sftp2, sftp - Secure Shell file transfer client
sftp2 [-v] [-D debug_level_spec] [-B batchfile] [-S path] [-h] [-P port]
[-b buffer_size] [-N max_requests] [-V] [-4] [-6] [-c cipher] [-m MAC] [-o
ssh-option] [user@] host [port#]
-v Displays information in verbose mode. This is equal to specifying the
-D 2 option.
Prints debug information to stderr. The debug_level_spec argument can
be a number between 0 and 99, where 99 specifies that all debug infor-
mation should be displayed, or a comma-separated list of assignments;
for example, ModulePattern=debug_level where ModulePattern is sftp2 for
the main sftp2 application.
Reads commands from a file instead of standard input. Because this mode
is intended for scripts or cron jobs, the sftp2 command will not try to
interact with the user, which means that only authentication methods
that do not use passwords will work. In batch mode, a failure to
change the current working directory will cause the sftp2 command to
abort. Other errors are ignored.
Specifies the path to the ssh2 binary.
-h Displays help.
Sets the port on the remote host. This option can also be specified in
the configuration file.
Defines the maximum buffer size for one request. The default is 32768
Defines the maximum number of concurrent requests. The default is 10.
-V Displays the Secure Shell version number.
-4 Instructs ssh2 to use IPv4.
-6 Instructs ssh2 to use IPv6.
Selects the encryption algorithm. See ssh2(1) for more information.
Selects the Message Authentication Code (MAC) algorithm. See ssh2(1)
for more information.
Can be used to give options in the format used in the ssh2_config file.
This is useful for specifying options for which there is no separate
command-line flag. The option has the same format as a line in the
configuration file. Comment lines are not accepted. Where applicable,
egrep regex format is used.
When the sftp2 command is ready to accept operands, it will display the
You can then enter any of the following operands:
Tries to connect to a system specified with hostname.
Tries to connect to a system specified with hostname. The -l option
opens the remote end to the localhost without connecting to an sshd2
Tries to connect to a host specified with hostname. The connection is
created without connecting to an sshd2 daemon. This is intended for
debugging and testing.
Tries to connect to a host specified with hostname. The -l option, the
local end is opened to the localhost without connecting to an sshd2
daemon. This is intended for debugging and testing. The localopen com-
mand is a synonym for this operand.
Closes the current session.
Quits the application.
Changes the current remote working directory.
Changes the current local working directory.
pwd Displays the name of the current remote working directory.
Displays the name of the current local working directory.
ls [-R ] [ -l ] [ file ... ]
Lists the names of the files on the remote system. For directories, the
contents of the directory are listed. When the -R option is specified,
the directory trees are listed recursively. (By default, the subdirec-
tories of the argument directories are not visited.) When the -l option
is specified, permissions, owners, sizes, and modification times are
also shown. When no arguments are given, the contents of the current
working directory are listed. The -R and -l options are incompatible.
lls [-R ] [ -l ] [ file ... ]
Same as the ls command, but operates on local files.
get [file ... ]
Transfers the specified files from the remote system to the local
system. Directories are recursively copied with their contents.
mget [file ... ]
Synonymous to the get command.
put [file ... ]
Transfers the specified files from the local system to the remote sys-
tem. Directories are recursively copied with their contents.
mput [file ... ]
Synonymous to the put command.
rename source target
Renames the file source to target. If the target already exists, the
files are left intact.
lrename source target
Same as the rename command, but operates on local files.
Deletes the file specified in file.
Same as the rm command, but operates on local files.
Creates the directory specified in directory.
Same as the mkdir command, but operates on local files.
Deletes the directory specified in directory.
Same as the rmdir command, but operates on local files.
If topic is not given, lists the available topics. If topic is given,
displays the online help for that topic.
Dumps the virtual roots of the server (this is a VShell from VanDyke
Software) extension, and only usable against that. SSH Communications
Security's Windows server displays the file system roots in the unix
style, and does not require this extension).
ascii [-s] [-f] [<remote_nl_conv>] [<local_nl_conv>]
With the exception of the -s option, this operand sets the transfer
mode to ascii (i.e., newlines will be converted according to the con-
ventions. Available conventions are dos, unix or mac, using \r\n, \n
and \r as newlines, respectively. The -s option shows current newline
conventions. The -f option favors this configuration over what the
server specifies during connection. (This option is mainly for test-
The <remote_nl_conv> sets the remote newline convention. The
<local_nl_conv> operates on the local side, but is not as useful. (The
correct local newline convention is usually compiled in, so this is
mainly for testing). You can set either of these to ask, which will
cause sftp to prompt you for the newline convention when needed.
Files will be transferred unmodified.
Files whose extension matches the one set with setext, will be
transferred using ascii mode. Other files will be transferred unmodi-
setext <extension> [<extension> ... ]
Sets the file types that will be transferred in ascii mode if the
transfer mode is auto. Standard zsh-fileglob regexs can be used for
matching (only the file extension is matched).
Displays the extensions of files that will be transferred using ascii
(newline) conversion in the auto transfer mode.
The sftp2 command creates a secure connection between a Secure Shell client
and a server to transfer files over a network. The sftp2 command is
intended as a secure replacement for the ftp command. A secure connection
provides client and server authentication, user authentication, data
encryption, data integrity, and nonrepudiation.
The sftp2 command uses ssh2 to secure traffic. Even though sftp works like
ftp, it does not use the FTP daemon (ftpd or wu-ftpd) for connections. In
order to connect using sftp2, you need to confirm that sshd2 is running on
the remote machine where you are connecting. The sftp2 command uses a sub-
system of sshd2 to transfer files securely.
You can also use the scp2 command to create a secure network connection
between a Secure Shell client and a server to copy files.
The sftp2 command understands both backslashes and quotation marks on the
command line. A backslash preceding a character can be used to ignore the
character in the command-line interpretation. Quotation marks can be used
for specifying file names with spaces.
The ls, lls, get, and put commands support globbing patterns (wildcards).
See sshregex(5) for more information about globbing patterns.
The command-line processing and globbing use the backslash ( \ ) as an
escape character. If you want to use a backslash to escape the metacharac-
ters in the globbing, you must precede the backslash with another backslash
( \\ ) to escape its special meaning in the command-line processing.
The get . command or the put . command will get or put every file in the
current directory and will overwrite files with the same file name.
The following key sequences can be used for command-line editing:
Set the mark.
Go to the beginning of the line.
Move the cursor one character to the left.
Erase the character on the right of the cursor, or exit the program if
the command line is empty.
Go to the end of the line.
Move the cursor one character to the right.
Delete to the end of the line.
Redraw the line.
Move to the next line.
Move to the previous line.
Toggle two characters.
Delete the line.
Delete a region. The region's end is marked with Ctrl-Space.
Begin an extended command.
Yank the deleted line.
Lowercase the region.
Uppercase the region.
Exchange the cursor and the mark.
Mark the whole buffer.
Delete extra spaces (leaves only one space).
Go to the beginning of the line.
Go to the end of the line.
Mark the current word.
Go one sentence backwards.
Go one word backwards.
Capitalize the current word.
Delete the current word.
Go one sentence forwards.
Go one word forwards.
Delete the current sentence.
Lowercase the current word.
Uppercase the current word.
Specifies Secure Shell client configuration information.
Specifies Secure Shell server configuration information.
Contains information on how the user will be authenticated when con-
tacting a specific host. The identification file has the same general
syntax as the configuration files. The following keywords can be used:
IdKey Followed by the file name of a private key in the $HOME/.ssh2
directory used for identification when contacting a host. If
there is more than one IdKey, they are tried in the order that
they appear in the identification file.
Followed by the file name of the user's OpenPGP private keyring
in the $HOME/.ssh2 directory. The OpenPGP keys listed after
this line are expected to be found from this file. The keys
identified with IdPgpKey*-keywords are used like ones identi-
fied with IdKey-keyword.
Followed by the OpenPGP key name of the key in the PgpSecret-
Followed by the OpenPGP key fingerprint of the key in the
Followed by the OpenPGP key ID of the key in the PgpSecretKey-
Contains information on how the server will verify the identity of an
user. The authorization file has the same general syntax as the confi-
guration files. The following keywords can be used:
Key Followed by the file name of a public key in the $HOME/.ssh2
directory used for identification when contacting the host.
More than one key is acceptable for login.
Followed by the file name of the user's OpenPGP public keyring
in the $HOME/.ssh2directory. OpenPGP keys listed after this
line are expected to be found from this file. Keys identified
with PgpKey*-keywords are used like ones identified with Key-
Followed by the OpenPGP key name.
Followed by the OpenPGP key fingerprint.
Followed by the OpenPGP key ID.
Command Specifies a forced command that will be executed on the server
when the user is authenticated. If used, it must follow the
Key or PgpKey* keyword. The command supplied by the user is put
in the SSH2_ORIGINAL_COMMAND environment variable .
The command is run on a pseudoterminal if the connection
requests a pseudoterminal; otherwise it runs without a termi-
This keyword can be useful for restricting certain public keys
to perform a specific operation, such as a key that permits
remote backups but nothing else.
A client can specify TCP/IP and/or X11 forwardings, unless they
are explicitly prohibited.
These files are the public keys of the hosts to which you connect. They
are updated automatically, unless you set the StrictHostKeyChecking
parameter to yes in the ssh2_config file. If a host's key changes, you
should put the key here only if you are sure that the new key is valid;
for example, you are sure there was no man-in-the-middle attack. The
xxxx is the port on the server, where the sshd2 deamon runs, and the
yyyy is the host (specified on the command line).
If a host key is not found in the user's $HOME/.ssh2/hostkeys direc-
tory, this is the next location to be checked. These files must be
$HOME/.rhosts and $HOME/.shosts
Contains a list of remote users who are not required to supply a pass-
word when they use Secure Shell host-based authentication with the ssh2
Contains the names of remote hosts and users that are equivalent to the
local host or user. An equivalent host or user is allowed to use the
ssh2 command with Secure Shell host-based authentication without sup-
plying a password.
Contains the public host keys of hosts that users need to log in to
when using host based authentication.
The xxxx is the fully qualified domain name (FQDN) and yyyy is the pub-
lic key algorithm. Public key algorithms are ssh-dss and ssh-rsa. For
example, if the FQDN for a host is server1.foo.fi and it has a key
algorithm of ssh-dss, the host key would be server1.foo.fi.ssh-dss.pub
in the knownhosts directory.
A user must add the host name to a $HOME/.shosts file or an
Same as the $HOME/.ssh2/knownhosts/xxxxyyyy.pub file, but system-wide.
This file is overridden if the user puts a file with the same name in
the $HOME/.ssh2/knownhosts directory.
SSH is a registered trademark of SSH Communication Security Ltd.
Commands: ftp(1), scp2(1), ssh2(1), ssh-add2(1), ssh-agent2(1), ssh-
Files: hosts.equiv(4), rhosts(4), shosts(4), ssh2_config(4),
Guides: Security Administration