Annotation of src/usr.bin/ssh/sftp.1, Revision 1.97
1.97 ! djm 1: .\" $OpenBSD: sftp.1,v 1.96 2013/10/17 07:35:48 jmc Exp $
1.1 djm 2: .\"
1.9 deraadt 3: .\" Copyright (c) 2001 Damien Miller. All rights reserved.
1.1 djm 4: .\"
5: .\" Redistribution and use in source and binary forms, with or without
6: .\" modification, are permitted provided that the following conditions
7: .\" are met:
8: .\" 1. Redistributions of source code must retain the above copyright
9: .\" notice, this list of conditions and the following disclaimer.
10: .\" 2. Redistributions in binary form must reproduce the above copyright
11: .\" notice, this list of conditions and the following disclaimer in the
12: .\" documentation and/or other materials provided with the distribution.
13: .\"
14: .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15: .\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16: .\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17: .\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
18: .\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19: .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20: .\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21: .\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22: .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23: .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24: .\"
1.96 jmc 25: .Dd $Mdocdate: October 17 2013 $
1.1 djm 26: .Dt SFTP 1
27: .Os
28: .Sh NAME
29: .Nm sftp
1.44 jmc 30: .Nd secure file transfer program
1.1 djm 31: .Sh SYNOPSIS
1.43 jmc 32: .Nm sftp
1.41 jmc 33: .Bk -words
1.95 djm 34: .Op Fl 1246aCfpqrv
1.46 jmc 35: .Op Fl B Ar buffer_size
1.29 markus 36: .Op Fl b Ar batchfile
1.70 djm 37: .Op Fl c Ar cipher
1.72 djm 38: .Op Fl D Ar sftp_server_path
1.46 jmc 39: .Op Fl F Ar ssh_config
1.73 jmc 40: .Op Fl i Ar identity_file
1.85 djm 41: .Op Fl l Ar limit
1.29 markus 42: .Op Fl o Ar ssh_option
1.72 djm 43: .Op Fl P Ar port
1.30 djm 44: .Op Fl R Ar num_requests
1.26 stevesk 45: .Op Fl S Ar program
1.46 jmc 46: .Op Fl s Ar subsystem | sftp_server
1.26 stevesk 47: .Ar host
1.41 jmc 48: .Ek
1.43 jmc 49: .Nm sftp
1.68 djm 50: .Oo Ar user Ns @ Oc Ns
51: .Ar host Ns Op : Ns Ar
1.43 jmc 52: .Nm sftp
1.84 jmc 53: .Oo
54: .Ar user Ns @ Oc Ns
1.41 jmc 55: .Ar host Ns Oo : Ns Ar dir Ns
1.84 jmc 56: .Op Ar /
57: .Oc
1.43 jmc 58: .Nm sftp
1.42 djm 59: .Fl b Ar batchfile
1.45 jmc 60: .Oo Ar user Ns @ Oc Ns Ar host
1.1 djm 61: .Sh DESCRIPTION
62: .Nm
63: is an interactive file transfer program, similar to
64: .Xr ftp 1 ,
65: which performs all operations over an encrypted
66: .Xr ssh 1
67: transport.
68: It may also use many features of ssh, such as public key authentication and
69: compression.
70: .Nm
71: connects and logs into the specified
1.18 stevesk 72: .Ar host ,
1.1 djm 73: then enters an interactive command mode.
1.15 mouring 74: .Pp
1.21 itojun 75: The second usage format will retrieve files automatically if a non-interactive
1.18 stevesk 76: authentication method is used; otherwise it will do so after
77: successful interactive authentication.
1.15 mouring 78: .Pp
1.60 jaredy 79: The third usage format allows
80: .Nm
81: to start in a remote directory.
1.1 djm 82: .Pp
1.44 jmc 83: The final usage format allows for automated sessions using the
1.42 djm 84: .Fl b
1.44 jmc 85: option.
1.62 jmc 86: In such cases, it is necessary to configure non-interactive authentication
1.44 jmc 87: to obviate the need to enter a password at connection time (see
1.42 djm 88: .Xr sshd 8
1.43 jmc 89: and
1.42 djm 90: .Xr ssh-keygen 1
1.44 jmc 91: for details).
1.89 djm 92: .Pp
93: Since some usage formats use colon characters to delimit host names from path
94: names, IPv6 addresses must be enclosed in square brackets to avoid ambiguity.
95: .Pp
1.1 djm 96: The options are as follows:
97: .Bl -tag -width Ds
1.46 jmc 98: .It Fl 1
99: Specify the use of protocol version 1.
1.70 djm 100: .It Fl 2
101: Specify the use of protocol version 2.
102: .It Fl 4
103: Forces
104: .Nm
105: to use IPv4 addresses only.
106: .It Fl 6
107: Forces
108: .Nm
109: to use IPv6 addresses only.
1.94 jmc 110: .It Fl a
111: Attempt to continue interrupted downloads rather than overwriting existing
112: partial or complete copies of files.
113: If the remote file contents differ from the partial local copy then the
114: resultant file is likely to be corrupt.
1.46 jmc 115: .It Fl B Ar buffer_size
116: Specify the size of the buffer that
117: .Nm
118: uses when transferring files.
119: Larger buffers require fewer round trips at the cost of higher
120: memory consumption.
121: The default is 32768 bytes.
1.10 deraadt 122: .It Fl b Ar batchfile
123: Batch mode reads a series of commands from an input
1.13 stevesk 124: .Ar batchfile
1.10 deraadt 125: instead of
1.13 stevesk 126: .Em stdin .
127: Since it lacks user interaction it should be used in conjunction with
1.51 jmc 128: non-interactive authentication.
1.50 djm 129: A
1.51 jmc 130: .Ar batchfile
131: of
132: .Sq \-
1.50 djm 133: may be used to indicate standard input.
1.13 stevesk 134: .Nm
1.21 itojun 135: will abort if any of the following
136: commands fail:
1.92 djm 137: .Ic get , put , reget , rename , ln ,
1.41 jmc 138: .Ic rm , mkdir , chdir , ls ,
1.66 jmc 139: .Ic lchdir , chmod , chown ,
1.88 djm 140: .Ic chgrp , lpwd , df , symlink ,
1.10 deraadt 141: and
1.13 stevesk 142: .Ic lmkdir .
1.41 jmc 143: Termination on error can be suppressed on a command by command basis by
144: prefixing the command with a
1.51 jmc 145: .Sq \-
1.44 jmc 146: character (for example,
147: .Ic -rm /tmp/blah* ) .
1.71 jmc 148: .It Fl C
149: Enables compression (via ssh's
150: .Fl C
151: flag).
1.70 djm 152: .It Fl c Ar cipher
153: Selects the cipher to use for encrypting the data transfers.
154: This option is directly passed to
155: .Xr ssh 1 .
1.72 djm 156: .It Fl D Ar sftp_server_path
157: Connect directly to a local sftp server
158: (rather than via
159: .Xr ssh 1 ) .
160: This option may be useful in debugging the client and server.
1.46 jmc 161: .It Fl F Ar ssh_config
162: Specifies an alternative
163: per-user configuration file for
164: .Xr ssh 1 .
165: This option is directly passed to
166: .Xr ssh 1 .
1.95 djm 167: .It Fl f
168: Requests that files be flushed to disk immediately after transfer.
169: When uploading files, this feature is only enabled if the server
170: implements the "fsync@openssh.com" extension.
1.70 djm 171: .It Fl i Ar identity_file
172: Selects the file from which the identity (private key) for public key
173: authentication is read.
174: This option is directly passed to
175: .Xr ssh 1 .
1.85 djm 176: .It Fl l Ar limit
177: Limits the used bandwidth, specified in Kbit/s.
1.1 djm 178: .It Fl o Ar ssh_option
1.23 stevesk 179: Can be used to pass options to
180: .Nm ssh
1.35 stevesk 181: in the format used in
182: .Xr ssh_config 5 .
183: This is useful for specifying options
1.23 stevesk 184: for which there is no separate
185: .Nm sftp
1.44 jmc 186: command-line flag.
187: For example, to specify an alternate port use:
1.26 stevesk 188: .Ic sftp -oPort=24 .
1.46 jmc 189: For full details of the options listed below, and their possible values, see
190: .Xr ssh_config 5 .
191: .Pp
192: .Bl -tag -width Ds -offset indent -compact
193: .It AddressFamily
194: .It BatchMode
195: .It BindAddress
1.97 ! djm 196: .It CanonicalDomains
! 197: .It CanonicalizeFallbackLocal
! 198: .It CanonicalizeHostname
! 199: .It CanonicalizeMaxDots
! 200: .It CanonicalizePermittedCNAMEs
1.46 jmc 201: .It ChallengeResponseAuthentication
202: .It CheckHostIP
203: .It Cipher
204: .It Ciphers
205: .It Compression
206: .It CompressionLevel
207: .It ConnectionAttempts
1.54 dtucker 208: .It ConnectTimeout
1.55 djm 209: .It ControlMaster
210: .It ControlPath
1.91 djm 211: .It ControlPersist
1.46 jmc 212: .It GlobalKnownHostsFile
213: .It GSSAPIAuthentication
214: .It GSSAPIDelegateCredentials
1.61 jmc 215: .It HashKnownHosts
1.46 jmc 216: .It Host
217: .It HostbasedAuthentication
218: .It HostKeyAlgorithms
219: .It HostKeyAlias
220: .It HostName
221: .It IdentityFile
1.52 markus 222: .It IdentitiesOnly
1.87 jmc 223: .It IPQoS
1.91 djm 224: .It KbdInteractiveAuthentication
1.58 djm 225: .It KbdInteractiveDevices
1.86 jmc 226: .It KexAlgorithms
1.46 jmc 227: .It LogLevel
228: .It MACs
229: .It NoHostAuthenticationForLocalhost
230: .It NumberOfPasswordPrompts
231: .It PasswordAuthentication
1.83 markus 232: .It PKCS11Provider
1.46 jmc 233: .It Port
234: .It PreferredAuthentications
235: .It Protocol
236: .It ProxyCommand
237: .It PubkeyAuthentication
1.63 dtucker 238: .It RekeyLimit
1.46 jmc 239: .It RhostsRSAAuthentication
240: .It RSAAuthentication
1.53 jmc 241: .It SendEnv
1.49 markus 242: .It ServerAliveInterval
243: .It ServerAliveCountMax
1.46 jmc 244: .It StrictHostKeyChecking
1.48 markus 245: .It TCPKeepAlive
1.46 jmc 246: .It UsePrivilegedPort
247: .It User
248: .It UserKnownHostsFile
249: .It VerifyHostKeyDNS
250: .El
1.72 djm 251: .It Fl P Ar port
252: Specifies the port to connect to on the remote host.
1.74 djm 253: .It Fl p
254: Preserves modification times, access times, and modes from the
255: original files transferred.
1.70 djm 256: .It Fl q
257: Quiet mode: disables the progress meter as well as warning and
258: diagnostic messages from
259: .Xr ssh 1 .
1.30 djm 260: .It Fl R Ar num_requests
1.44 jmc 261: Specify how many requests may be outstanding at any one time.
262: Increasing this may slightly improve file transfer speed
263: but will increase memory usage.
1.67 djm 264: The default is 64 outstanding requests.
1.74 djm 265: .It Fl r
266: Recursively copy entire directories when uploading and downloading.
267: Note that
268: .Nm
269: does not follow symbolic links encountered in the tree traversal.
1.26 stevesk 270: .It Fl S Ar program
271: Name of the
272: .Ar program
273: to use for the encrypted connection.
274: The program must understand
275: .Xr ssh 1
276: options.
1.46 jmc 277: .It Fl s Ar subsystem | sftp_server
278: Specifies the SSH2 subsystem or the path for an sftp server
279: on the remote host.
280: A path is useful for using
281: .Nm
282: over protocol version 1, or when the remote
283: .Xr sshd 8
284: does not have an sftp subsystem configured.
285: .It Fl v
286: Raise logging level.
287: This option is also passed to ssh.
1.1 djm 288: .El
289: .Sh INTERACTIVE COMMANDS
1.2 djm 290: Once in interactive mode,
291: .Nm
1.21 itojun 292: understands a set of commands similar to those of
1.1 djm 293: .Xr ftp 1 .
1.60 jaredy 294: Commands are case insensitive.
295: Pathnames that contain spaces must be enclosed in quotes.
296: Any special characters contained within pathnames that are recognized by
297: .Xr glob 3
298: must be escaped with backslashes
299: .Pq Sq \e .
300: .Bl -tag -width Ds
1.22 markus 301: .It Ic bye
1.44 jmc 302: Quit
303: .Nm sftp .
1.3 deraadt 304: .It Ic cd Ar path
1.21 itojun 305: Change remote directory to
1.3 deraadt 306: .Ar path .
307: .It Ic chgrp Ar grp Ar path
1.21 itojun 308: Change group of file
1.5 stevesk 309: .Ar path
310: to
1.1 djm 311: .Ar grp .
1.60 jaredy 312: .Ar path
313: may contain
314: .Xr glob 3
315: characters and may match multiple files.
1.1 djm 316: .Ar grp
1.5 stevesk 317: must be a numeric GID.
1.3 deraadt 318: .It Ic chmod Ar mode Ar path
1.21 itojun 319: Change permissions of file
1.5 stevesk 320: .Ar path
321: to
1.3 deraadt 322: .Ar mode .
1.60 jaredy 323: .Ar path
324: may contain
325: .Xr glob 3
326: characters and may match multiple files.
1.3 deraadt 327: .It Ic chown Ar own Ar path
1.21 itojun 328: Change owner of file
1.5 stevesk 329: .Ar path
330: to
1.1 djm 331: .Ar own .
1.60 jaredy 332: .Ar path
333: may contain
334: .Xr glob 3
335: characters and may match multiple files.
1.1 djm 336: .Ar own
337: must be a numeric UID.
1.65 djm 338: .It Xo Ic df
339: .Op Fl hi
340: .Op Ar path
341: .Xc
342: Display usage information for the filesystem holding the current directory
343: (or
344: .Ar path
345: if specified).
346: If the
347: .Fl h
348: flag is specified, the capacity information will be displayed using
349: "human-readable" suffixes.
350: The
351: .Fl i
352: flag requests display of inode information in addition to capacity information.
353: This command is only supported on servers that implement the
354: .Dq statvfs@openssh.com
355: extension.
1.11 deraadt 356: .It Ic exit
1.44 jmc 357: Quit
358: .Nm sftp .
1.7 djm 359: .It Xo Ic get
1.95 djm 360: .Op Fl afPpr
1.7 djm 361: .Ar remote-path
362: .Op Ar local-path
363: .Xc
1.1 djm 364: Retrieve the
1.5 stevesk 365: .Ar remote-path
1.1 djm 366: and store it on the local machine.
367: If the local
1.21 itojun 368: path name is not specified, it is given the same name it has on the
1.44 jmc 369: remote machine.
1.60 jaredy 370: .Ar remote-path
371: may contain
372: .Xr glob 3
373: characters and may match multiple files.
374: If it does and
375: .Ar local-path
376: is specified, then
377: .Ar local-path
378: must specify a directory.
1.74 djm 379: .Pp
1.92 djm 380: If the
381: .Fl a
382: flag is specified, then attempt to resume partial transfers of existing files.
383: Note that resumption assumes that any partial copy of the local file matches
384: the remote copy.
1.93 djm 385: If the remote file contents differ from the partial local copy then the
386: resultant file is likely to be corrupt.
1.92 djm 387: .Pp
1.95 djm 388: If the
389: .Fl f
390: flag is specified, then
391: .Xr fsync 2
1.96 jmc 392: will be called after the file transfer has completed to flush the file
1.95 djm 393: to disk.
394: .Pp
1.76 jmc 395: If either the
1.75 djm 396: .Fl P
1.74 djm 397: or
398: .Fl p
1.60 jaredy 399: flag is specified, then full file permissions and access times are
1.7 djm 400: copied too.
1.74 djm 401: .Pp
402: If the
403: .Fl r
404: flag is specified then directories will be copied recursively.
405: Note that
406: .Nm
407: does not follow symbolic links when performing recursive transfers.
1.11 deraadt 408: .It Ic help
409: Display help text.
1.46 jmc 410: .It Ic lcd Ar path
411: Change local directory to
412: .Ar path .
1.3 deraadt 413: .It Ic lls Op Ar ls-options Op Ar path
1.21 itojun 414: Display local directory listing of either
1.1 djm 415: .Ar path
416: or current directory if
417: .Ar path
1.5 stevesk 418: is not specified.
1.60 jaredy 419: .Ar ls-options
420: may contain any flags supported by the local system's
421: .Xr ls 1
422: command.
423: .Ar path
424: may contain
425: .Xr glob 3
426: characters and may match multiple files.
1.3 deraadt 427: .It Ic lmkdir Ar path
1.1 djm 428: Create local directory specified by
1.3 deraadt 429: .Ar path .
1.88 djm 430: .It Xo Ic ln
431: .Op Fl s
432: .Ar oldpath
433: .Ar newpath
434: .Xc
435: Create a link from
1.12 djm 436: .Ar oldpath
437: to
438: .Ar newpath .
1.88 djm 439: If the
440: .Fl s
441: flag is specified the created link is a symbolic link, otherwise it is
442: a hard link.
1.3 deraadt 443: .It Ic lpwd
444: Print local working directory.
1.36 djm 445: .It Xo Ic ls
1.82 jmc 446: .Op Fl 1afhlnrSt
1.36 djm 447: .Op Ar path
448: .Xc
1.60 jaredy 449: Display a remote directory listing of either
1.1 djm 450: .Ar path
1.60 jaredy 451: or the current directory if
1.5 stevesk 452: .Ar path
1.44 jmc 453: is not specified.
1.60 jaredy 454: .Ar path
455: may contain
456: .Xr glob 3
457: characters and may match multiple files.
458: .Pp
459: The following flags are recognized and alter the behaviour of
460: .Ic ls
461: accordingly:
462: .Bl -tag -width Ds
463: .It Fl 1
464: Produce single columnar output.
465: .It Fl a
466: List files beginning with a dot
467: .Pq Sq \&. .
468: .It Fl f
469: Do not sort the listing.
470: The default sort order is lexicographical.
1.81 djm 471: .It Fl h
472: When used with a long format option, use unit suffixes: Byte, Kilobyte,
473: Megabyte, Gigabyte, Terabyte, Petabyte, and Exabyte in order to reduce
474: the number of digits to four or fewer using powers of 2 for sizes (K=1024,
475: M=1048576, etc.).
1.82 jmc 476: .It Fl l
477: Display additional details including permissions
478: and ownership information.
1.60 jaredy 479: .It Fl n
480: Produce a long listing with user and group information presented
1.56 djm 481: numerically.
1.60 jaredy 482: .It Fl r
483: Reverse the sort order of the listing.
484: .It Fl S
485: Sort the listing by file size.
486: .It Fl t
487: Sort the listing by last modification time.
488: .El
1.3 deraadt 489: .It Ic lumask Ar umask
1.21 itojun 490: Set local umask to
1.3 deraadt 491: .Ar umask .
492: .It Ic mkdir Ar path
1.1 djm 493: Create remote directory specified by
1.3 deraadt 494: .Ar path .
1.40 fgsch 495: .It Ic progress
496: Toggle display of progress meter.
1.7 djm 497: .It Xo Ic put
1.95 djm 498: .Op Fl fPpr
1.7 djm 499: .Ar local-path
1.37 djm 500: .Op Ar remote-path
1.7 djm 501: .Xc
1.1 djm 502: Upload
1.5 stevesk 503: .Ar local-path
1.44 jmc 504: and store it on the remote machine.
505: If the remote path name is not specified, it is given the same name it has
506: on the local machine.
1.60 jaredy 507: .Ar local-path
508: may contain
509: .Xr glob 3
510: characters and may match multiple files.
511: If it does and
512: .Ar remote-path
513: is specified, then
514: .Ar remote-path
515: must specify a directory.
1.95 djm 516: .Pp
517: If the
518: .Fl f
519: flag is specified, then a request will be sent to the server to call
520: .Xr fsync 2
521: after the file has been transferred.
522: Note that this is only supported by servers that implement
523: the "fsync@openssh.com" extension.
1.74 djm 524: .Pp
1.90 dtucker 525: If either the
1.7 djm 526: .Fl P
1.74 djm 527: or
528: .Fl p
529: flag is specified, then full file permissions and access times are
1.7 djm 530: copied too.
1.74 djm 531: .Pp
532: If the
533: .Fl r
534: flag is specified then directories will be copied recursively.
535: Note that
536: .Nm
537: does not follow symbolic links when performing recursive transfers.
1.3 deraadt 538: .It Ic pwd
539: Display remote working directory.
540: .It Ic quit
1.44 jmc 541: Quit
542: .Nm sftp .
1.92 djm 543: .It Xo Ic reget
544: .Op Fl Ppr
545: .Ar remote-path
546: .Op Ar local-path
547: .Xc
548: Resume download of
549: .Ar remote-path .
550: Equivalent to
551: .Ic get
552: with the
553: .Fl a
554: flag set.
1.3 deraadt 555: .It Ic rename Ar oldpath Ar newpath
1.1 djm 556: Rename remote file from
557: .Ar oldpath
558: to
1.3 deraadt 559: .Ar newpath .
1.46 jmc 560: .It Ic rm Ar path
561: Delete remote file specified by
562: .Ar path .
1.3 deraadt 563: .It Ic rmdir Ar path
1.1 djm 564: Remove remote directory specified by
1.3 deraadt 565: .Ar path .
1.12 djm 566: .It Ic symlink Ar oldpath Ar newpath
1.21 itojun 567: Create a symbolic link from
1.12 djm 568: .Ar oldpath
569: to
570: .Ar newpath .
1.38 fgsch 571: .It Ic version
572: Display the
573: .Nm
574: protocol version.
1.69 sobrado 575: .It Ic \&! Ns Ar command
1.21 itojun 576: Execute
1.1 djm 577: .Ar command
1.3 deraadt 578: in local shell.
1.45 jmc 579: .It Ic \&!
1.3 deraadt 580: Escape to local shell.
1.45 jmc 581: .It Ic \&?
1.5 stevesk 582: Synonym for help.
1.4 itojun 583: .El
1.1 djm 584: .Sh SEE ALSO
1.46 jmc 585: .Xr ftp 1 ,
1.60 jaredy 586: .Xr ls 1 ,
1.17 markus 587: .Xr scp 1 ,
1.1 djm 588: .Xr ssh 1 ,
589: .Xr ssh-add 1 ,
590: .Xr ssh-keygen 1 ,
1.60 jaredy 591: .Xr glob 3 ,
1.35 stevesk 592: .Xr ssh_config 5 ,
1.17 markus 593: .Xr sftp-server 8 ,
594: .Xr sshd 8
595: .Rs
1.20 deraadt 596: .%A T. Ylonen
597: .%A S. Lehtinen
1.17 markus 598: .%T "SSH File Transfer Protocol"
599: .%N draft-ietf-secsh-filexfer-00.txt
600: .%D January 2001
601: .%O work in progress material
602: .Re