sq \&. .
420: .It Fl f
421: Do not sort the listing.
422: The default sort order is lexicographical.
1.81 djm 423: .It Fl h
424: When used with a long format option, use unit suffixes: Byte, Kilobyte,
425: Megabyte, Gigabyte, Terabyte, Petabyte, and Exabyte in order to reduce
426: the number of digits to four or fewer using powers of 2 for sizes (K=1024,
427: M=1048576, etc.).
1.82 jmc 428: .It Fl l
429: Display additional details including permissions
430: and ownership information.
1.60 jaredy 431: .It Fl n
432: Produce a long listing with user and group information presented
1.56 djm 433: numerically.
1.60 jaredy 434: .It Fl r
435: Reverse the sort order of the listing.
436: .It Fl S
437: Sort the listing by file size.
438: .It Fl t
439: Sort the listing by last modification time.
440: .El
1.3 deraadt 441: .It Ic lumask Ar umask
1.21 itojun 442: Set local umask to
1.3 deraadt 443: .Ar umask .
444: .It Ic mkdir Ar path
1.1 djm 445: Create remote directory specified by
1.3 deraadt 446: .Ar path .
1.40 fgsch 447: .It Ic progress
448: Toggle display of progress meter.
1.7 djm 449: .It Xo Ic put
1.75 djm 450: .Op Fl Ppr
1.7 djm 451: .Ar local-path
1.37 djm 452: .Op Ar remote-path
1.7 djm 453: .Xc
1.1 djm 454: Upload
1.5 stevesk 455: .Ar local-path
1.44 jmc 456: and store it on the remote machine.
457: If the remote path name is not specified, it is given the same name it has
458: on the local machine.
1.60 jaredy 459: .Ar local-path
460: may contain
461: .Xr glob 3
462: characters and may match multiple files.
463: If it does and
464: .Ar remote-path
465: is specified, then
466: .Ar remote-path
467: must specify a directory.
1.74 djm 468: .Pp
469: If ether the
1.7 djm 470: .Fl P
1.74 djm 471: or
472: .Fl p
473: flag is specified, then full file permissions and access times are
1.7 djm 474: copied too.
1.74 djm 475: .Pp
476: If the
477: .Fl r
478: flag is specified then directories will be copied recursively.
479: Note that
480: .Nm
481: does not follow symbolic links when performing recursive transfers.
1.3 deraadt 482: .It Ic pwd
483: Display remote working directory.
484: .It Ic quit
1.44 jmc 485: Quit
486: .Nm sftp .
1.3 deraadt 487: .It Ic rename Ar oldpath Ar newpath
1.1 djm 488: Rename remote file from
489: .Ar oldpath
490: to
1.3 deraadt 491: .Ar newpath .
1.46 jmc 492: .It Ic rm Ar path
493: Delete remote file specified by
494: .Ar path .
1.3 deraadt 495: .It Ic rmdir Ar path
1.1 djm 496: Remove remote directory specified by
1.3 deraadt 497: .Ar path .
1.12 djm 498: .It Ic symlink Ar oldpath Ar newpath
1.21 itojun 499: Create a symbolic link from
1.12 djm 500: .Ar oldpath
501: to
502: .Ar newpath .
1.38 fgsch 503: .It Ic version
504: Display the
505: .Nm
506: protocol version.
1.69 sobrado 507: .It Ic \&! Ns Ar command
1.21 itojun 508: Execute
1.1 djm 509: .Ar command
1.3 deraadt 510: in local shell.
1.45 jmc 511: .It Ic \&!
1.3 deraadt 512: Escape to local shell.
1.45 jmc 513: .It Ic \&?
1.5 stevesk 514: Synonym for help.
1.4 itojun 515: .El
1.1 djm 516: .Sh SEE ALSO
1.46 jmc 517: .Xr ftp 1 ,
1.60 jaredy 518: .Xr ls 1 ,
1.17 markus 519: .Xr scp 1 ,
1.1 djm 520: .Xr ssh 1 ,
521: .Xr ssh-add 1 ,
522: .Xr ssh-keygen 1 ,
1.60 jaredy 523: .Xr glob 3 ,
1.35 stevesk 524: .Xr ssh_config 5 ,
1.17 markus 525: .Xr sftp-server 8 ,
526: .Xr sshd 8
527: .Rs
1.20 deraadt 528: .%A T. Ylonen
529: .%A S. Lehtinen
1.17 markus 530: .%T "SSH File Transfer Protocol"
531: .%N draft-ietf-secsh-filexfer-00.txt
532: .%D January 2001
533: .%O work in progress material
534: .Re