sftpg3

sftpg3 — Secure Shell file transfer client - Generation 3

Synopsis

sftpg3 [options...]
[user@] host [#port]

Description

sftpg3 (sftpg3.exe on Windows) is an FTP-like client that can be used for file transfer over the network. sftpg3 launches ssh-broker-g3 to provide a secure transport using the Secure Shell version 2 protocol. ssh-broker-g3 will ask for passwords or passphrases if they are needed for authentication. sftpg3 uses the configuration specified in the ssh-broker-config.xml file.

However, it should be noted that sftpg3 is not designed to be a drop-in replacement for an FTP client. It is an application that implements secure file transfer functionality and has most features that common FTP applications have.

To connect to a remote host using sftpg3, the remote host must be running a Secure Shell version 2 server with the sftp-server subsystem enabled.

Options

The following options are available:

-b buffer_size

Defines maximum buffer size for one request (default: 32768 bytes).

-B batch_file

Uses batch file.

-D, --debug=LEVEL

Sets the debug level. LEVEL is a number from 0 to 99, where 99 specifies that all debug information should be displayed. This should be the first argument on the command line.

-N max_requests

Defines maximum number of requests sent in parallel (default: 10).

-P port

Connects to this Secure Shell port on the remote machine (default: 22).

-v, --verbose

Uses verbose mode (equal to -D 2).

--fips

Uses the FIPS mode.

--password= PASSWORD|file://PASSWORDFILE|extprog://PROGRAM

Sets user password that the client will send as a response to password authentication. The PASSWORD can be given directly as an argument to this option (not recommended), or a path to file containing the password can be given, or a path to a program or a script that outputs the password can be given.

	Caution
Supplying the password on the command line is not a secure option. For example, in a multi-user environment, the password given directly on the command line is trivial to recover from the process table. You should set up a more secure way to authenticate. For non-interactive batch jobs, it is more secure to use public-key authentication without a passphrase, or host-based authentication. At a minimum, use a file or a program to supply the password.

Caution

Supplying the password on the command line is not a secure option. For example, in a multi-user environment, the password given directly on the command line is trivial to recover from the process table. You should set up a more secure way to authenticate. For non-interactive batch jobs, it is more secure to use public-key authentication without a passphrase, or host-based authentication. At a minimum, use a file or a program to supply the password.

--plugin-path=PATH

Sets plugin path to PATH. This is only used in the FIPS mode.

-V, --version

Displays program version and exits.

-?, -h, --help

Displays a short summary of command-line options and exits.

Commands

When sftpg3 is ready to accept commands, it will display the prompt sftp>. The user can then enter any of the following commands:

open [ <hostname> | -l ]

Tries to connect the remote side to the host <hostname>.

Options:

-l: Connects the remote side to the local filesystem (which does not require a server).

lopen [ <hostname> | -l ]

Tries to connect the local side to the host <hostname>. If this is successful, <lls> and friends will operate on the filesystem on that host.

Options:

-l: Connects the local side to the local filesystem (which does not require a server).

close

Closes the remote connection.

lclose

Closes the local connection.

quit

Quits the application.

cd <directory>

Changes the current remote working directory.

lcd <directory>

Changes the current local working directory.

pwd

Prints the name of the current remote working directory.

lpwd

Prints the name of the current local working directory.

ls [-R] [-l] [-S] [-r] [-p] [ <file> ... ]

Lists the names of files on the remote server. For directories, contents are listed. If no arguments are given, the contents of current working directory are listed.

Options:

-R: Directory trees are listed recursively. By default, subdirectories of the arguments are not visited.
-l: Permissions, owners, sizes and modification times are also shown (long format).
-S: Sorting is done based on file sizes (default: alphabetically).
-r: The sort order is reversed.
-p: Only one page of listing is shown at one time.

lls [-R] [-l] [-S] [-r] [-p] [ <file> ... ]

Same as ls, but operates on local files.

get [-p] [--preserve-attributes] [-u] [--unlink-source] [-I] [--interactive] [--overwrite] [--checksum] [-W] [--whole-file] [--checkpoint] [--streaming] [--force-lower-case] [--prefix=PREFIX] [ <file> ... ]

Transfers the specified files from the remote end to the local end. Directories are recursively copied with their contents.

Options:

-p, --preserve-attributes: Tries to retain permissions and timestamps.
-u, --unlink-source: Removes the source file after file transfer. Also directories are removed, if they become empty (move mode).
-I, --interactive: Prompts whether to overwrite an existing destination file (does not work with batch mode).
--overwrite[=yes|no]: Decides whether to overwrite existing destination file(s) (default: yes).
--checksum[=yes|no|md5|sha1|md5-force|sha1-force|checkpoint]: Uses MD5 or SHA-1 checksums or a separate checkpoint database to determine the point in the file where file transfer can be resumed. Files smaller than buffer_size are not checked. Use md5-force or sha1-force with small files (default: yes, i.e. use MD5 checksums).
-W, --whole-file: Does not try incremental checks (default: no, i.e. try incremental checks).
--checkpoint=s<seconds>: Time interval between checkpoint updates (default: 10 seconds).
--streaming[=yes|no|force]: Uses streaming in file transfer if the server supports it. Files smaller than buffer_size are not transferred using streaming. Use force with small files (default: yes).
--checkpoint=b<bytes>: Byte interval between checkpoint updates (default: 10 MB).
--force-lower-case: Destination filename will be converted to lowercase characters.
--prefix=PREFIX: Adds prefix PREFIX to filename during the file transfer. The prefix is removed after the file has been successfully transferred.

mget [options] [ <file> ... ]

Synonymous to get.

put [options] [ <file> ... ]

Transfers the specified files from the local end to the remote end. Directories are recursively copied with their contents.

Options are the same as for get.

mput [options][ <file> ... ]

Synonymous to put.

rm [-I] [--interactive] [ <file> ... ]

Tries to delete file or directory specified in <file>. Directories are removed recursively.

Options:

-I, --interactive: Prompts whether to remove a file or directory (does not work with batch mode).

lrm [options] [ <file> ... ]

Same as rm, but operates on local files.

mkdir <directory>

Tries to create the directory specified in <directory>.

lmkdir <directory>

Same as mkdir, but operates on local files.

rmdir <directory>

Tries to delete the directory specified in <directory>.

lrmdir <directory>

Same as rmdir, but operates on local files.

rename <oldfile> <newfile>

Tries to rename the <oldfile> to <newfile>. If <newfile> already exists, the files are left intact.

lrename <oldfile> <newfile>

Same as rename, but operates on local files.

readlink <path>

Provided that <path> is a symbolic link, shows where the link is pointing to.

lreadlink <path>

Same as readlink, but operates on local files.

symlink <targetpath> <linkpath>

Creates symbolic link <linkpath>, which will point to <targetpath>.

lsymlink <targetpath> <linkpath>

Same as symlink, but operates on local files.

ascii [-s] [<remote_nl_conv>] [<local_nl_conv>]

Sets the transfer mode to ASCII. <remote_nl_conv> sets a remote newline convention. <local_nl_conv> operates on the local side, but is not as useful (the correct local newline convention is usually compiled in, so this is mainly for testing). Please note that these are only hints for the underlying transfer layer, which tries to use the newline convention given by the server wherever possible. You can set either of these to ask, which will cause sftp to prompt you for the newline convention when needed. The available conventions are dos, unix, and mac, using \r\n, \n, and \r as newlines, respectively.

Options:

-s: Only shows current newline convention. Does not set the transfer mode to ASCII.

binary

Files will be transfered in binary mode.

auto

File transfer mode will be selected automatically from the file extension.

setext [ <extension> ... ]

Sets the file extensions that will be ASCII in the auto transfer mode. Normal zsh-fileglob regexps can be used in the file extensions.

getext

Displays the extensions that will be ASCII in the auto transfer mode.

lsroots

Dumps the virtual roots of the server. (This is a VShell extension. Without this you cannot know the filesystem structure of a VShell server.)

llsroots

Same as lsroots, but operates on local files (when the local side has been opened to a VShell server).

chmod [-R] [-f] [-v] OCTAL-MODE [<file> ...], chmod [-R] [-f] [-v] [ugoa][+-=][rwxs] [<file> ...]

Sets file permissions of the specified file or files to the bit pattern OCTAL-MODE or changes permissions according to the symbolic mode [ugoa][+-=][rwxs]. Only one symbolic mode combination is supported.

Options:

-R: Recursively changes files and directories.
-f: Uses silent mode (error messages are suppressed).
-v: Uses verbose mode (lists every file processed).

lchmod [-R] [-f] [-v] OCTAL-MODE [<file> ...], lchmod [-R] [-f] [-v] [ugoa][+-=][rwxs] [<file> ...]

Same as chmod, but operates on local files.

digest [-H] [--hash] [-o] [--offset] [-l] [--length] <file>

Calculates MD5 or SHA-1 digest over file data.

Options:

-H, --hash=[md5|sha1]: Use md5 or sha1 hash alorithm (default: md5).
-o, --offset=OFFSET: Start reading from file offset OFFSET.
-l, --length=LENGTH: Read LENGTH bytes of file data.

ldigest [-H] [--hash] [-o] [--offset] [-l] [--length] <file>

Same as digest, but operates on local files.

setperm <fileperm[:dirperm]>

Sets the default file or directory permission bits for upload. (Prefix fileperm with p to preserve permissions of existing files or directories.)

debug [disable | no | <debuglevel>]

Disables or enables debug. With disable or no, debugging is disabled. Otherwise, sets <debuglevel> as debug level string, as per command-line option -D.

verbose

Enables verbose mode (identical to the debug 2 command). You may later disable verbose mode by debug disable.

help [ <topic> ]

If <topic> is not given, lists the available topics. If <topic> is given, outputs available online help about the topic.

helpall

Outputs available online help about all topics.

Command Interpretation

sftpg3 understands both backslashes (\) and quotation marks (") on the command line. A backslash can be used for ignoring the special meaning of any character in the command-line interpretation. It will be removed even if the character it precedes has no special meaning.

Quotation marks can be used for specifying filenames with spaces.

Also, if you do 'get .' or 'put .' you will get or put every file in the current directory and possibly override files in your current directory.

sftpg3 supports wild cards (also known as glob patterns) given to commands chmod, lchmod, ls, lls, rm, lrm, get, and put.

Exit Values

sftpg3 returns the following values based on the success of the operation:

0     Operation was successful. 
1     Internal error. 
2     Connection aborted by the user.
3     Destination is not a directory, but a directory was specified by the user. 
4     Connecting to the host failed. 
5     Connection lost. 
6     File does not exist. 
7     No permission to access file. 
8     Undetermined error from sshfilexfer. 
101   Wrong command-line arguments specified by the user.

In batch mode, the exit value is based on the succes of the last operation.