sftp2, sftp - Secure Shell file transfer client
sftp2 [-v] [-D debug_level_spec] [-B batchfile] [-S path]
[-h] [-P port] [-b buffer_size] [-N max_requests] [-V]
[-4] [-6] [-c cipher] [-m MAC] [-o ssh-option] [user@]
Displays information in verbose mode. This is equal to
specifying the -D 2 option. Prints debug information to
stderr. The debug_level_spec argument can be a number
between 0 and 99, where 99 specifies that all debug information
should be displayed, or a comma-separated list of
assignments; for example, ModulePattern=debug_level where
ModulePattern is sftp2 for the main sftp2 application.
Reads commands from a file instead of standard input.
Because this mode is intended for scripts or cron jobs,
the sftp2 command will not try to interact with the user,
which means that only authentication methods that do not
use passwords will work. In batch mode, a failure to
change the current working directory will cause the sftp2
command to abort. Other errors are ignored. Specifies the
path to the ssh2 binary. Displays help. Sets the port on
the remote host. This option can also be specified in the
configuration file. Defines the maximum buffer size for
one request. The default is 32768 bytes. Defines the maximum
number of concurrent requests. The default is 10.
Displays the Secure Shell version number. Instructs ssh2
to use IPv4. Instructs ssh2 to use IPv6. Selects the
encryption algorithm. See ssh2(1) for more information.
Selects the Message Authentication Code (MAC) algorithm.
See ssh2(1) for more information. Can be used to give
options in the format used in the ssh2_config file. This
is useful for specifying options for which there is no
separate command-line flag. The option has the same format
as a line in the configuration file. Comment lines
are not accepted. Where applicable, egrep regex format is
When the sftp2 command is ready to accept operands, it
will display the following prompt: sftp>
You can then enter any of the following operands: Tries to
connect to a system specified with hostname. Tries to
connect to a system specified with hostname. The -l
option opens the remote end to the localhost without connecting
to an sshd2 daemon. Tries to connect to a host
specified with hostname. The connection is created without
connecting to an sshd2 daemon. This is intended for debugging
and testing. Tries to connect to a host specified
with hostname. The -l option, the local end is opened to
the localhost without connecting to an sshd2 daemon. This
is intended for debugging and testing. The localopen command
is a synonym for this operand. Closes the current
session. Quits the application. Changes the current
remote working directory. Changes the current local working
directory. Displays the name of the current remote
working directory. Displays the name of the current local
working directory. Lists the names of the files on the
remote system. For directories, the contents of the directory
are listed. When the -R option is specified, the
directory trees are listed recursively. (By default, the
subdirectories of the argument directories are not visited.)
When the -l option is specified, permissions, owners,
sizes, and modification times are also shown. When no
arguments are given, the contents of the current working
directory are listed. The -R and -l options are incompatible.
Same as the ls command, but operates on local
files. Transfers the specified files from the remote system
to the local system. Directories are recursively
copied with their contents. Synonymous to the get command.
Transfers the specified files from the local system
to the remote system. Directories are recursively copied
with their contents. Synonymous to the put command.
Renames the file source to target. If the target already
exists, the files are left intact. Same as the rename
command, but operates on local files. Deletes the file
specified in file. Same as the rm command, but operates
on local files. Creates the directory specified in directory.
Same as the mkdir command, but operates on local
files. Deletes the directory specified in directory.
Same as the rmdir command, but operates on local files.
If topic is not given, lists the available topics. If
topic is given, displays the online help for that topic.
Dumps the virtual roots of the server (this is a VShell
from VanDyke Software) extension, and only usable against
that. SSH Communications Security's Windows server
displays the file system roots in the unix style,
and does not require this extension). With the exception
of the -s option, this operand sets the transfer mode to
ascii (i.e., newlines will be converted according to the
conventions. Available conventions are dos, unix or mac,
using \r\n, \n and \r as newlines, respectively. The -s
option shows current newline conventions. The -f option
favors this configuration over what the server specifies
during connection. (This option is mainly for testing).
The <remote_nl_conv> sets the remote newline convention.
The <local_nl_conv> operates on the local
side, but is not as useful. (The correct local newline
convention is usually compiled in, so this is
mainly for testing). You can set either of these to
ask, which will cause sftp to prompt you for the
newline convention when needed. Files will be
transferred unmodified. Files whose extension
matches the one set with setext, will be transferred
using ascii mode. Other files will be transferred
unmodified. Sets the file types that will
be transferred in ascii mode if the transfer mode
is auto. Standard zsh-fileglob regexs can be used
for matching (only the file extension is matched).
Displays the extensions of files that will be
transferred using ascii (newline) conversion in the
auto transfer mode.
The sftp2 command creates a secure connection between a
Secure Shell client and a server to transfer files over a
network. The sftp2 command is intended as a secure
replacement for the ftp command. A secure connection provides
client and server authentication, user authentication,
data encryption, data integrity, and nonrepudiation.
The sftp2 command uses ssh2 to secure traffic. Even
though sftp works like ftp, it does not use the FTP daemon
(ftpd or wu-ftpd) for connections. In order to connect
using sftp2, you need to confirm that sshd2 is running on
the remote machine where you are connecting. The sftp2
command uses a subsystem of sshd2 to transfer files
You can also use the scp2 command to create a secure network
connection between a Secure Shell client and a server
to copy files.
Command Interpretation [Toc] [Back]
The sftp2 command understands both backslashes and quotation
marks on the command line. A backslash preceding a
character can be used to ignore the character in the command-line
interpretation. Quotation marks can be used for
specifying file names with spaces.
The ls, lls, get, and put commands support globbing patterns
(wildcards). See sshregex(5) for more information
about globbing patterns.
The command-line processing and globbing use the backslash
( \ ) as an escape character. If you want to use a backslash
to escape the metacharacters in the globbing, you
must precede the backslash with another backslash ( \\ )
to escape its special meaning in the command-line processing.
The get . command or the put . command will get or put
every file in the current directory and will overwrite
files with the same file name.
Command-line editing [Toc] [Back]
The following key sequences can be used for command-line
editing: Set the mark. Go to the beginning of the line.
Move the cursor one character to the left. Erase the
character on the right of the cursor, or exit the program
if the command line is empty. Go to the end of the line.
Move the cursor one character to the right. Backspace.
Tab. Enter. Delete to the end of the line. Redraw the
line. Enter. Move to the next line. Move to the previous
line. Toggle two characters. Delete the line.
Delete a region. The region's end is marked with CtrlSpace.
Begin an extended command. Yank the deleted line.
Undo. Lowercase the region. Uppercase the region.
Exchange the cursor and the mark. Mark the whole buffer.
Undo. Backwards word-delete. Backwards word-delete.
Delete extra spaces (leaves only one space). Go to the
beginning of the line. Go to the end of the line. Mark
the current word. Go one sentence backwards. Go one word
backwards. Capitalize the current word. Delete the current
word. Go one sentence forwards. Go one word forwards.
Delete the current sentence. Lowercase the current
word. Transpose words. Uppercase the current word.
Specifies Secure Shell client configuration information.
Specifies Secure Shell server configuration information.
Contains information on how the user will be authenticated
when contacting a specific host. The identification file
has the same general syntax as the configuration files.
The following keywords can be used: Followed by the file
name of a private key in the $HOME/.ssh2 directory used
for identification when contacting a host. If there is
more than one IdKey, they are tried in the order that they
appear in the identification file. Followed by the file
name of the user's OpenPGP private keyring in the
$HOME/.ssh2 directory. The OpenPGP keys listed after this
line are expected to be found from this file. The keys
identified with IdPgpKey*-keywords are used like ones
identified with IdKey-keyword. Followed by the OpenPGP
key name of the key in the PgpSecretKeyFile file. Followed
by the OpenPGP key fingerprint of the key in the
PgpSecretKeyFile file. Followed by the OpenPGP key ID of
the key in the PgpSecretKeyFile file. Contains information
on how the server will verify the identity of an
user. The authorization file has the same general syntax
as the configuration files. The following keywords can be
used: Followed by the file name of a public key in the
$HOME/.ssh2 directory used for identification when contacting
the host. More than one key is acceptable for
login. Followed by the file name of the user's OpenPGP
public keyring in the $HOME/.ssh2directory. OpenPGP keys
listed after this line are expected to be found from this
file. Keys identified with PgpKey*-keywords are used like
ones identified with Key-keyword. Followed by the OpenPGP
key name. Followed by the OpenPGP key fingerprint. Followed
by the OpenPGP key ID. Specifies a forced command
that will be executed on the server when the user is
authenticated. If used, it must follow the Key or PgpKey*
keyword. The command supplied by the user is put in the
SSH2_ORIGINAL_COMMAND environment variable .
The command is run on a pseudoterminal if the connection
requests a pseudoterminal; otherwise it
runs without a terminal.
This keyword can be useful for restricting certain
public keys to perform a specific operation, such
as a key that permits remote backups but nothing
A client can specify TCP/IP and/or X11 forwardings,
unless they are explicitly prohibited. These files
are the public keys of the hosts to which you connect.
They are updated automatically, unless you
set the StrictHostKeyChecking parameter to yes in
the ssh2_config file. If a host's key changes, you
should put the key here only if you are sure that
the new key is valid; for example, you are sure
there was no man-in-the-middle attack. The xxxx is
the port on the server, where the sshd2 deamon
runs, and the yyyy is the host (specified on the
command line). If a host key is not found in the
user's $HOME/.ssh2/hostkeys directory, this is the
next location to be checked. These files must be
updated manually. Contains a list of remote users
who are not required to supply a password when they
use Secure Shell host-based authentication with the
ssh2 command. Contains the names of remote hosts
and users that are equivalent to the local host or
user. An equivalent host or user is allowed to use
the ssh2 command with Secure Shell host-based
authentication without supplying a password. Contains
the public host keys of hosts that users need
to log in to when using host based authentication.
The xxxx is the fully qualified domain name (FQDN)
and yyyy is the public key algorithm. Public key
algorithms are ssh-dss and ssh-rsa. For example,
if the FQDN for a host is server1.foo.fi and it has
a key algorithm of ssh-dss, the host key would be
server1.foo.fi.ssh-dss.pub in the knownhosts directory.
A user must add the host name to a $HOME/.shosts
file or an $HOME/.rhosts file. Same as the
$HOME/.ssh2/knownhosts/xxxxyyyy.pub file, but system-wide.
This file is overridden if the user puts
a file with the same name in the $HOME/.ssh2/knownhosts
SSH is a registered trademark of SSH Communication Security
Commands: ftp(1), scp2(1), ssh2(1), ssh-add2(1), sshagent2(1), ssh-keygen2(1), sshd2(8)
Files: hosts.equiv(4), rhosts(4), shosts(4), ssh2_config(4), sshd2_config(4)
Guides: Security Administration
[ Back ]