Annotation of src/usr.bin/ssh/sftp.1, Revision 1.87
1.87 ! jmc 1: .\" $OpenBSD: sftp.1,v 1.86 2010/09/23 13:36:46 jmc Exp $
1.1 djm 2: .\"
1.9 deraadt 3: .\" Copyright (c) 2001 Damien Miller. All rights reserved.
1.1 djm 4: .\"
5: .\" Redistribution and use in source and binary forms, with or without
6: .\" modification, are permitted provided that the following conditions
7: .\" are met:
8: .\" 1. Redistributions of source code must retain the above copyright
9: .\" notice, this list of conditions and the following disclaimer.
10: .\" 2. Redistributions in binary form must reproduce the above copyright
11: .\" notice, this list of conditions and the following disclaimer in the
12: .\" documentation and/or other materials provided with the distribution.
13: .\"
14: .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15: .\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16: .\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17: .\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
18: .\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19: .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20: .\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21: .\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22: .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23: .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24: .\"
1.87 ! jmc 25: .Dd $Mdocdate: September 23 2010 $
1.1 djm 26: .Dt SFTP 1
27: .Os
28: .Sh NAME
29: .Nm sftp
1.44 jmc 30: .Nd secure file transfer program
1.1 djm 31: .Sh SYNOPSIS
1.43 jmc 32: .Nm sftp
1.41 jmc 33: .Bk -words
1.74 djm 34: .Op Fl 1246Cpqrv
1.46 jmc 35: .Op Fl B Ar buffer_size
1.29 markus 36: .Op Fl b Ar batchfile
1.70 djm 37: .Op Fl c Ar cipher
1.72 djm 38: .Op Fl D Ar sftp_server_path
1.46 jmc 39: .Op Fl F Ar ssh_config
1.73 jmc 40: .Op Fl i Ar identity_file
1.85 djm 41: .Op Fl l Ar limit
1.29 markus 42: .Op Fl o Ar ssh_option
1.72 djm 43: .Op Fl P Ar port
1.30 djm 44: .Op Fl R Ar num_requests
1.26 stevesk 45: .Op Fl S Ar program
1.46 jmc 46: .Op Fl s Ar subsystem | sftp_server
1.26 stevesk 47: .Ar host
1.41 jmc 48: .Ek
1.43 jmc 49: .Nm sftp
1.68 djm 50: .Oo Ar user Ns @ Oc Ns
51: .Ar host Ns Op : Ns Ar
1.43 jmc 52: .Nm sftp
1.84 jmc 53: .Oo
54: .Ar user Ns @ Oc Ns
1.41 jmc 55: .Ar host Ns Oo : Ns Ar dir Ns
1.84 jmc 56: .Op Ar /
57: .Oc
1.43 jmc 58: .Nm sftp
1.42 djm 59: .Fl b Ar batchfile
1.45 jmc 60: .Oo Ar user Ns @ Oc Ns Ar host
1.1 djm 61: .Sh DESCRIPTION
62: .Nm
63: is an interactive file transfer program, similar to
64: .Xr ftp 1 ,
65: which performs all operations over an encrypted
66: .Xr ssh 1
67: transport.
68: It may also use many features of ssh, such as public key authentication and
69: compression.
70: .Nm
71: connects and logs into the specified
1.18 stevesk 72: .Ar host ,
1.1 djm 73: then enters an interactive command mode.
1.15 mouring 74: .Pp
1.21 itojun 75: The second usage format will retrieve files automatically if a non-interactive
1.18 stevesk 76: authentication method is used; otherwise it will do so after
77: successful interactive authentication.
1.15 mouring 78: .Pp
1.60 jaredy 79: The third usage format allows
80: .Nm
81: to start in a remote directory.
1.1 djm 82: .Pp
1.44 jmc 83: The final usage format allows for automated sessions using the
1.42 djm 84: .Fl b
1.44 jmc 85: option.
1.62 jmc 86: In such cases, it is necessary to configure non-interactive authentication
1.44 jmc 87: to obviate the need to enter a password at connection time (see
1.42 djm 88: .Xr sshd 8
1.43 jmc 89: and
1.42 djm 90: .Xr ssh-keygen 1
1.44 jmc 91: for details).
1.1 djm 92: The options are as follows:
93: .Bl -tag -width Ds
1.46 jmc 94: .It Fl 1
95: Specify the use of protocol version 1.
1.70 djm 96: .It Fl 2
97: Specify the use of protocol version 2.
98: .It Fl 4
99: Forces
100: .Nm
101: to use IPv4 addresses only.
102: .It Fl 6
103: Forces
104: .Nm
105: to use IPv6 addresses only.
1.46 jmc 106: .It Fl B Ar buffer_size
107: Specify the size of the buffer that
108: .Nm
109: uses when transferring files.
110: Larger buffers require fewer round trips at the cost of higher
111: memory consumption.
112: The default is 32768 bytes.
1.10 deraadt 113: .It Fl b Ar batchfile
114: Batch mode reads a series of commands from an input
1.13 stevesk 115: .Ar batchfile
1.10 deraadt 116: instead of
1.13 stevesk 117: .Em stdin .
118: Since it lacks user interaction it should be used in conjunction with
1.51 jmc 119: non-interactive authentication.
1.50 djm 120: A
1.51 jmc 121: .Ar batchfile
122: of
123: .Sq \-
1.50 djm 124: may be used to indicate standard input.
1.13 stevesk 125: .Nm
1.21 itojun 126: will abort if any of the following
127: commands fail:
1.33 deraadt 128: .Ic get , put , rename , ln ,
1.41 jmc 129: .Ic rm , mkdir , chdir , ls ,
1.66 jmc 130: .Ic lchdir , chmod , chown ,
131: .Ic chgrp , lpwd , df ,
1.10 deraadt 132: and
1.13 stevesk 133: .Ic lmkdir .
1.41 jmc 134: Termination on error can be suppressed on a command by command basis by
135: prefixing the command with a
1.51 jmc 136: .Sq \-
1.44 jmc 137: character (for example,
138: .Ic -rm /tmp/blah* ) .
1.71 jmc 139: .It Fl C
140: Enables compression (via ssh's
141: .Fl C
142: flag).
1.70 djm 143: .It Fl c Ar cipher
144: Selects the cipher to use for encrypting the data transfers.
145: This option is directly passed to
146: .Xr ssh 1 .
1.72 djm 147: .It Fl D Ar sftp_server_path
148: Connect directly to a local sftp server
149: (rather than via
150: .Xr ssh 1 ) .
151: This option may be useful in debugging the client and server.
1.46 jmc 152: .It Fl F Ar ssh_config
153: Specifies an alternative
154: per-user configuration file for
155: .Xr ssh 1 .
156: This option is directly passed to
157: .Xr ssh 1 .
1.70 djm 158: .It Fl i Ar identity_file
159: Selects the file from which the identity (private key) for public key
160: authentication is read.
161: This option is directly passed to
162: .Xr ssh 1 .
1.85 djm 163: .It Fl l Ar limit
164: Limits the used bandwidth, specified in Kbit/s.
1.1 djm 165: .It Fl o Ar ssh_option
1.23 stevesk 166: Can be used to pass options to
167: .Nm ssh
1.35 stevesk 168: in the format used in
169: .Xr ssh_config 5 .
170: This is useful for specifying options
1.23 stevesk 171: for which there is no separate
172: .Nm sftp
1.44 jmc 173: command-line flag.
174: For example, to specify an alternate port use:
1.26 stevesk 175: .Ic sftp -oPort=24 .
1.46 jmc 176: For full details of the options listed below, and their possible values, see
177: .Xr ssh_config 5 .
178: .Pp
179: .Bl -tag -width Ds -offset indent -compact
180: .It AddressFamily
181: .It BatchMode
182: .It BindAddress
183: .It ChallengeResponseAuthentication
184: .It CheckHostIP
185: .It Cipher
186: .It Ciphers
187: .It Compression
188: .It CompressionLevel
189: .It ConnectionAttempts
1.54 dtucker 190: .It ConnectTimeout
1.55 djm 191: .It ControlMaster
192: .It ControlPath
1.46 jmc 193: .It GlobalKnownHostsFile
194: .It GSSAPIAuthentication
195: .It GSSAPIDelegateCredentials
1.61 jmc 196: .It HashKnownHosts
1.46 jmc 197: .It Host
198: .It HostbasedAuthentication
199: .It HostKeyAlgorithms
200: .It HostKeyAlias
201: .It HostName
202: .It IdentityFile
1.52 markus 203: .It IdentitiesOnly
1.87 ! jmc 204: .It IPQoS
1.58 djm 205: .It KbdInteractiveDevices
1.86 jmc 206: .It KexAlgorithms
1.46 jmc 207: .It LogLevel
208: .It MACs
209: .It NoHostAuthenticationForLocalhost
210: .It NumberOfPasswordPrompts
211: .It PasswordAuthentication
1.83 markus 212: .It PKCS11Provider
1.46 jmc 213: .It Port
214: .It PreferredAuthentications
215: .It Protocol
216: .It ProxyCommand
217: .It PubkeyAuthentication
1.63 dtucker 218: .It RekeyLimit
1.46 jmc 219: .It RhostsRSAAuthentication
220: .It RSAAuthentication
1.53 jmc 221: .It SendEnv
1.49 markus 222: .It ServerAliveInterval
223: .It ServerAliveCountMax
1.46 jmc 224: .It StrictHostKeyChecking
1.48 markus 225: .It TCPKeepAlive
1.46 jmc 226: .It UsePrivilegedPort
227: .It User
228: .It UserKnownHostsFile
229: .It VerifyHostKeyDNS
230: .El
1.72 djm 231: .It Fl P Ar port
232: Specifies the port to connect to on the remote host.
1.74 djm 233: .It Fl p
234: Preserves modification times, access times, and modes from the
235: original files transferred.
1.70 djm 236: .It Fl q
237: Quiet mode: disables the progress meter as well as warning and
238: diagnostic messages from
239: .Xr ssh 1 .
1.30 djm 240: .It Fl R Ar num_requests
1.44 jmc 241: Specify how many requests may be outstanding at any one time.
242: Increasing this may slightly improve file transfer speed
243: but will increase memory usage.
1.67 djm 244: The default is 64 outstanding requests.
1.74 djm 245: .It Fl r
246: Recursively copy entire directories when uploading and downloading.
247: Note that
248: .Nm
249: does not follow symbolic links encountered in the tree traversal.
1.26 stevesk 250: .It Fl S Ar program
251: Name of the
252: .Ar program
253: to use for the encrypted connection.
254: The program must understand
255: .Xr ssh 1
256: options.
1.46 jmc 257: .It Fl s Ar subsystem | sftp_server
258: Specifies the SSH2 subsystem or the path for an sftp server
259: on the remote host.
260: A path is useful for using
261: .Nm
262: over protocol version 1, or when the remote
263: .Xr sshd 8
264: does not have an sftp subsystem configured.
265: .It Fl v
266: Raise logging level.
267: This option is also passed to ssh.
1.1 djm 268: .El
269: .Sh INTERACTIVE COMMANDS
1.2 djm 270: Once in interactive mode,
271: .Nm
1.21 itojun 272: understands a set of commands similar to those of
1.1 djm 273: .Xr ftp 1 .
1.60 jaredy 274: Commands are case insensitive.
275: Pathnames that contain spaces must be enclosed in quotes.
276: Any special characters contained within pathnames that are recognized by
277: .Xr glob 3
278: must be escaped with backslashes
279: .Pq Sq \e .
280: .Bl -tag -width Ds
1.22 markus 281: .It Ic bye
1.44 jmc 282: Quit
283: .Nm sftp .
1.3 deraadt 284: .It Ic cd Ar path
1.21 itojun 285: Change remote directory to
1.3 deraadt 286: .Ar path .
287: .It Ic chgrp Ar grp Ar path
1.21 itojun 288: Change group of file
1.5 stevesk 289: .Ar path
290: to
1.1 djm 291: .Ar grp .
1.60 jaredy 292: .Ar path
293: may contain
294: .Xr glob 3
295: characters and may match multiple files.
1.1 djm 296: .Ar grp
1.5 stevesk 297: must be a numeric GID.
1.3 deraadt 298: .It Ic chmod Ar mode Ar path
1.21 itojun 299: Change permissions of file
1.5 stevesk 300: .Ar path
301: to
1.3 deraadt 302: .Ar mode .
1.60 jaredy 303: .Ar path
304: may contain
305: .Xr glob 3
306: characters and may match multiple files.
1.3 deraadt 307: .It Ic chown Ar own Ar path
1.21 itojun 308: Change owner of file
1.5 stevesk 309: .Ar path
310: to
1.1 djm 311: .Ar own .
1.60 jaredy 312: .Ar path
313: may contain
314: .Xr glob 3
315: characters and may match multiple files.
1.1 djm 316: .Ar own
317: must be a numeric UID.
1.65 djm 318: .It Xo Ic df
319: .Op Fl hi
320: .Op Ar path
321: .Xc
322: Display usage information for the filesystem holding the current directory
323: (or
324: .Ar path
325: if specified).
326: If the
327: .Fl h
328: flag is specified, the capacity information will be displayed using
329: "human-readable" suffixes.
330: The
331: .Fl i
332: flag requests display of inode information in addition to capacity information.
333: This command is only supported on servers that implement the
334: .Dq statvfs@openssh.com
335: extension.
1.11 deraadt 336: .It Ic exit
1.44 jmc 337: Quit
338: .Nm sftp .
1.7 djm 339: .It Xo Ic get
1.74 djm 340: .Op Fl Ppr
1.7 djm 341: .Ar remote-path
342: .Op Ar local-path
343: .Xc
1.1 djm 344: Retrieve the
1.5 stevesk 345: .Ar remote-path
1.1 djm 346: and store it on the local machine.
347: If the local
1.21 itojun 348: path name is not specified, it is given the same name it has on the
1.44 jmc 349: remote machine.
1.60 jaredy 350: .Ar remote-path
351: may contain
352: .Xr glob 3
353: characters and may match multiple files.
354: If it does and
355: .Ar local-path
356: is specified, then
357: .Ar local-path
358: must specify a directory.
1.74 djm 359: .Pp
1.76 jmc 360: If either the
1.75 djm 361: .Fl P
1.74 djm 362: or
363: .Fl p
1.60 jaredy 364: flag is specified, then full file permissions and access times are
1.7 djm 365: copied too.
1.74 djm 366: .Pp
367: If the
368: .Fl r
369: flag is specified then directories will be copied recursively.
370: Note that
371: .Nm
372: does not follow symbolic links when performing recursive transfers.
1.11 deraadt 373: .It Ic help
374: Display help text.
1.46 jmc 375: .It Ic lcd Ar path
376: Change local directory to
377: .Ar path .
1.3 deraadt 378: .It Ic lls Op Ar ls-options Op Ar path
1.21 itojun 379: Display local directory listing of either
1.1 djm 380: .Ar path
381: or current directory if
382: .Ar path
1.5 stevesk 383: is not specified.
1.60 jaredy 384: .Ar ls-options
385: may contain any flags supported by the local system's
386: .Xr ls 1
387: command.
388: .Ar path
389: may contain
390: .Xr glob 3
391: characters and may match multiple files.
1.3 deraadt 392: .It Ic lmkdir Ar path
1.1 djm 393: Create local directory specified by
1.3 deraadt 394: .Ar path .
1.12 djm 395: .It Ic ln Ar oldpath Ar newpath
1.21 itojun 396: Create a symbolic link from
1.12 djm 397: .Ar oldpath
398: to
399: .Ar newpath .
1.3 deraadt 400: .It Ic lpwd
401: Print local working directory.
1.36 djm 402: .It Xo Ic ls
1.82 jmc 403: .Op Fl 1afhlnrSt
1.36 djm 404: .Op Ar path
405: .Xc
1.60 jaredy 406: Display a remote directory listing of either
1.1 djm 407: .Ar path
1.60 jaredy 408: or the current directory if
1.5 stevesk 409: .Ar path
1.44 jmc 410: is not specified.
1.60 jaredy 411: .Ar path
412: may contain
413: .Xr glob 3
414: characters and may match multiple files.
415: .Pp
416: The following flags are recognized and alter the behaviour of
417: .Ic ls
418: accordingly:
419: .Bl -tag -width Ds
420: .It Fl 1
421: Produce single columnar output.
422: .It Fl a
423: List files beginning with a dot
424: .Pq Sq \&. .
425: .It Fl f
426: Do not sort the listing.
427: The default sort order is lexicographical.
1.81 djm 428: .It Fl h
429: When used with a long format option, use unit suffixes: Byte, Kilobyte,
430: Megabyte, Gigabyte, Terabyte, Petabyte, and Exabyte in order to reduce
431: the number of digits to four or fewer using powers of 2 for sizes (K=1024,
432: M=1048576, etc.).
1.82 jmc 433: .It Fl l
434: Display additional details including permissions
435: and ownership information.
1.60 jaredy 436: .It Fl n
437: Produce a long listing with user and group information presented
1.56 djm 438: numerically.
1.60 jaredy 439: .It Fl r
440: Reverse the sort order of the listing.
441: .It Fl S
442: Sort the listing by file size.
443: .It Fl t
444: Sort the listing by last modification time.
445: .El
1.3 deraadt 446: .It Ic lumask Ar umask
1.21 itojun 447: Set local umask to
1.3 deraadt 448: .Ar umask .
449: .It Ic mkdir Ar path
1.1 djm 450: Create remote directory specified by
1.3 deraadt 451: .Ar path .
1.40 fgsch 452: .It Ic progress
453: Toggle display of progress meter.
1.7 djm 454: .It Xo Ic put
1.75 djm 455: .Op Fl Ppr
1.7 djm 456: .Ar local-path
1.37 djm 457: .Op Ar remote-path
1.7 djm 458: .Xc
1.1 djm 459: Upload
1.5 stevesk 460: .Ar local-path
1.44 jmc 461: and store it on the remote machine.
462: If the remote path name is not specified, it is given the same name it has
463: on the local machine.
1.60 jaredy 464: .Ar local-path
465: may contain
466: .Xr glob 3
467: characters and may match multiple files.
468: If it does and
469: .Ar remote-path
470: is specified, then
471: .Ar remote-path
472: must specify a directory.
1.74 djm 473: .Pp
474: If ether the
1.7 djm 475: .Fl P
1.74 djm 476: or
477: .Fl p
478: flag is specified, then full file permissions and access times are
1.7 djm 479: copied too.
1.74 djm 480: .Pp
481: If the
482: .Fl r
483: flag is specified then directories will be copied recursively.
484: Note that
485: .Nm
486: does not follow symbolic links when performing recursive transfers.
1.3 deraadt 487: .It Ic pwd
488: Display remote working directory.
489: .It Ic quit
1.44 jmc 490: Quit
491: .Nm sftp .
1.3 deraadt 492: .It Ic rename Ar oldpath Ar newpath
1.1 djm 493: Rename remote file from
494: .Ar oldpath
495: to
1.3 deraadt 496: .Ar newpath .
1.46 jmc 497: .It Ic rm Ar path
498: Delete remote file specified by
499: .Ar path .
1.3 deraadt 500: .It Ic rmdir Ar path
1.1 djm 501: Remove remote directory specified by
1.3 deraadt 502: .Ar path .
1.12 djm 503: .It Ic symlink Ar oldpath Ar newpath
1.21 itojun 504: Create a symbolic link from
1.12 djm 505: .Ar oldpath
506: to
507: .Ar newpath .
1.38 fgsch 508: .It Ic version
509: Display the
510: .Nm
511: protocol version.
1.69 sobrado 512: .It Ic \&! Ns Ar command
1.21 itojun 513: Execute
1.1 djm 514: .Ar command
1.3 deraadt 515: in local shell.
1.45 jmc 516: .It Ic \&!
1.3 deraadt 517: Escape to local shell.
1.45 jmc 518: .It Ic \&?
1.5 stevesk 519: Synonym for help.
1.4 itojun 520: .El
1.1 djm 521: .Sh SEE ALSO
1.46 jmc 522: .Xr ftp 1 ,
1.60 jaredy 523: .Xr ls 1 ,
1.17 markus 524: .Xr scp 1 ,
1.1 djm 525: .Xr ssh 1 ,
526: .Xr ssh-add 1 ,
527: .Xr ssh-keygen 1 ,
1.60 jaredy 528: .Xr glob 3 ,
1.35 stevesk 529: .Xr ssh_config 5 ,
1.17 markus 530: .Xr sftp-server 8 ,
531: .Xr sshd 8
532: .Rs
1.20 deraadt 533: .%A T. Ylonen
534: .%A S. Lehtinen
1.17 markus 535: .%T "SSH File Transfer Protocol"
536: .%N draft-ietf-secsh-filexfer-00.txt
537: .%D January 2001
538: .%O work in progress material
539: .Re