sftp -- secure file transfer program

sftp [-1246Cpqrv] [-B buffer_size] [-b batchfile] [-c cipher] [-D sftp_server_path] [-F ssh_config] [-i identity_file]
                    [-l limit] [-o ssh_option] [-P port] [-R num_requests] [-S program] [-s subsystem | sftp_server] host

Performs all operations over an encrypted ssh(1) transport, also uses features of ssh, such as public key authentication and compression.

sftp [user@]host[:file ...] : retrieves files automatically.

sftp [user@]host[:dir[/]] start in a remote directory.

sftp -b batchfile [user@]host : automated session.
          To supress the interactive entering of a password, configure non-interactive authentication ( .netrc ?)

IPv6 addresses must be enclosed in square brackets .

-b file batch read commands from file, - specifies standard input.
Aborts on failure of: get, put, rename, ln, rm, mkdir, chdir, ls, lchdir, chmod, chown, chgrp, lpwd, df, symlink, and lmkdir.
Termination on error can be suppressed by prefixing the command with - (Example: -rm /tmp/blah*).
-p Preserves modification times, access times, and modes from the original files transferred.
-r Recursively copy entire directories when uploading and downloading. does not follow symbolic links
-C compression
-c cipher Selects the cipher to use for encrypting the data transfers.
-F ssh_config alternative configuration
-i identity_file from which the identity (private key) for public key authentication is read. This option is directly passed to ssh(1).
-l limit Limits the used bandwidth, specified in Kbit/s.
-o ssh_option Pass options to ssh in the format used in ssh_config(5), for specifying options for which there is no separate sftp command-line flag.

For example, to specify an alternate port use: sftp -oPort=24.

For full details of the options listed below, and their possible values, see ssh_config(5).

AddressFamily BatchMode BindAddress ChallengeResponseAuthentication CheckHostIP Cipher Ciphers Compression CompressionLevel ConnectionAttempts ConnectTimeout ControlMaster ControlPath ControlPersist GlobalKnownHostsFile GSSAPIAuthentication GSSAPIDelegateCredentials HashKnownHosts Host HostbasedAuthentication HostKeyAlgorithms HostKeyAlias HostName IdentityFile IdentitiesOnly IPQoS KbdInteractiveAuthentication KbdInteractiveDevices KexAlgorithms LogLevel MACs NoHostAuthenticationForLocalhost NumberOfPasswordPrompts PasswordAuthentication PKCS11Provider Port PreferredAuthentications Protocol ProxyCommand PubkeyAuthentication RekeyLimit RhostsRSAAuthentication RSAAuthentication SendEnv ServerAliveInterval ServerAliveCountMax StrictHostKeyChecking TCPKeepAlive UsePrivilegedPort User UserKnownHostsFile VerifyHostKeyDNS
-P port
-q Quiet mode: disables the progress meter as well as warning and diagnostic messages from ssh(1).
-R num_requests Number of outstanding at any one time. default 64
-S program to use for the encrypted connection.
-s subsystem |
SSH2 subsystem or the path for an sftp server on the remote host for using over protocol version 1, or when the remote sshd(8) does not have an sftp subsystem configured.
-1|-2 protocol version
-4|-6 Forces IPv4|IPV6 addresses only.
-B buffer_size when transferring files. Default : 32768 bytes.
-D ftp_srvr_path Connect directly to a local sftp server (rather than via ssh(1)). for debugging server.
-v Raise logging level, also passed to ssh.
Note that after debug1: Exit status 0 enter a to continue


Commands are case insensitive.
Pathnames that contain spaces must be enclosed in quotes.
Any special characters contained within pathnames that are recognized by glob must be escaped with backslashes (\)
cd path Change remote directory
chgrp GID path Change group of file path to GID. path may contain glob(3) characters and may match multiple files.
grp must be a numeric GID.
chmod mode path Change mode (permissions) of file path to mode. path may contain glob(3) characters
chown own path Change owner of file path to own. path may contain glob(3) characters …
own must be a numeric UID.
df [-h] [path] Display usage information for the filesystem holding the current directory (or path if specified).
-h the capacity information will be displayed using "human-readable" suffixes.
get [-Ppr] remote-path [local-path] Retrieve the remote-path and store it locally . If the local path name is not specified, it is given the same name it has on the remote machine. remote-path may contain glob(3) characters and may match multiple files. If it does and local-path is specified, then local-path must specify a directory.
With -P or -p full file permissions and access times are copied .
directories will be copied recursively. does not follow symbolic links
lcd path Change local directory to path.
lmkdir path local mkdir
ln [-s] oldpath newpath link from oldpath to newpath.
With -s link is a symbolic , otherwise it is a hard link.
ls [-1afhlnrSt] [path] remote directory listing of either path or the current directory if path is not specified.
path may contain glob(3) characters and may match multiple files.
-1 single column
-a List files beginning with a dot ('.').
-f Do not sort the listing. The default sort order is lexicographical.
-h With a long format option, unit suffixes: Byte, Kilobyte, Megabyte, Gigabyte … in order to reduce the number of digits to four or fewer using powers of 2 for sizes (K=1024, M=1048576, etc.).
-l Display additional details including permissions and ownership information.
-n user and group IDs numerically.
-r Reverse the sort
-S Sort by file size.
-t Sort by last modification time.
lls [options [path]] local ls ls options may contain any flags supported by the local system's ls command.
path may contain glob(3) characters and may match multiple files.
lumask umask Set local umask to umask.
mkdir path Create remote directory specified by path.
progress Toggle display of progress meter.
put [-Ppr] local-path [remote-path] Upload local-path and store it on the remote machine.
If the remote path name is not specified, it is given the same name it has on the local machine.
local-path may contain glob(3) characters and may match multiple files. If it does and remote-path is specified, then remote-path must specify a directory.

If either the -P or -p flag is specified, then full file permissions and access times are copied too.

If the -r flag is specified then directories will be copied recursively. Note that sftp does not follow symbolic links when performing recursive transfers.

pwd Display remote working directory.
lpwd Display local working directory.
rename oldpath newpath Rename remote file from oldpath to newpath.
rm path Delete remote file specified by path.
rmdir path Remove remote directory specified by path.
symlink oldpath newpath Create a symbolic link from oldpath to newpath.
!command Execute command in local shell.
! Escape to local shell.
?|help help.
/home/dman > sftp myuname@xxx.com
The authenticity of host 'xxx.com (179.197.999.93)' can't be established.
RSA key fingerprint is 3a:c4:63:5a:0b:51:4b:98:2f:e1:8a:79:e4:7a:99:d7.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'xxx.com,179.197.999.93' (RSA) to the list of known hosts.
realger1@real-world-systems.com's password: 
Received message too long 1226858861
This is caused by miscellaneous output from the various login scrpts, profile,.profile,.bachrc, …
Use bc to convert 1226858861 to hex (obase =16 4920616D ), then look up the ASCII characters('I am' as in 'I am .profile , v1.26 called from …' To see what the text is use /usr/bin/ssh dapie /bin/true > out.dat

This is included with the raspberryPi system

Omissions from most ftp programs

There does not seem to be any support for a .netrc file to provide user/password .


ftp(1), ls(1), scp(1), ssh(1), ssh-add(1), ssh-keygen(1), glob(3), ssh_config(5), sftp-server(8), sshd(8)

T. Ylonen and S. Lehtinen, SSH File Transfer Protocol, draft-ietf-secsh-filexfer-00.txt, January 2001, work in progress material. BSD March 19, 2013