Annotation of src/usr.bin/ssh/sftp.1, Revision 1.92
1.92 ! djm 1: .\" $OpenBSD: sftp.1,v 1.91 2011/09/05 05:56:13 djm Exp $
1.1 djm 2: .\"
1.9 deraadt 3: .\" Copyright (c) 2001 Damien Miller. All rights reserved.
1.1 djm 4: .\"
5: .\" Redistribution and use in source and binary forms, with or without
6: .\" modification, are permitted provided that the following conditions
7: .\" are met:
8: .\" 1. Redistributions of source code must retain the above copyright
9: .\" notice, this list of conditions and the following disclaimer.
10: .\" 2. Redistributions in binary form must reproduce the above copyright
11: .\" notice, this list of conditions and the following disclaimer in the
12: .\" documentation and/or other materials provided with the distribution.
13: .\"
14: .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15: .\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16: .\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17: .\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
18: .\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19: .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20: .\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21: .\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22: .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23: .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24: .\"
1.92 ! djm 25: .Dd $Mdocdate: September 5 2011 $
1.1 djm 26: .Dt SFTP 1
27: .Os
28: .Sh NAME
29: .Nm sftp
1.44 jmc 30: .Nd secure file transfer program
1.1 djm 31: .Sh SYNOPSIS
1.43 jmc 32: .Nm sftp
1.41 jmc 33: .Bk -words
1.74 djm 34: .Op Fl 1246Cpqrv
1.46 jmc 35: .Op Fl B Ar buffer_size
1.29 markus 36: .Op Fl b Ar batchfile
1.70 djm 37: .Op Fl c Ar cipher
1.72 djm 38: .Op Fl D Ar sftp_server_path
1.46 jmc 39: .Op Fl F Ar ssh_config
1.73 jmc 40: .Op Fl i Ar identity_file
1.85 djm 41: .Op Fl l Ar limit
1.29 markus 42: .Op Fl o Ar ssh_option
1.72 djm 43: .Op Fl P Ar port
1.30 djm 44: .Op Fl R Ar num_requests
1.26 stevesk 45: .Op Fl S Ar program
1.46 jmc 46: .Op Fl s Ar subsystem | sftp_server
1.26 stevesk 47: .Ar host
1.41 jmc 48: .Ek
1.43 jmc 49: .Nm sftp
1.68 djm 50: .Oo Ar user Ns @ Oc Ns
51: .Ar host Ns Op : Ns Ar
1.43 jmc 52: .Nm sftp
1.84 jmc 53: .Oo
54: .Ar user Ns @ Oc Ns
1.41 jmc 55: .Ar host Ns Oo : Ns Ar dir Ns
1.84 jmc 56: .Op Ar /
57: .Oc
1.43 jmc 58: .Nm sftp
1.42 djm 59: .Fl b Ar batchfile
1.45 jmc 60: .Oo Ar user Ns @ Oc Ns Ar host
1.1 djm 61: .Sh DESCRIPTION
62: .Nm
63: is an interactive file transfer program, similar to
64: .Xr ftp 1 ,
65: which performs all operations over an encrypted
66: .Xr ssh 1
67: transport.
68: It may also use many features of ssh, such as public key authentication and
69: compression.
70: .Nm
71: connects and logs into the specified
1.18 stevesk 72: .Ar host ,
1.1 djm 73: then enters an interactive command mode.
1.15 mouring 74: .Pp
1.21 itojun 75: The second usage format will retrieve files automatically if a non-interactive
1.18 stevesk 76: authentication method is used; otherwise it will do so after
77: successful interactive authentication.
1.15 mouring 78: .Pp
1.60 jaredy 79: The third usage format allows
80: .Nm
81: to start in a remote directory.
1.1 djm 82: .Pp
1.44 jmc 83: The final usage format allows for automated sessions using the
1.42 djm 84: .Fl b
1.44 jmc 85: option.
1.62 jmc 86: In such cases, it is necessary to configure non-interactive authentication
1.44 jmc 87: to obviate the need to enter a password at connection time (see
1.42 djm 88: .Xr sshd 8
1.43 jmc 89: and
1.42 djm 90: .Xr ssh-keygen 1
1.44 jmc 91: for details).
1.89 djm 92: .Pp
93: Since some usage formats use colon characters to delimit host names from path
94: names, IPv6 addresses must be enclosed in square brackets to avoid ambiguity.
95: .Pp
1.1 djm 96: The options are as follows:
97: .Bl -tag -width Ds
1.46 jmc 98: .It Fl 1
99: Specify the use of protocol version 1.
1.70 djm 100: .It Fl 2
101: Specify the use of protocol version 2.
102: .It Fl 4
103: Forces
104: .Nm
105: to use IPv4 addresses only.
106: .It Fl 6
107: Forces
108: .Nm
109: to use IPv6 addresses only.
1.46 jmc 110: .It Fl B Ar buffer_size
111: Specify the size of the buffer that
112: .Nm
113: uses when transferring files.
114: Larger buffers require fewer round trips at the cost of higher
115: memory consumption.
116: The default is 32768 bytes.
1.10 deraadt 117: .It Fl b Ar batchfile
118: Batch mode reads a series of commands from an input
1.13 stevesk 119: .Ar batchfile
1.10 deraadt 120: instead of
1.13 stevesk 121: .Em stdin .
122: Since it lacks user interaction it should be used in conjunction with
1.51 jmc 123: non-interactive authentication.
1.50 djm 124: A
1.51 jmc 125: .Ar batchfile
126: of
127: .Sq \-
1.50 djm 128: may be used to indicate standard input.
1.13 stevesk 129: .Nm
1.21 itojun 130: will abort if any of the following
131: commands fail:
1.92 ! djm 132: .Ic get , put , reget , rename , ln ,
1.41 jmc 133: .Ic rm , mkdir , chdir , ls ,
1.66 jmc 134: .Ic lchdir , chmod , chown ,
1.88 djm 135: .Ic chgrp , lpwd , df , symlink ,
1.10 deraadt 136: and
1.13 stevesk 137: .Ic lmkdir .
1.41 jmc 138: Termination on error can be suppressed on a command by command basis by
139: prefixing the command with a
1.51 jmc 140: .Sq \-
1.44 jmc 141: character (for example,
142: .Ic -rm /tmp/blah* ) .
1.71 jmc 143: .It Fl C
144: Enables compression (via ssh's
145: .Fl C
146: flag).
1.70 djm 147: .It Fl c Ar cipher
148: Selects the cipher to use for encrypting the data transfers.
149: This option is directly passed to
150: .Xr ssh 1 .
1.72 djm 151: .It Fl D Ar sftp_server_path
152: Connect directly to a local sftp server
153: (rather than via
154: .Xr ssh 1 ) .
155: This option may be useful in debugging the client and server.
1.46 jmc 156: .It Fl F Ar ssh_config
157: Specifies an alternative
158: per-user configuration file for
159: .Xr ssh 1 .
160: This option is directly passed to
161: .Xr ssh 1 .
1.70 djm 162: .It Fl i Ar identity_file
163: Selects the file from which the identity (private key) for public key
164: authentication is read.
165: This option is directly passed to
166: .Xr ssh 1 .
1.85 djm 167: .It Fl l Ar limit
168: Limits the used bandwidth, specified in Kbit/s.
1.1 djm 169: .It Fl o Ar ssh_option
1.23 stevesk 170: Can be used to pass options to
171: .Nm ssh
1.35 stevesk 172: in the format used in
173: .Xr ssh_config 5 .
174: This is useful for specifying options
1.23 stevesk 175: for which there is no separate
176: .Nm sftp
1.44 jmc 177: command-line flag.
178: For example, to specify an alternate port use:
1.26 stevesk 179: .Ic sftp -oPort=24 .
1.46 jmc 180: For full details of the options listed below, and their possible values, see
181: .Xr ssh_config 5 .
182: .Pp
183: .Bl -tag -width Ds -offset indent -compact
184: .It AddressFamily
185: .It BatchMode
186: .It BindAddress
187: .It ChallengeResponseAuthentication
188: .It CheckHostIP
189: .It Cipher
190: .It Ciphers
191: .It Compression
192: .It CompressionLevel
193: .It ConnectionAttempts
1.54 dtucker 194: .It ConnectTimeout
1.55 djm 195: .It ControlMaster
196: .It ControlPath
1.91 djm 197: .It ControlPersist
1.46 jmc 198: .It GlobalKnownHostsFile
199: .It GSSAPIAuthentication
200: .It GSSAPIDelegateCredentials
1.61 jmc 201: .It HashKnownHosts
1.46 jmc 202: .It Host
203: .It HostbasedAuthentication
204: .It HostKeyAlgorithms
205: .It HostKeyAlias
206: .It HostName
207: .It IdentityFile
1.52 markus 208: .It IdentitiesOnly
1.87 jmc 209: .It IPQoS
1.91 djm 210: .It KbdInteractiveAuthentication
1.58 djm 211: .It KbdInteractiveDevices
1.86 jmc 212: .It KexAlgorithms
1.46 jmc 213: .It LogLevel
214: .It MACs
215: .It NoHostAuthenticationForLocalhost
216: .It NumberOfPasswordPrompts
217: .It PasswordAuthentication
1.83 markus 218: .It PKCS11Provider
1.46 jmc 219: .It Port
220: .It PreferredAuthentications
221: .It Protocol
222: .It ProxyCommand
223: .It PubkeyAuthentication
1.63 dtucker 224: .It RekeyLimit
1.46 jmc 225: .It RhostsRSAAuthentication
226: .It RSAAuthentication
1.53 jmc 227: .It SendEnv
1.49 markus 228: .It ServerAliveInterval
229: .It ServerAliveCountMax
1.46 jmc 230: .It StrictHostKeyChecking
1.48 markus 231: .It TCPKeepAlive
1.46 jmc 232: .It UsePrivilegedPort
233: .It User
234: .It UserKnownHostsFile
235: .It VerifyHostKeyDNS
236: .El
1.72 djm 237: .It Fl P Ar port
238: Specifies the port to connect to on the remote host.
1.74 djm 239: .It Fl p
240: Preserves modification times, access times, and modes from the
241: original files transferred.
1.70 djm 242: .It Fl q
243: Quiet mode: disables the progress meter as well as warning and
244: diagnostic messages from
245: .Xr ssh 1 .
1.30 djm 246: .It Fl R Ar num_requests
1.44 jmc 247: Specify how many requests may be outstanding at any one time.
248: Increasing this may slightly improve file transfer speed
249: but will increase memory usage.
1.67 djm 250: The default is 64 outstanding requests.
1.74 djm 251: .It Fl r
252: Recursively copy entire directories when uploading and downloading.
253: Note that
254: .Nm
255: does not follow symbolic links encountered in the tree traversal.
1.26 stevesk 256: .It Fl S Ar program
257: Name of the
258: .Ar program
259: to use for the encrypted connection.
260: The program must understand
261: .Xr ssh 1
262: options.
1.46 jmc 263: .It Fl s Ar subsystem | sftp_server
264: Specifies the SSH2 subsystem or the path for an sftp server
265: on the remote host.
266: A path is useful for using
267: .Nm
268: over protocol version 1, or when the remote
269: .Xr sshd 8
270: does not have an sftp subsystem configured.
271: .It Fl v
272: Raise logging level.
273: This option is also passed to ssh.
1.1 djm 274: .El
275: .Sh INTERACTIVE COMMANDS
1.2 djm 276: Once in interactive mode,
277: .Nm
1.21 itojun 278: understands a set of commands similar to those of
1.1 djm 279: .Xr ftp 1 .
1.60 jaredy 280: Commands are case insensitive.
281: Pathnames that contain spaces must be enclosed in quotes.
282: Any special characters contained within pathnames that are recognized by
283: .Xr glob 3
284: must be escaped with backslashes
285: .Pq Sq \e .
286: .Bl -tag -width Ds
1.22 markus 287: .It Ic bye
1.44 jmc 288: Quit
289: .Nm sftp .
1.3 deraadt 290: .It Ic cd Ar path
1.21 itojun 291: Change remote directory to
1.3 deraadt 292: .Ar path .
293: .It Ic chgrp Ar grp Ar path
1.21 itojun 294: Change group of file
1.5 stevesk 295: .Ar path
296: to
1.1 djm 297: .Ar grp .
1.60 jaredy 298: .Ar path
299: may contain
300: .Xr glob 3
301: characters and may match multiple files.
1.1 djm 302: .Ar grp
1.5 stevesk 303: must be a numeric GID.
1.3 deraadt 304: .It Ic chmod Ar mode Ar path
1.21 itojun 305: Change permissions of file
1.5 stevesk 306: .Ar path
307: to
1.3 deraadt 308: .Ar mode .
1.60 jaredy 309: .Ar path
310: may contain
311: .Xr glob 3
312: characters and may match multiple files.
1.3 deraadt 313: .It Ic chown Ar own Ar path
1.21 itojun 314: Change owner of file
1.5 stevesk 315: .Ar path
316: to
1.1 djm 317: .Ar own .
1.60 jaredy 318: .Ar path
319: may contain
320: .Xr glob 3
321: characters and may match multiple files.
1.1 djm 322: .Ar own
323: must be a numeric UID.
1.65 djm 324: .It Xo Ic df
325: .Op Fl hi
326: .Op Ar path
327: .Xc
328: Display usage information for the filesystem holding the current directory
329: (or
330: .Ar path
331: if specified).
332: If the
333: .Fl h
334: flag is specified, the capacity information will be displayed using
335: "human-readable" suffixes.
336: The
337: .Fl i
338: flag requests display of inode information in addition to capacity information.
339: This command is only supported on servers that implement the
340: .Dq statvfs@openssh.com
341: extension.
1.11 deraadt 342: .It Ic exit
1.44 jmc 343: Quit
344: .Nm sftp .
1.7 djm 345: .It Xo Ic get
1.92 ! djm 346: .Op Fl aPpr
1.7 djm 347: .Ar remote-path
348: .Op Ar local-path
349: .Xc
1.1 djm 350: Retrieve the
1.5 stevesk 351: .Ar remote-path
1.1 djm 352: and store it on the local machine.
353: If the local
1.21 itojun 354: path name is not specified, it is given the same name it has on the
1.44 jmc 355: remote machine.
1.60 jaredy 356: .Ar remote-path
357: may contain
358: .Xr glob 3
359: characters and may match multiple files.
360: If it does and
361: .Ar local-path
362: is specified, then
363: .Ar local-path
364: must specify a directory.
1.74 djm 365: .Pp
1.92 ! djm 366: If the
! 367: .Fl a
! 368: flag is specified, then attempt to resume partial transfers of existing files.
! 369: Note that resumption assumes that any partial copy of the local file matches
! 370: the remote copy.
! 371: If the remote file differs from the partial local copy then the resultant file
! 372: is likely to be corrupt.
! 373: .Pp
1.76 jmc 374: If either the
1.75 djm 375: .Fl P
1.74 djm 376: or
377: .Fl p
1.60 jaredy 378: flag is specified, then full file permissions and access times are
1.7 djm 379: copied too.
1.74 djm 380: .Pp
381: If the
382: .Fl r
383: flag is specified then directories will be copied recursively.
384: Note that
385: .Nm
386: does not follow symbolic links when performing recursive transfers.
1.11 deraadt 387: .It Ic help
388: Display help text.
1.46 jmc 389: .It Ic lcd Ar path
390: Change local directory to
391: .Ar path .
1.3 deraadt 392: .It Ic lls Op Ar ls-options Op Ar path
1.21 itojun 393: Display local directory listing of either
1.1 djm 394: .Ar path
395: or current directory if
396: .Ar path
1.5 stevesk 397: is not specified.
1.60 jaredy 398: .Ar ls-options
399: may contain any flags supported by the local system's
400: .Xr ls 1
401: command.
402: .Ar path
403: may contain
404: .Xr glob 3
405: characters and may match multiple files.
1.3 deraadt 406: .It Ic lmkdir Ar path
1.1 djm 407: Create local directory specified by
1.3 deraadt 408: .Ar path .
1.88 djm 409: .It Xo Ic ln
410: .Op Fl s
411: .Ar oldpath
412: .Ar newpath
413: .Xc
414: Create a link from
1.12 djm 415: .Ar oldpath
416: to
417: .Ar newpath .
1.88 djm 418: If the
419: .Fl s
420: flag is specified the created link is a symbolic link, otherwise it is
421: a hard link.
1.3 deraadt 422: .It Ic lpwd
423: Print local working directory.
1.36 djm 424: .It Xo Ic ls
1.82 jmc 425: .Op Fl 1afhlnrSt
1.36 djm 426: .Op Ar path
427: .Xc
1.60 jaredy 428: Display a remote directory listing of either
1.1 djm 429: .Ar path
1.60 jaredy 430: or the current directory if
1.5 stevesk 431: .Ar path
1.44 jmc 432: is not specified.
1.60 jaredy 433: .Ar path
434: may contain
435: .Xr glob 3
436: characters and may match multiple files.
437: .Pp
438: The following flags are recognized and alter the behaviour of
439: .Ic ls
440: accordingly:
441: .Bl -tag -width Ds
442: .It Fl 1
443: Produce single columnar output.
444: .It Fl a
445: List files beginning with a dot
446: .Pq Sq \&. .
447: .It Fl f
448: Do not sort the listing.
449: The default sort order is lexicographical.
1.81 djm 450: .It Fl h
451: When used with a long format option, use unit suffixes: Byte, Kilobyte,
452: Megabyte, Gigabyte, Terabyte, Petabyte, and Exabyte in order to reduce
453: the number of digits to four or fewer using powers of 2 for sizes (K=1024,
454: M=1048576, etc.).
1.82 jmc 455: .It Fl l
456: Display additional details including permissions
457: and ownership information.
1.60 jaredy 458: .It Fl n
459: Produce a long listing with user and group information presented
1.56 djm 460: numerically.
1.60 jaredy 461: .It Fl r
462: Reverse the sort order of the listing.
463: .It Fl S
464: Sort the listing by file size.
465: .It Fl t
466: Sort the listing by last modification time.
467: .El
1.3 deraadt 468: .It Ic lumask Ar umask
1.21 itojun 469: Set local umask to
1.3 deraadt 470: .Ar umask .
471: .It Ic mkdir Ar path
1.1 djm 472: Create remote directory specified by
1.3 deraadt 473: .Ar path .
1.40 fgsch 474: .It Ic progress
475: Toggle display of progress meter.
1.7 djm 476: .It Xo Ic put
1.75 djm 477: .Op Fl Ppr
1.7 djm 478: .Ar local-path
1.37 djm 479: .Op Ar remote-path
1.7 djm 480: .Xc
1.1 djm 481: Upload
1.5 stevesk 482: .Ar local-path
1.44 jmc 483: and store it on the remote machine.
484: If the remote path name is not specified, it is given the same name it has
485: on the local machine.
1.60 jaredy 486: .Ar local-path
487: may contain
488: .Xr glob 3
489: characters and may match multiple files.
490: If it does and
491: .Ar remote-path
492: is specified, then
493: .Ar remote-path
494: must specify a directory.
1.74 djm 495: .Pp
1.90 dtucker 496: If either the
1.7 djm 497: .Fl P
1.74 djm 498: or
499: .Fl p
500: flag is specified, then full file permissions and access times are
1.7 djm 501: copied too.
1.74 djm 502: .Pp
503: If the
504: .Fl r
505: flag is specified then directories will be copied recursively.
506: Note that
507: .Nm
508: does not follow symbolic links when performing recursive transfers.
1.3 deraadt 509: .It Ic pwd
510: Display remote working directory.
511: .It Ic quit
1.44 jmc 512: Quit
513: .Nm sftp .
1.92 ! djm 514: .It Xo Ic reget
! 515: .Op Fl Ppr
! 516: .Ar remote-path
! 517: .Op Ar local-path
! 518: .Xc
! 519: Resume download of
! 520: .Ar remote-path .
! 521: Equivalent to
! 522: .Ic get
! 523: with the
! 524: .Fl a
! 525: flag set.
1.3 deraadt 526: .It Ic rename Ar oldpath Ar newpath
1.1 djm 527: Rename remote file from
528: .Ar oldpath
529: to
1.3 deraadt 530: .Ar newpath .
1.46 jmc 531: .It Ic rm Ar path
532: Delete remote file specified by
533: .Ar path .
1.3 deraadt 534: .It Ic rmdir Ar path
1.1 djm 535: Remove remote directory specified by
1.3 deraadt 536: .Ar path .
1.12 djm 537: .It Ic symlink Ar oldpath Ar newpath
1.21 itojun 538: Create a symbolic link from
1.12 djm 539: .Ar oldpath
540: to
541: .Ar newpath .
1.38 fgsch 542: .It Ic version
543: Display the
544: .Nm
545: protocol version.
1.69 sobrado 546: .It Ic \&! Ns Ar command
1.21 itojun 547: Execute
1.1 djm 548: .Ar command
1.3 deraadt 549: in local shell.
1.45 jmc 550: .It Ic \&!
1.3 deraadt 551: Escape to local shell.
1.45 jmc 552: .It Ic \&?
1.5 stevesk 553: Synonym for help.
1.4 itojun 554: .El
1.1 djm 555: .Sh SEE ALSO
1.46 jmc 556: .Xr ftp 1 ,
1.60 jaredy 557: .Xr ls 1 ,
1.17 markus 558: .Xr scp 1 ,
1.1 djm 559: .Xr ssh 1 ,
560: .Xr ssh-add 1 ,
561: .Xr ssh-keygen 1 ,
1.60 jaredy 562: .Xr glob 3 ,
1.35 stevesk 563: .Xr ssh_config 5 ,
1.17 markus 564: .Xr sftp-server 8 ,
565: .Xr sshd 8
566: .Rs
1.20 deraadt 567: .%A T. Ylonen
568: .%A S. Lehtinen
1.17 markus 569: .%T "SSH File Transfer Protocol"
570: .%N draft-ietf-secsh-filexfer-00.txt
571: .%D January 2001
572: .%O work in progress material
573: .Re