1SFTP(1) BSD General Commands Manual SFTP(1)
2
4 sftp — OpenSSH secure file transfer
5
7 sftp [-46AaCfNpqrv] [-B buffer_size] [-b batchfile] [-c cipher]
8 [-D sftp_server_command] [-F ssh_config] [-i identity_file]
9 [-J destination] [-l limit] [-o ssh_option] [-P port]
10 [-R num_requests] [-S program] [-s subsystem | sftp_server]
11 [-X sftp_option] destination
12
14 sftp is a file transfer program, similar to ftp(1), which performs all
15 operations over an encrypted ssh(1) transport. It may also use many fea‐
16 tures of ssh, such as public key authentication and compression.
17 The destination may be specified either as [user@]host[:path] or as a URI
19 in the form sftp://[user@]host[:port][/path].
20 If the destination includes a path and it is not a directory, sftp will
22 retrieve files automatically if a non-interactive authentication method
23 is used; otherwise it will do so after successful interactive authentica‐
24 tion.
25 If no path is specified, or if the path is a directory, sftp will log in
27 to the specified host and enter interactive command mode, changing to the
28 remote directory if one was specified. An optional trailing slash can be
29 used to force the path to be interpreted as a directory.
30 Since the destination formats use colon characters to delimit host names
32 from path names or port numbers, IPv6 addresses must be enclosed in
33 square brackets to avoid ambiguity.
34 The options are as follows:
36 -4 Forces sftp to use IPv4 addresses only.
38 -6 Forces sftp to use IPv6 addresses only.
40 -A Allows forwarding of ssh-agent(1) to the remote system. The de‐
42 fault is not to forward an authentication agent.
43 -a Attempt to continue interrupted transfers rather than overwriting
45 existing partial or complete copies of files. If the partial
46 contents differ from those being transferred, then the resultant
47 file is likely to be corrupt.
48 -B buffer_size
50 Specify the size of the buffer that sftp uses when transferring
51 files. Larger buffers require fewer round trips at the cost of
52 higher memory consumption. The default is 32768 bytes.
53 -b batchfile
55 Batch mode reads a series of commands from an input batchfile in‐
56 stead of stdin. Since it lacks user interaction, it should be
57 used in conjunction with non-interactive authentication to obvi‐
58 ate the need to enter a password at connection time (see sshd(8)
59 and ssh-keygen(1) for details).
60 A batchfile of ‘-’ may be used to indicate standard input. sftp
62 will abort if any of the following commands fail: get, put,
63 reget, reput, rename, ln, rm, mkdir, chdir, ls, lchdir, copy, cp,
64 chmod, chown, chgrp, lpwd, df, symlink, and lmkdir.
65 Termination on error can be suppressed on a command by command
67 basis by prefixing the command with a ‘-’ character (for example,
68 -rm /tmp/blah*). Echo of the command may be suppressed by pre‐
69 fixing the command with a ‘@’ character. These two prefixes may
70 be combined in any order, for example -@ls /bsd.
71 -C Enables compression (via ssh's -C flag).
73 -c cipher
75 Selects the cipher to use for encrypting the data transfers.
76 This option is directly passed to ssh(1).
77 -D sftp_server_command
79 Connect directly to a local sftp server (rather than via ssh(1)).
80 A command and arguments may be specified, for example
81 "/path/sftp-server -el debug3". This option may be useful in de‐
82 bugging the client and server.
83 -F ssh_config
85 Specifies an alternative per-user configuration file for ssh(1).
86 This option is directly passed to ssh(1).
87 -f Requests that files be flushed to disk immediately after trans‐
89 fer. When uploading files, this feature is only enabled if the
90 server implements the "fsync@openssh.com" extension.
91 -i identity_file
93 Selects the file from which the identity (private key) for public
94 key authentication is read. This option is directly passed to
95 ssh(1).
96 -J destination
98 Connect to the target host by first making an sftp connection to
99 the jump host described by destination and then establishing a
100 TCP forwarding to the ultimate destination from there. Multiple
101 jump hops may be specified separated by comma characters. This
102 is a shortcut to specify a ProxyJump configuration directive.
103 This option is directly passed to ssh(1).
104 -l limit
106 Limits the used bandwidth, specified in Kbit/s.
107 -N Disables quiet mode, e.g. to override the implicit quiet mode set
109 by the -b flag.
110 -o ssh_option
112 Can be used to pass options to ssh in the format used in
113 ssh_config(5). This is useful for specifying options for which
114 there is no separate sftp command-line flag. For example, to
115 specify an alternate port use: sftp -oPort=24. For full details
116 of the options listed below, and their possible values, see
117 ssh_config(5).
118 AddressFamily
120 BatchMode
121 BindAddress
122 BindInterface
123 CanonicalDomains
124 CanonicalizeFallbackLocal
125 CanonicalizeHostname
126 CanonicalizeMaxDots
127 CanonicalizePermittedCNAMEs
128 CASignatureAlgorithms
129 CertificateFile
130 CheckHostIP
131 Ciphers
132 Compression
133 ConnectionAttempts
134 ConnectTimeout
135 ControlMaster
136 ControlPath
137 ControlPersist
138 GlobalKnownHostsFile
139 GSSAPIAuthentication
140 GSSAPIDelegateCredentials
141 HashKnownHosts
142 Host
143 HostbasedAcceptedAlgorithms
144 HostbasedAuthentication
145 HostKeyAlgorithms
146 HostKeyAlias
147 Hostname
148 IdentitiesOnly
149 IdentityAgent
150 IdentityFile
151 IPQoS
152 KbdInteractiveAuthentication
153 KbdInteractiveDevices
154 KexAlgorithms
155 KnownHostsCommand
156 LogLevel
157 MACs
158 NoHostAuthenticationForLocalhost
159 NumberOfPasswordPrompts
160 PasswordAuthentication
161 PKCS11Provider
162 Port
163 PreferredAuthentications
164 ProxyCommand
165 ProxyJump
166 PubkeyAcceptedAlgorithms
167 PubkeyAuthentication
168 RekeyLimit
169 RequiredRSASize
170 SendEnv
171 ServerAliveInterval
172 ServerAliveCountMax
173 SetEnv
174 StrictHostKeyChecking
175 TCPKeepAlive
176 UpdateHostKeys
177 User
178 UserKnownHostsFile
179 VerifyHostKeyDNS
180 -P port
182 Specifies the port to connect to on the remote host.
183 -p Preserves modification times, access times, and modes from the
185 original files transferred.
186 -q Quiet mode: disables the progress meter as well as warning and
188 diagnostic messages from ssh(1).
189 -R num_requests
191 Specify how many requests may be outstanding at any one time.
192 Increasing this may slightly improve file transfer speed but will
193 increase memory usage. The default is 64 outstanding requests.
194 -r Recursively copy entire directories when uploading and download‐
196 ing. Note that sftp does not follow symbolic links encountered
197 in the tree traversal.
198 -S program
200 Name of the program to use for the encrypted connection. The
201 program must understand ssh(1) options.
202 -s subsystem | sftp_server
204 Specifies the SSH2 subsystem or the path for an sftp server on
205 the remote host. A path is useful when the remote sshd(8) does
206 not have an sftp subsystem configured.
207 -v Raise logging level. This option is also passed to ssh.
209 -X sftp_option
211 Specify an option that controls aspects of SFTP protocol behav‐
212 iour. The valid options are:
213 nrequests=value
215 Controls how many concurrent SFTP read or write requests
216 may be in progress at any point in time during a download
217 or upload. By default 64 requests may be active concur‐
218 rently.
219 buffer=value
221 Controls the maximum buffer size for a single SFTP
222 read/write operation used during download or upload. By
223 default a 32KB buffer is used.
224
226 Once in interactive mode, sftp understands a set of commands similar to
227 those of ftp(1). Commands are case insensitive. Pathnames that contain
228 spaces must be enclosed in quotes. Any special characters contained
229 within pathnames that are recognized by glob(3) must be escaped with
230 backslashes (‘\’).
231 bye Quit sftp.
233 cd [path]
235 Change remote directory to path. If path is not specified, then
236 change directory to the one the session started in.
237 chgrp [-h] grp path
239 Change group of file path to grp. path may contain glob(7) char‐
240 acters and may match multiple files. grp must be a numeric GID.
241 If the -h flag is specified, then symlinks will not be followed.
243 Note that this is only supported by servers that implement the
244 "lsetstat@openssh.com" extension.
245 chmod [-h] mode path
247 Change permissions of file path to mode. path may contain
248 glob(7) characters and may match multiple files.
249 If the -h flag is specified, then symlinks will not be followed.
251 Note that this is only supported by servers that implement the
252 "lsetstat@openssh.com" extension.
253 chown [-h] own path
255 Change owner of file path to own. path may contain glob(7) char‐
256 acters and may match multiple files. own must be a numeric UID.
257 If the -h flag is specified, then symlinks will not be followed.
259 Note that this is only supported by servers that implement the
260 "lsetstat@openssh.com" extension.
261 copy oldpath newpath
263 Copy remote file from oldpath to newpath.
264 Note that this is only supported by servers that implement the
266 "copy-data" extension.
267 cp oldpath newpath
269 Alias to copy command.
270 df [-hi] [path]
272 Display usage information for the filesystem holding the current
273 directory (or path if specified). If the -h flag is specified,
274 the capacity information will be displayed using "human-readable"
275 suffixes. The -i flag requests display of inode information in
276 addition to capacity information. This command is only supported
277 on servers that implement the “statvfs@openssh.com” extension.
278 exit Quit sftp.
280 get [-afpR] remote-path [local-path]
282 Retrieve the remote-path and store it on the local machine. If
283 the local path name is not specified, it is given the same name
284 it has on the remote machine. remote-path may contain glob(7)
285 characters and may match multiple files. If it does and
286 local-path is specified, then local-path must specify a direc‐
287 tory.
288 If the -a flag is specified, then attempt to resume partial
290 transfers of existing files. Note that resumption assumes that
291 any partial copy of the local file matches the remote copy. If
292 the remote file contents differ from the partial local copy then
293 the resultant file is likely to be corrupt.
294 If the -f flag is specified, then fsync(2) will be called after
296 the file transfer has completed to flush the file to disk.
297 If the -p flag is specified, then full file permissions and ac‐
299 cess times are copied too.
300 If the -R flag is specified then directories will be copied re‐
302 cursively. Note that sftp does not follow symbolic links when
303 performing recursive transfers.
304 help Display help text.
306 lcd [path]
308 Change local directory to path. If path is not specified, then
309 change directory to the local user's home directory.
310 lls [ls-options [path]]
312 Display local directory listing of either path or current direc‐
313 tory if path is not specified. ls-options may contain any flags
314 supported by the local system's ls(1) command. path may contain
315 glob(7) characters and may match multiple files.
316 lmkdir path
318 Create local directory specified by path.
319 ln [-s] oldpath newpath
321 Create a link from oldpath to newpath. If the -s flag is speci‐
322 fied the created link is a symbolic link, otherwise it is a hard
323 link.
324 lpwd Print local working directory.
326 ls [-1afhlnrSt] [path]
328 Display a remote directory listing of either path or the current
329 directory if path is not specified. path may contain glob(7)
330 characters and may match multiple files.
331 The following flags are recognized and alter the behaviour of ls
333 accordingly:
334 -1 Produce single columnar output.
336 -a List files beginning with a dot (‘.’).
338 -f Do not sort the listing. The default sort order is lexi‐
340 cographical.
341 -h When used with a long format option, use unit suffixes:
343 Byte, Kilobyte, Megabyte, Gigabyte, Terabyte, Petabyte,
344 and Exabyte in order to reduce the number of digits to
345 four or fewer using powers of 2 for sizes (K=1024,
346 M=1048576, etc.).
347 -l Display additional details including permissions and own‐
349 ership information.
350 -n Produce a long listing with user and group information
352 presented numerically.
353 -r Reverse the sort order of the listing.
355 -S Sort the listing by file size.
357 -t Sort the listing by last modification time.
359 lumask umask
361 Set local umask to umask.
362 mkdir path
364 Create remote directory specified by path.
365 progress
367 Toggle display of progress meter.
368 put [-afpR] local-path [remote-path]
370 Upload local-path and store it on the remote machine. If the re‐
371 mote path name is not specified, it is given the same name it has
372 on the local machine. local-path may contain glob(7) characters
373 and may match multiple files. If it does and remote-path is
374 specified, then remote-path must specify a directory.
375 If the -a flag is specified, then attempt to resume partial
377 transfers of existing files. Note that resumption assumes that
378 any partial copy of the remote file matches the local copy. If
379 the local file contents differ from the remote local copy then
380 the resultant file is likely to be corrupt.
381 If the -f flag is specified, then a request will be sent to the
383 server to call fsync(2) after the file has been transferred.
384 Note that this is only supported by servers that implement the
385 "fsync@openssh.com" extension.
386 If the -p flag is specified, then full file permissions and ac‐
388 cess times are copied too.
389 If the -R flag is specified then directories will be copied re‐
391 cursively. Note that sftp does not follow symbolic links when
392 performing recursive transfers.
393 pwd Display remote working directory.
395 quit Quit sftp.
397 reget [-fpR] remote-path [local-path]
399 Resume download of remote-path. Equivalent to get with the -a
400 flag set.
401 reput [-fpR] local-path [remote-path]
403 Resume upload of local-path. Equivalent to put with the -a flag
404 set.
405 rename oldpath newpath
407 Rename remote file from oldpath to newpath.
408 rm path
410 Delete remote file specified by path.
411 rmdir path
413 Remove remote directory specified by path.
414 symlink oldpath newpath
416 Create a symbolic link from oldpath to newpath.
417 version
419 Display the sftp protocol version.
420 !command
422 Execute command in local shell.
423 ! Escape to local shell.
425 ? Synonym for help.
427
429 ftp(1), ls(1), scp(1), ssh(1), ssh-add(1), ssh-keygen(1), ssh_config(5),
430 glob(7), sftp-server(8), sshd(8)
431 T. Ylonen and S. Lehtinen, SSH File Transfer Protocol, draft-ietf-secsh-
433 filexfer-00.txt, January 2001, work in progress material.
434BSD December 16, 2022 BSD