1SFTP(1) BSD General Commands Manual SFTP(1)
2
4 sftp — OpenSSH secure file transfer
5
7 sftp [-46AaCfNpqrv] [-B buffer_size] [-b batchfile] [-c cipher]
8 [-D sftp_server_command] [-F ssh_config] [-i identity_file]
9 [-J destination] [-l limit] [-o ssh_option] [-P port]
10 [-R num_requests] [-S program] [-s subsystem | sftp_server]
11 [-X sftp_option] destination
12
14 sftp is a file transfer program, similar to ftp(1), which performs all
15 operations over an encrypted ssh(1) transport. It may also use many fea‐
16 tures of ssh, such as public key authentication and compression.
17 The destination may be specified either as [user@]host[:path] or as a URI
19 in the form sftp://[user@]host[:port][/path].
20 If the destination includes a path and it is not a directory, sftp will
22 retrieve files automatically if a non-interactive authentication method
23 is used; otherwise it will do so after successful interactive authentica‐
24 tion.
25 If no path is specified, or if the path is a directory, sftp will log in
27 to the specified host and enter interactive command mode, changing to the
28 remote directory if one was specified. An optional trailing slash can be
29 used to force the path to be interpreted as a directory.
30 Since the destination formats use colon characters to delimit host names
32 from path names or port numbers, IPv6 addresses must be enclosed in
33 square brackets to avoid ambiguity.
34 The options are as follows:
36 -4 Forces sftp to use IPv4 addresses only.
38 -6 Forces sftp to use IPv6 addresses only.
40 -A Allows forwarding of ssh-agent(1) to the remote system. The de‐
42 fault is not to forward an authentication agent.
43 -a Attempt to continue interrupted transfers rather than overwriting
45 existing partial or complete copies of files. If the partial
46 contents differ from those being transferred, then the resultant
47 file is likely to be corrupt.
48 -B buffer_size
50 Specify the size of the buffer that sftp uses when transferring
51 files. Larger buffers require fewer round trips at the cost of
52 higher memory consumption. The default is 32768 bytes.
53 -b batchfile
55 Batch mode reads a series of commands from an input batchfile in‐
56 stead of stdin. Since it lacks user interaction, it should be
57 used in conjunction with non-interactive authentication to obvi‐
58 ate the need to enter a password at connection time (see sshd(8)
59 and ssh-keygen(1) for details).
60 A batchfile of ‘-’ may be used to indicate standard input. sftp
62 will abort if any of the following commands fail: get, put,
63 reget, reput, rename, ln, rm, mkdir, chdir, ls, lchdir, copy, cp,
64 chmod, chown, chgrp, lpwd, df, symlink, and lmkdir.
65 Termination on error can be suppressed on a command by command
67 basis by prefixing the command with a ‘-’ character (for example,
68 -rm /tmp/blah*). Echo of the command may be suppressed by pre‐
69 fixing the command with a ‘@’ character. These two prefixes may
70 be combined in any order, for example -@ls /bsd.
71 -C Enables compression (via ssh's -C flag).
73 -c cipher
75 Selects the cipher to use for encrypting the data transfers.
76 This option is directly passed to ssh(1).
77 -D sftp_server_command
79 Connect directly to a local sftp server (rather than via ssh(1)).
80 A command and arguments may be specified, for example
81 "/path/sftp-server -el debug3". This option may be useful in de‐
82 bugging the client and server.
83 -F ssh_config
85 Specifies an alternative per-user configuration file for ssh(1).
86 This option is directly passed to ssh(1).
87 -f Requests that files be flushed to disk immediately after trans‐
89 fer. When uploading files, this feature is only enabled if the
90 server implements the "fsync@openssh.com" extension.
91 -i identity_file
93 Selects the file from which the identity (private key) for public
94 key authentication is read. This option is directly passed to
95 ssh(1).
96 -J destination
98 Connect to the target host by first making an sftp connection to
99 the jump host described by destination and then establishing a
100 TCP forwarding to the ultimate destination from there. Multiple
101 jump hops may be specified separated by comma characters. This
102 is a shortcut to specify a ProxyJump configuration directive.
103 This option is directly passed to ssh(1).
104 -l limit
106 Limits the used bandwidth, specified in Kbit/s.
107 -N Disables quiet mode, e.g. to override the implicit quiet mode set
109 by the -b flag.
110 -o ssh_option
112 Can be used to pass options to ssh in the format used in
113 ssh_config(5). This is useful for specifying options for which
114 there is no separate sftp command-line flag. For example, to
115 specify an alternate port use: sftp -oPort=24. For full details
116 of the options listed below, and their possible values, see
117 ssh_config(5).
118 AddressFamily
120 BatchMode
121 BindAddress
122 BindInterface
123 CanonicalDomains
124 CanonicalizeFallbackLocal
125 CanonicalizeHostname
126 CanonicalizeMaxDots
127 CanonicalizePermittedCNAMEs
128 CASignatureAlgorithms
129 CertificateFile
130 CheckHostIP
131 Ciphers
132 Compression
133 ConnectionAttempts
134 ConnectTimeout
135 ControlMaster
136 ControlPath
137 ControlPersist
138 GlobalKnownHostsFile
139 GSSAPIAuthentication
140 GSSAPIDelegateCredentials
141 HashKnownHosts
142 Host
143 HostbasedAcceptedAlgorithms
144 HostbasedAuthentication
145 HostKeyAlgorithms
146 HostKeyAlias
147 Hostname
148 IdentitiesOnly
149 IdentityAgent
150 IdentityFile
151 IPQoS
152 KbdInteractiveAuthentication
153 KbdInteractiveDevices
154 KexAlgorithms
155 KnownHostsCommand
156 LogLevel
157 MACs
158 NoHostAuthenticationForLocalhost
159 NumberOfPasswordPrompts
160 PasswordAuthentication
161 PKCS11Provider
162 Port
163 PreferredAuthentications
164 ProxyCommand
165 ProxyJump
166 PubkeyAcceptedAlgorithms
167 PubkeyAuthentication
168 RekeyLimit
169 RequiredRSASize
170 SendEnv
171 ServerAliveInterval
172 ServerAliveCountMax
173 SetEnv
174 StrictHostKeyChecking
175 TCPKeepAlive
176 UpdateHostKeys
177 User
178 UserKnownHostsFile
179 VerifyHostKeyDNS
180 -P port
182 Specifies the port to connect to on the remote host.
183 -p Preserves modification times, access times, and modes from the
185 original files transferred.
186 -q Quiet mode: disables the progress meter as well as warning and
188 diagnostic messages from ssh(1).
189 -R num_requests
191 Specify how many requests may be outstanding at any one time.
192 Increasing this may slightly improve file transfer speed but will
193 increase memory usage. The default is 256 outstanding requests
194 providing for 8MB of outstanding data with a 32KB buffer.
195 -r Recursively copy entire directories when uploading and download‐
197 ing. Note that sftp does not follow symbolic links encountered
198 in the tree traversal.
199 -S program
201 Name of the program to use for the encrypted connection. The
202 program must understand ssh(1) options.
203 -s subsystem | sftp_server
205 Specifies the SSH2 subsystem or the path for an sftp server on
206 the remote host. A path is useful when the remote sshd(8) does
207 not have an sftp subsystem configured.
208 -v Raise logging level. This option is also passed to ssh.
210 -X sftp_option
212 Specify an option that controls aspects of SFTP protocol behav‐
213 iour. The valid options are:
214 nrequests=value
216 Controls how many concurrent SFTP read or write requests
217 may be in progress at any point in time during a download
218 or upload. By default 64 requests may be active concur‐
219 rently.
220 buffer=value
222 Controls the maximum buffer size for a single SFTP
223 read/write operation used during download or upload. By
224 default a 32KB buffer is used.
225
227 Once in interactive mode, sftp understands a set of commands similar to
228 those of ftp(1). Commands are case insensitive. Pathnames that contain
229 spaces must be enclosed in quotes. Any special characters contained
230 within pathnames that are recognized by glob(3) must be escaped with
231 backslashes (‘\’).
232 bye Quit sftp.
234 cd [path]
236 Change remote directory to path. If path is not specified, then
237 change directory to the one the session started in.
238 chgrp [-h] grp path
240 Change group of file path to grp. path may contain glob(7) char‐
241 acters and may match multiple files. grp must be a numeric GID.
242 If the -h flag is specified, then symlinks will not be followed.
244 Note that this is only supported by servers that implement the
245 "lsetstat@openssh.com" extension.
246 chmod [-h] mode path
248 Change permissions of file path to mode. path may contain
249 glob(7) characters and may match multiple files.
250 If the -h flag is specified, then symlinks will not be followed.
252 Note that this is only supported by servers that implement the
253 "lsetstat@openssh.com" extension.
254 chown [-h] own path
256 Change owner of file path to own. path may contain glob(7) char‐
257 acters and may match multiple files. own must be a numeric UID.
258 If the -h flag is specified, then symlinks will not be followed.
260 Note that this is only supported by servers that implement the
261 "lsetstat@openssh.com" extension.
262 copy oldpath newpath
264 Copy remote file from oldpath to newpath.
265 Note that this is only supported by servers that implement the
267 "copy-data" extension.
268 cp oldpath newpath
270 Alias to copy command.
271 df [-hi] [path]
273 Display usage information for the filesystem holding the current
274 directory (or path if specified). If the -h flag is specified,
275 the capacity information will be displayed using "human-readable"
276 suffixes. The -i flag requests display of inode information in
277 addition to capacity information. This command is only supported
278 on servers that implement the “statvfs@openssh.com” extension.
279 exit Quit sftp.
281 get [-afpR] remote-path [local-path]
283 Retrieve the remote-path and store it on the local machine. If
284 the local path name is not specified, it is given the same name
285 it has on the remote machine. remote-path may contain glob(7)
286 characters and may match multiple files. If it does and
287 local-path is specified, then local-path must specify a direc‐
288 tory.
289 If the -a flag is specified, then attempt to resume partial
291 transfers of existing files. Note that resumption assumes that
292 any partial copy of the local file matches the remote copy. If
293 the remote file contents differ from the partial local copy then
294 the resultant file is likely to be corrupt.
295 If the -f flag is specified, then fsync(2) will be called after
297 the file transfer has completed to flush the file to disk.
298 If the -p flag is specified, then full file permissions and ac‐
300 cess times are copied too.
301 If the -R flag is specified then directories will be copied re‐
303 cursively. Note that sftp does not follow symbolic links when
304 performing recursive transfers.
305 help Display help text.
307 lcd [path]
309 Change local directory to path. If path is not specified, then
310 change directory to the local user's home directory.
311 lls [ls-options [path]]
313 Display local directory listing of either path or current direc‐
314 tory if path is not specified. ls-options may contain any flags
315 supported by the local system's ls(1) command. path may contain
316 glob(7) characters and may match multiple files.
317 lmkdir path
319 Create local directory specified by path.
320 ln [-s] oldpath newpath
322 Create a link from oldpath to newpath. If the -s flag is speci‐
323 fied the created link is a symbolic link, otherwise it is a hard
324 link.
325 lpwd Print local working directory.
327 ls [-1afhlnrSt] [path]
329 Display a remote directory listing of either path or the current
330 directory if path is not specified. path may contain glob(7)
331 characters and may match multiple files.
332 The following flags are recognized and alter the behaviour of ls
334 accordingly:
335 -1 Produce single columnar output.
337 -a List files beginning with a dot (‘.’).
339 -f Do not sort the listing. The default sort order is lexi‐
341 cographical.
342 -h When used with a long format option, use unit suffixes:
344 Byte, Kilobyte, Megabyte, Gigabyte, Terabyte, Petabyte,
345 and Exabyte in order to reduce the number of digits to
346 four or fewer using powers of 2 for sizes (K=1024,
347 M=1048576, etc.).
348 -l Display additional details including permissions and own‐
350 ership information.
351 -n Produce a long listing with user and group information
353 presented numerically.
354 -r Reverse the sort order of the listing.
356 -S Sort the listing by file size.
358 -t Sort the listing by last modification time.
360 lumask umask
362 Set local umask to umask.
363 mkdir path
365 Create remote directory specified by path.
366 progress
368 Toggle display of progress meter.
369 put [-afpR] local-path [remote-path]
371 Upload local-path and store it on the remote machine. If the re‐
372 mote path name is not specified, it is given the same name it has
373 on the local machine. local-path may contain glob(7) characters
374 and may match multiple files. If it does and remote-path is
375 specified, then remote-path must specify a directory.
376 If the -a flag is specified, then attempt to resume partial
378 transfers of existing files. Note that resumption assumes that
379 any partial copy of the remote file matches the local copy. If
380 the local file contents differ from the remote local copy then
381 the resultant file is likely to be corrupt.
382 If the -f flag is specified, then a request will be sent to the
384 server to call fsync(2) after the file has been transferred.
385 Note that this is only supported by servers that implement the
386 "fsync@openssh.com" extension.
387 If the -p flag is specified, then full file permissions and ac‐
389 cess times are copied too.
390 If the -R flag is specified then directories will be copied re‐
392 cursively. Note that sftp does not follow symbolic links when
393 performing recursive transfers.
394 pwd Display remote working directory.
396 quit Quit sftp.
398 reget [-fpR] remote-path [local-path]
400 Resume download of remote-path. Equivalent to get with the -a
401 flag set.
402 reput [-fpR] local-path [remote-path]
404 Resume upload of local-path. Equivalent to put with the -a flag
405 set.
406 rename oldpath newpath
408 Rename remote file from oldpath to newpath.
409 rm path
411 Delete remote file specified by path.
412 rmdir path
414 Remove remote directory specified by path.
415 symlink oldpath newpath
417 Create a symbolic link from oldpath to newpath.
418 version
420 Display the sftp protocol version.
421 !command
423 Execute command in local shell.
424 ! Escape to local shell.
426 ? Synonym for help.
428
430 ftp(1), ls(1), scp(1), ssh(1), ssh-add(1), ssh-keygen(1), ssh_config(5),
431 glob(7), sftp-server(8), sshd(8)
432 T. Ylonen and S. Lehtinen, SSH File Transfer Protocol, draft-ietf-secsh-
434 filexfer-00.txt, January 2001, work in progress material.
435BSD December 16, 2022 BSD