1 .\" $OpenBSD: sftp.1,v 1.142 2022/09/19 21:39:16 djm Exp $
3 .\" Copyright (c) 2001 Damien Miller. All rights reserved.
5 .\" Redistribution and use in source and binary forms, with or without
6 .\" modification, are permitted provided that the following conditions
8 .\" 1. Redistributions of source code must retain the above copyright
9 .\" notice, this list of conditions and the following disclaimer.
10 .\" 2. Redistributions in binary form must reproduce the above copyright
11 .\" notice, this list of conditions and the following disclaimer in the
12 .\" documentation and/or other materials provided with the distribution.
14 .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15 .\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16 .\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17 .\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
18 .\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19 .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20 .\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21 .\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25 .Dd $Mdocdate: September 19 2022 $
30 .Nd OpenSSH secure file transfer
34 .Op Fl B Ar buffer_size
37 .Op Fl D Ar sftp_server_command
38 .Op Fl F Ar ssh_config
39 .Op Fl i Ar identity_file
40 .Op Fl J Ar destination
42 .Op Fl o Ar ssh_option
44 .Op Fl R Ar num_requests
46 .Op Fl s Ar subsystem | sftp_server
50 is a file transfer program, similar to
52 which performs all operations over an encrypted
55 It may also use many features of ssh, such as public key authentication and
60 may be specified either as
62 .Oo user @ Oc host Op : path
64 or as a URI in the form
66 .No sftp:// Oo user @ Oc host Oo : port Oc Op / path .
73 and it is not a directory,
75 will retrieve files automatically if a non-interactive
76 authentication method is used; otherwise it will do so after
77 successful interactive authentication.
81 is specified, or if the
85 will log in to the specified
87 and enter interactive command mode, changing to the remote directory
89 An optional trailing slash can be used to force the
91 to be interpreted as a directory.
93 Since the destination formats use colon characters to delimit host
94 names from path names or port numbers, IPv6 addresses must be
95 enclosed in square brackets to avoid ambiguity.
97 The options are as follows:
102 to use IPv4 addresses only.
106 to use IPv6 addresses only.
110 to the remote system.
111 The default is not to forward an authentication agent.
113 Attempt to continue interrupted transfers rather than overwriting
114 existing partial or complete copies of files.
115 If the partial contents differ from those being transferred,
116 then the resultant file is likely to be corrupt.
117 .It Fl B Ar buffer_size
118 Specify the size of the buffer that
120 uses when transferring files.
121 Larger buffers require fewer round trips at the cost of higher
123 The default is 32768 bytes.
124 .It Fl b Ar batchfile
125 Batch mode reads a series of commands from an input
129 Since it lacks user interaction, it should be used in conjunction with
130 non-interactive authentication to obviate the need to enter a password
131 at connection time (see
141 may be used to indicate standard input.
143 will abort if any of the following
145 .Ic get , put , reget , reput , rename , ln ,
146 .Ic rm , mkdir , chdir , ls ,
147 .Ic lchdir , copy , cp , chmod , chown ,
148 .Ic chgrp , lpwd , df , symlink ,
152 Termination on error can be suppressed on a command by command basis by
153 prefixing the command with a
155 character (for example,
156 .Ic -rm /tmp/blah* ) .
157 Echo of the command may be suppressed by prefixing the command with a
160 These two prefixes may be combined in any order, for example
163 Enables compression (via ssh's
167 Selects the cipher to use for encrypting the data transfers.
168 This option is directly passed to
170 .It Fl D Ar sftp_server_command
171 Connect directly to a local sftp server
174 A command and arguments may be specified, for example
175 .Qq /path/sftp-server -el debug3 .
176 This option may be useful in debugging the client and server.
177 .It Fl F Ar ssh_config
178 Specifies an alternative
179 per-user configuration file for
181 This option is directly passed to
184 Requests that files be flushed to disk immediately after transfer.
185 When uploading files, this feature is only enabled if the server
186 implements the "fsync@openssh.com" extension.
187 .It Fl i Ar identity_file
188 Selects the file from which the identity (private key) for public key
189 authentication is read.
190 This option is directly passed to
192 .It Fl J Ar destination
193 Connect to the target host by first making an
195 connection to the jump host described by
197 and then establishing a TCP forwarding to the ultimate destination from
199 Multiple jump hops may be specified separated by comma characters.
200 This is a shortcut to specify a
202 configuration directive.
203 This option is directly passed to
206 Limits the used bandwidth, specified in Kbit/s.
208 Disables quiet mode, e.g. to override the implicit quiet mode set by the
211 .It Fl o Ar ssh_option
212 Can be used to pass options to
214 in the format used in
216 This is useful for specifying options
217 for which there is no separate
220 For example, to specify an alternate port use:
222 For full details of the options listed below, and their possible values, see
225 .Bl -tag -width Ds -offset indent -compact
231 .It CanonicalizeFallbackLocal
232 .It CanonicalizeHostname
233 .It CanonicalizeMaxDots
234 .It CanonicalizePermittedCNAMEs
235 .It CASignatureAlgorithms
240 .It ConnectionAttempts
245 .It GlobalKnownHostsFile
246 .It GSSAPIAuthentication
247 .It GSSAPIDelegateCredentials
250 .It HostbasedAcceptedAlgorithms
251 .It HostbasedAuthentication
252 .It HostKeyAlgorithms
259 .It KbdInteractiveAuthentication
260 .It KbdInteractiveDevices
262 .It KnownHostsCommand
265 .It NoHostAuthenticationForLocalhost
266 .It NumberOfPasswordPrompts
267 .It PasswordAuthentication
270 .It PreferredAuthentications
273 .It PubkeyAcceptedAlgorithms
274 .It PubkeyAuthentication
278 .It ServerAliveInterval
279 .It ServerAliveCountMax
281 .It StrictHostKeyChecking
285 .It UserKnownHostsFile
289 Specifies the port to connect to on the remote host.
291 Preserves modification times, access times, and modes from the
292 original files transferred.
294 Quiet mode: disables the progress meter as well as warning and
295 diagnostic messages from
297 .It Fl R Ar num_requests
298 Specify how many requests may be outstanding at any one time.
299 Increasing this may slightly improve file transfer speed
300 but will increase memory usage.
301 The default is 64 outstanding requests.
303 Recursively copy entire directories when uploading and downloading.
306 does not follow symbolic links encountered in the tree traversal.
310 to use for the encrypted connection.
311 The program must understand
314 .It Fl s Ar subsystem | sftp_server
315 Specifies the SSH2 subsystem or the path for an sftp server
317 A path is useful when the remote
319 does not have an sftp subsystem configured.
322 This option is also passed to ssh.
324 .Sh INTERACTIVE COMMANDS
325 Once in interactive mode,
327 understands a set of commands similar to those of
329 Commands are case insensitive.
330 Pathnames that contain spaces must be enclosed in quotes.
331 Any special characters contained within pathnames that are recognized by
333 must be escaped with backslashes
340 Change remote directory to
344 is not specified, then change directory to the one the session started in.
357 characters and may match multiple files.
359 must be a numeric GID.
363 flag is specified, then symlinks will not be followed.
364 Note that this is only supported by servers that implement
365 the "lsetstat@openssh.com" extension.
371 Change permissions of file
378 characters and may match multiple files.
382 flag is specified, then symlinks will not be followed.
383 Note that this is only supported by servers that implement
384 the "lsetstat@openssh.com" extension.
397 characters and may match multiple files.
399 must be a numeric UID.
403 flag is specified, then symlinks will not be followed.
404 Note that this is only supported by servers that implement
405 the "lsetstat@openssh.com" extension.
406 .It Ic copy Ar oldpath Ar newpath
407 Copy remote file from
412 Note that this is only supported by servers that implement the "copy-data"
414 .It Ic cp Ar oldpath Ar newpath
422 Display usage information for the filesystem holding the current directory
428 flag is specified, the capacity information will be displayed using
429 "human-readable" suffixes.
432 flag requests display of inode information in addition to capacity information.
433 This command is only supported on servers that implement the
434 .Dq statvfs@openssh.com
446 and store it on the local machine.
448 path name is not specified, it is given the same name it has on the
453 characters and may match multiple files.
458 must specify a directory.
462 flag is specified, then attempt to resume partial transfers of existing files.
463 Note that resumption assumes that any partial copy of the local file matches
465 If the remote file contents differ from the partial local copy then the
466 resultant file is likely to be corrupt.
470 flag is specified, then
472 will be called after the file transfer has completed to flush the file
477 .\" undocumented redundant alias
480 flag is specified, then full file permissions and access times are
485 .\" undocumented redundant alias
488 flag is specified then directories will be copied recursively.
491 does not follow symbolic links when performing recursive transfers.
494 .It Ic lcd Op Ar path
495 Change local directory to
499 is not specified, then change directory to the local user's home directory.
500 .It Ic lls Op Ar ls-options Op Ar path
501 Display local directory listing of either
503 or current directory if
507 may contain any flags supported by the local system's
513 characters and may match multiple files.
514 .It Ic lmkdir Ar path
515 Create local directory specified by
528 flag is specified the created link is a symbolic link, otherwise it is
531 Print local working directory.
536 Display a remote directory listing of either
538 or the current directory if
544 characters and may match multiple files.
546 The following flags are recognized and alter the behaviour of
551 Produce single columnar output.
553 List files beginning with a dot
556 Do not sort the listing.
557 The default sort order is lexicographical.
559 When used with a long format option, use unit suffixes: Byte, Kilobyte,
560 Megabyte, Gigabyte, Terabyte, Petabyte, and Exabyte in order to reduce
561 the number of digits to four or fewer using powers of 2 for sizes (K=1024,
564 Display additional details including permissions
565 and ownership information.
567 Produce a long listing with user and group information presented
570 Reverse the sort order of the listing.
572 Sort the listing by file size.
574 Sort the listing by last modification time.
576 .It Ic lumask Ar umask
580 Create remote directory specified by
583 Toggle display of progress meter.
591 and store it on the remote machine.
592 If the remote path name is not specified, it is given the same name it has
593 on the local machine.
597 characters and may match multiple files.
602 must specify a directory.
606 flag is specified, then attempt to resume partial
607 transfers of existing files.
608 Note that resumption assumes that any partial copy of the remote file
609 matches the local copy.
610 If the local file contents differ from the remote local copy then
611 the resultant file is likely to be corrupt.
615 flag is specified, then a request will be sent to the server to call
617 after the file has been transferred.
618 Note that this is only supported by servers that implement
619 the "fsync@openssh.com" extension.
623 .\" undocumented redundant alias
626 flag is specified, then full file permissions and access times are
631 .\" undocumented redundant alias
634 flag is specified then directories will be copied recursively.
637 does not follow symbolic links when performing recursive transfers.
639 Display remote working directory.
667 .It Ic rename Ar oldpath newpath
668 Rename remote file from
673 Delete remote file specified by
676 Remove remote directory specified by
678 .It Ic symlink Ar oldpath newpath
679 Create a symbolic link from
687 .It Ic \&! Ns Ar command
692 Escape to local shell.
710 .%T "SSH File Transfer Protocol"
711 .%N draft-ietf-secsh-filexfer-00.txt
713 .%O work in progress material