sftp2(1)sftp2(1)NAME
sftp2, sftp - Secure Shell file transfer client
SYNOPSIS
sftp2 [-v] [-D debug_level_spec] [-B batchfile] [-S path] [-h] [-P
port] [-b buffer_size] [-N max_requests] [-V] [-4] [-6] [-c cipher] [-m
MAC] [-o ssh-option] [user@] host [port#]
OPTIONS
Displays information in verbose mode. This is equal to specifying the
-D 2 option. Prints debug information to stderr. The debug_level_spec
argument can be a number between 0 and 99, where 99 specifies that all
debug information should be displayed, or a comma-separated list of
assignments; for example, ModulePattern=debug_level where ModulePattern
is sftp2 for the main sftp2 application. Reads commands from a file
instead of standard input. Because this mode is intended for scripts or
cron jobs, the sftp2 command will not try to interact with the user,
which means that only authentication methods that do not use passwords
will work. In batch mode, a failure to change the current working
directory will cause the sftp2 command to abort. Other errors are
ignored. Specifies the path to the ssh2 binary. Displays help. Sets
the port on the remote host. This option can also be specified in the
configuration file. Defines the maximum buffer size for one request.
The default is 32768 bytes. Defines the maximum number of concurrent
requests. The default is 10. Displays the Secure Shell version number.
Instructs ssh2 to use IPv4. Instructs ssh2 to use IPv6. Selects the
encryption algorithm. See ssh2(1) for more information. Selects the
Message Authentication Code (MAC) algorithm. See ssh2(1) for more
information. Can be used to give options in the format used in the
ssh2_config file. This is useful for specifying options for which
there is no separate command-line flag. The option has the same format
as a line in the configuration file. Comment lines are not accepted.
Where applicable, egrep regex format is used.
OPERANDS
When the sftp2 command is ready to accept operands, it will display the
following prompt: sftp>
You can then enter any of the following operands: Tries to connect to a
system specified with hostname. Tries to connect to a system specified
with hostname. The -l option opens the remote end to the localhost
without connecting to an sshd2 daemon. Tries to connect to a host
specified with hostname. The connection is created without connecting
to an sshd2 daemon. This is intended for debugging and testing. Tries
to connect to a host specified with hostname. The -l option, the local
end is opened to the localhost without connecting to an sshd2 daemon.
This is intended for debugging and testing. The localopen command is a
synonym for this operand. Closes the current session. Quits the
application. Changes the current remote working directory. Changes
the current local working directory. Displays the name of the current
remote working directory. Displays the name of the current local work‐
ing directory. Lists the names of the files on the remote system. For
directories, the contents of the directory are listed. When the -R
option is specified, the directory trees are listed recursively. (By
default, the subdirectories of the argument directories are not vis‐
ited.) When the -l option is specified, permissions, owners, sizes, and
modification times are also shown. When no arguments are given, the
contents of the current working directory are listed. The -R and -l
options are incompatible. Same as the ls command, but operates on
local files. Transfers the specified files from the remote system to
the local system. Directories are recursively copied with their con‐
tents. Synonymous to the get command. Transfers the specified files
from the local system to the remote system. Directories are recursively
copied with their contents. Synonymous to the put command. Renames
the file source to target. If the target already exists, the files are
left intact. Same as the rename command, but operates on local files.
Deletes the file specified in file. Same as the rm command, but oper‐
ates on local files. Creates the directory specified in directory.
Same as the mkdir command, but operates on local files. Deletes the
directory specified in directory. Same as the rmdir command, but oper‐
ates on local files. If topic is not given, lists the available top‐
ics. If topic is given, displays the online help for that topic. Dumps
the virtual roots of the server (this is a VShell from VanDyke Soft‐
ware) extension, and only usable against that. SSH Communications
Security's Windows server displays the file system roots in the unix
style, and does not require this extension). With the exception of the
-s option, this operand sets the transfer mode to ascii (i.e., newlines
will be converted according to the conventions. Available conventions
are dos, unix or mac, using \r\n, \n and \r as newlines, respectively.
The -s option shows current newline conventions. The -f option favors
this configuration over what the server specifies during connection.
(This option is mainly for testing).
The <remote_nl_conv> sets the remote newline convention. The
<local_nl_conv> operates on the local side, but is not as use‐
ful. (The correct local newline convention is usually compiled
in, so this is mainly for testing). You can set either of these
to ask, which will cause sftp to prompt you for the newline con‐
vention when needed. Files will be transferred unmodified.
Files whose extension matches the one set with setext, will be
transferred using ascii mode. Other files will be transferred
unmodified. Sets the file types that will be transferred in
ascii mode if the transfer mode is auto. Standard zsh-fileglob
regexs can be used for matching (only the file extension is
matched). Displays the extensions of files that will be trans‐
ferred using ascii (newline) conversion in the auto transfer
mode.
DESCRIPTION
The sftp2 command creates a secure connection between a Secure Shell
client and a server to transfer files over a network. The sftp2 command
is intended as a secure replacement for the ftp command. A secure con‐
nection provides client and server authentication, user authentication,
data encryption, data integrity, and nonrepudiation.
The sftp2 command uses ssh2 to secure traffic. Even though sftp works
like ftp, it does not use the FTP daemon (ftpd or wu-ftpd) for connec‐
tions. In order to connect using sftp2, you need to confirm that sshd2
is running on the remote machine where you are connecting. The sftp2
command uses a subsystem of sshd2 to transfer files securely.
You can also use the scp2 command to create a secure network connection
between a Secure Shell client and a server to copy files.
Command Interpretation
The sftp2 command understands both backslashes and quotation marks on
the command line. A backslash preceding a character can be used to
ignore the character in the command-line interpretation. Quotation
marks can be used for specifying file names with spaces.
The ls, lls, get, and put commands support globbing patterns (wild‐
cards). See sshregex(5) for more information about globbing patterns.
The command-line processing and globbing use the backslash ( \ ) as an
escape character. If you want to use a backslash to escape the
metacharacters in the globbing, you must precede the backslash with
another backslash ( \\ ) to escape its special meaning in the command-
line processing.
The get . command or the put . command will get or put every file in
the current directory and will overwrite files with the same file name.
Command-line editing
The following key sequences can be used for command-line editing: Set
the mark. Go to the beginning of the line. Move the cursor one char‐
acter to the left. Erase the character on the right of the cursor, or
exit the program if the command line is empty. Go to the end of the
line. Move the cursor one character to the right. Backspace. Tab.
Enter. Delete to the end of the line. Redraw the line. Enter. Move
to the next line. Move to the previous line. Toggle two characters.
Delete the line. Delete a region. The region's end is marked with
Ctrl-Space. Begin an extended command. Yank the deleted line. Undo.
Lowercase the region. Uppercase the region. Exchange the cursor and
the mark. Mark the whole buffer. Undo. Backwards word-delete. Back‐
wards word-delete. Delete extra spaces (leaves only one space). Go to
the beginning of the line. Go to the end of the line. Mark the cur‐
rent word. Go one sentence backwards. Go one word backwards. Capi‐
talize the current word. Delete the current word. Go one sentence
forwards. Go one word forwards. Delete the current sentence. Lower‐
case the current word. Transpose words. Uppercase the current word.
Backspace.
FILES
Specifies Secure Shell client configuration information. Specifies
Secure Shell server configuration information. Contains information on
how the user will be authenticated when contacting a specific host.
The identification file has the same general syntax as the configura‐
tion files. The following keywords can be used: Followed by the file
name of a private key in the $HOME/.ssh2 directory used for identifica‐
tion when contacting a host. If there is more than one IdKey, they are
tried in the order that they appear in the identification file. Fol‐
lowed by the file name of the user's OpenPGP private keyring in the
$HOME/.ssh2 directory. The OpenPGP keys listed after this line are
expected to be found from this file. The keys identified with IdPgp‐
Key*-keywords are used like ones identified with IdKey-keyword. Fol‐
lowed by the OpenPGP key name of the key in the PgpSecretKeyFile file.
Followed by the OpenPGP key fingerprint of the key in the PgpSecretKey‐
File file. Followed by the OpenPGP key ID of the key in the PgpSe‐
cretKeyFile file. Contains information on how the server will verify
the identity of an user. The authorization file has the same general
syntax as the configuration files. The following keywords can be used:
Followed by the file name of a public key in the $HOME/.ssh2 directory
used for identification when contacting the host. More than one key is
acceptable for login. Followed by the file name of the user's OpenPGP
public keyring in the $HOME/.ssh2directory. OpenPGP keys listed after
this line are expected to be found from this file. Keys identified
with PgpKey*-keywords are used like ones identified with Key-keyword.
Followed by the OpenPGP key name. Followed by the OpenPGP key finger‐
print. Followed by the OpenPGP key ID. Specifies a forced command
that will be executed on the server when the user is authenticated. If
used, it must follow the Key or PgpKey* keyword. The command supplied
by the user is put in the SSH2_ORIGINAL_COMMAND environment variable .
The command is run on a pseudoterminal if the connection
requests a pseudoterminal; otherwise it runs without a terminal.
This keyword can be useful for restricting certain public keys
to perform a specific operation, such as a key that permits
remote backups but nothing else.
A client can specify TCP/IP and/or X11 forwardings, unless they
are explicitly prohibited. These files are the public keys of
the hosts to which you connect. They are updated automatically,
unless you set the StrictHostKeyChecking parameter to yes in the
ssh2_config file. If a host's key changes, you should put the
key here only if you are sure that the new key is valid; for
example, you are sure there was no man-in-the-middle attack.
The xxxx is the port on the server, where the sshd2 deamon runs,
and the yyyy is the host (specified on the command line). If a
host key is not found in the user's $HOME/.ssh2/hostkeys direc‐
tory, this is the next location to be checked. These files must
be updated manually. Contains a list of remote users who are
not required to supply a password when they use Secure Shell
host-based authentication with the ssh2 command. Contains the
names of remote hosts and users that are equivalent to the local
host or user. An equivalent host or user is allowed to use the
ssh2 command with Secure Shell host-based authentication without
supplying a password. Contains the public host keys of hosts
that users need to log in to when using host based authentica‐
tion.
The xxxx is the fully qualified domain name (FQDN) and yyyy is
the public key algorithm. Public key algorithms are ssh-dss and
ssh-rsa. For example, if the FQDN for a host is server1.foo.fi
and it has a key algorithm of ssh-dss, the host key would be
server1.foo.fi.ssh-dss.pub in the knownhosts directory.
A user must add the host name to a $HOME/.shosts file or an
$HOME/.rhosts file. Same as the $HOME/.ssh2/known‐
hosts/xxxxyyyy.pub file, but system-wide. This file is overrid‐
den if the user puts a file with the same name in the
$HOME/.ssh2/knownhosts directory.
LEGAL NOTICES
SSH is a registered trademark of SSH Communication Security Ltd.
SEE ALSO
Commands: ftp(1), scp2(1), ssh2(1), ssh-add2(1), ssh-agent2(1), ssh-
keygen2(1), sshd2(8)
Files: hosts.equiv(4), rhosts(4), shosts(4), ssh2_config(4), sshd2_con‐
fig(4)
Others: sshregex(5)
Guides: Security Administration
sftp2(1)
