diff options
author | Colin Watson <cjwatson@debian.org> | 2010-03-31 10:46:28 +0100 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2010-03-31 10:46:28 +0100 |
commit | efd3d4522636ae029488c2e9730b60c88e257d2e (patch) | |
tree | 31e02ac3f16090ce8c53448677356b2b7f423683 /sftp.1 | |
parent | bbec4db36d464ea1d464a707625125f9fd5c7b5e (diff) | |
parent | d1a87e462e1db89f19cd960588d0c6b287cb5ccc (diff) |
* New upstream release (LP: #535029).
- After a transition period of about 10 years, this release disables SSH
protocol 1 by default. Clients and servers that need to use the
legacy protocol must explicitly enable it in ssh_config / sshd_config
or on the command-line.
- Remove the libsectok/OpenSC-based smartcard code and add support for
PKCS#11 tokens. This support is enabled by default in the Debian
packaging, since it now doesn't involve additional library
dependencies (closes: #231472, LP: #16918).
- Add support for certificate authentication of users and hosts using a
new, minimal OpenSSH certificate format (closes: #482806).
- Added a 'netcat mode' to ssh(1): "ssh -W host:port ...".
- Add the ability to revoke keys in sshd(8) and ssh(1). (For the Debian
package, this overlaps with the key blacklisting facility added in
openssh 1:4.7p1-9, but with different file formats and slightly
different scopes; for the moment, I've roughly merged the two.)
- Various multiplexing improvements, including support for requesting
port-forwardings via the multiplex protocol (closes: #360151).
- Allow setting an explicit umask on the sftp-server(8) commandline to
override whatever default the user has (closes: #496843).
- Many sftp client improvements, including tab-completion, more options,
and recursive transfer support for get/put (LP: #33378). The old
mget/mput commands never worked properly and have been removed
(closes: #270399, #428082).
- Do not prompt for a passphrase if we fail to open a keyfile, and log
the reason why the open failed to debug (closes: #431538).
- Prevent sftp from crashing when given a "-" without a command. Also,
allow whitespace to follow a "-" (closes: #531561).
Diffstat (limited to 'sftp.1')
-rw-r--r-- | sftp.1 | 93 |
1 files changed, 77 insertions, 16 deletions
@@ -1,4 +1,4 @@ | |||
1 | .\" $OpenBSD: sftp.1,v 1.69 2008/12/09 15:35:00 sobrado Exp $ | 1 | .\" $OpenBSD: sftp.1,v 1.83 2010/02/08 10:50:20 markus Exp $ |
2 | .\" | 2 | .\" |
3 | .\" Copyright (c) 2001 Damien Miller. All rights reserved. | 3 | .\" Copyright (c) 2001 Damien Miller. All rights reserved. |
4 | .\" | 4 | .\" |
@@ -22,7 +22,7 @@ | |||
22 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 22 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
23 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 23 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
24 | .\" | 24 | .\" |
25 | .Dd $Mdocdate: December 9 2008 $ | 25 | .Dd $Mdocdate: February 8 2010 $ |
26 | .Dt SFTP 1 | 26 | .Dt SFTP 1 |
27 | .Os | 27 | .Os |
28 | .Sh NAME | 28 | .Sh NAME |
@@ -31,12 +31,15 @@ | |||
31 | .Sh SYNOPSIS | 31 | .Sh SYNOPSIS |
32 | .Nm sftp | 32 | .Nm sftp |
33 | .Bk -words | 33 | .Bk -words |
34 | .Op Fl 1Cv | 34 | .Op Fl 1246Cpqrv |
35 | .Op Fl B Ar buffer_size | 35 | .Op Fl B Ar buffer_size |
36 | .Op Fl b Ar batchfile | 36 | .Op Fl b Ar batchfile |
37 | .Op Fl c Ar cipher | ||
38 | .Op Fl D Ar sftp_server_path | ||
37 | .Op Fl F Ar ssh_config | 39 | .Op Fl F Ar ssh_config |
40 | .Op Fl i Ar identity_file | ||
38 | .Op Fl o Ar ssh_option | 41 | .Op Fl o Ar ssh_option |
39 | .Op Fl P Ar sftp_server_path | 42 | .Op Fl P Ar port |
40 | .Op Fl R Ar num_requests | 43 | .Op Fl R Ar num_requests |
41 | .Op Fl S Ar program | 44 | .Op Fl S Ar program |
42 | .Op Fl s Ar subsystem | sftp_server | 45 | .Op Fl s Ar subsystem | sftp_server |
@@ -87,6 +90,16 @@ The options are as follows: | |||
87 | .Bl -tag -width Ds | 90 | .Bl -tag -width Ds |
88 | .It Fl 1 | 91 | .It Fl 1 |
89 | Specify the use of protocol version 1. | 92 | Specify the use of protocol version 1. |
93 | .It Fl 2 | ||
94 | Specify the use of protocol version 2. | ||
95 | .It Fl 4 | ||
96 | Forces | ||
97 | .Nm | ||
98 | to use IPv4 addresses only. | ||
99 | .It Fl 6 | ||
100 | Forces | ||
101 | .Nm | ||
102 | to use IPv6 addresses only. | ||
90 | .It Fl B Ar buffer_size | 103 | .It Fl B Ar buffer_size |
91 | Specify the size of the buffer that | 104 | Specify the size of the buffer that |
92 | .Nm | 105 | .Nm |
@@ -124,12 +137,26 @@ character (for example, | |||
124 | Enables compression (via ssh's | 137 | Enables compression (via ssh's |
125 | .Fl C | 138 | .Fl C |
126 | flag). | 139 | flag). |
140 | .It Fl c Ar cipher | ||
141 | Selects the cipher to use for encrypting the data transfers. | ||
142 | This option is directly passed to | ||
143 | .Xr ssh 1 . | ||
144 | .It Fl D Ar sftp_server_path | ||
145 | Connect directly to a local sftp server | ||
146 | (rather than via | ||
147 | .Xr ssh 1 ) . | ||
148 | This option may be useful in debugging the client and server. | ||
127 | .It Fl F Ar ssh_config | 149 | .It Fl F Ar ssh_config |
128 | Specifies an alternative | 150 | Specifies an alternative |
129 | per-user configuration file for | 151 | per-user configuration file for |
130 | .Xr ssh 1 . | 152 | .Xr ssh 1 . |
131 | This option is directly passed to | 153 | This option is directly passed to |
132 | .Xr ssh 1 . | 154 | .Xr ssh 1 . |
155 | .It Fl i Ar identity_file | ||
156 | Selects the file from which the identity (private key) for public key | ||
157 | authentication is read. | ||
158 | This option is directly passed to | ||
159 | .Xr ssh 1 . | ||
133 | .It Fl o Ar ssh_option | 160 | .It Fl o Ar ssh_option |
134 | Can be used to pass options to | 161 | Can be used to pass options to |
135 | .Nm ssh | 162 | .Nm ssh |
@@ -175,6 +202,7 @@ For full details of the options listed below, and their possible values, see | |||
175 | .It NoHostAuthenticationForLocalhost | 202 | .It NoHostAuthenticationForLocalhost |
176 | .It NumberOfPasswordPrompts | 203 | .It NumberOfPasswordPrompts |
177 | .It PasswordAuthentication | 204 | .It PasswordAuthentication |
205 | .It PKCS11Provider | ||
178 | .It Port | 206 | .It Port |
179 | .It PreferredAuthentications | 207 | .It PreferredAuthentications |
180 | .It Protocol | 208 | .It Protocol |
@@ -186,7 +214,6 @@ For full details of the options listed below, and their possible values, see | |||
186 | .It SendEnv | 214 | .It SendEnv |
187 | .It ServerAliveInterval | 215 | .It ServerAliveInterval |
188 | .It ServerAliveCountMax | 216 | .It ServerAliveCountMax |
189 | .It SmartcardDevice | ||
190 | .It StrictHostKeyChecking | 217 | .It StrictHostKeyChecking |
191 | .It TCPKeepAlive | 218 | .It TCPKeepAlive |
192 | .It UsePrivilegedPort | 219 | .It UsePrivilegedPort |
@@ -194,16 +221,25 @@ For full details of the options listed below, and their possible values, see | |||
194 | .It UserKnownHostsFile | 221 | .It UserKnownHostsFile |
195 | .It VerifyHostKeyDNS | 222 | .It VerifyHostKeyDNS |
196 | .El | 223 | .El |
197 | .It Fl P Ar sftp_server_path | 224 | .It Fl P Ar port |
198 | Connect directly to a local sftp server | 225 | Specifies the port to connect to on the remote host. |
199 | (rather than via | 226 | .It Fl p |
200 | .Xr ssh 1 ) . | 227 | Preserves modification times, access times, and modes from the |
201 | This option may be useful in debugging the client and server. | 228 | original files transferred. |
229 | .It Fl q | ||
230 | Quiet mode: disables the progress meter as well as warning and | ||
231 | diagnostic messages from | ||
232 | .Xr ssh 1 . | ||
202 | .It Fl R Ar num_requests | 233 | .It Fl R Ar num_requests |
203 | Specify how many requests may be outstanding at any one time. | 234 | Specify how many requests may be outstanding at any one time. |
204 | Increasing this may slightly improve file transfer speed | 235 | Increasing this may slightly improve file transfer speed |
205 | but will increase memory usage. | 236 | but will increase memory usage. |
206 | The default is 64 outstanding requests. | 237 | The default is 64 outstanding requests. |
238 | .It Fl r | ||
239 | Recursively copy entire directories when uploading and downloading. | ||
240 | Note that | ||
241 | .Nm | ||
242 | does not follow symbolic links encountered in the tree traversal. | ||
207 | .It Fl S Ar program | 243 | .It Fl S Ar program |
208 | Name of the | 244 | Name of the |
209 | .Ar program | 245 | .Ar program |
@@ -294,7 +330,7 @@ extension. | |||
294 | Quit | 330 | Quit |
295 | .Nm sftp . | 331 | .Nm sftp . |
296 | .It Xo Ic get | 332 | .It Xo Ic get |
297 | .Op Fl P | 333 | .Op Fl Ppr |
298 | .Ar remote-path | 334 | .Ar remote-path |
299 | .Op Ar local-path | 335 | .Op Ar local-path |
300 | .Xc | 336 | .Xc |
@@ -313,10 +349,20 @@ If it does and | |||
313 | is specified, then | 349 | is specified, then |
314 | .Ar local-path | 350 | .Ar local-path |
315 | must specify a directory. | 351 | must specify a directory. |
316 | If the | 352 | .Pp |
353 | If either the | ||
317 | .Fl P | 354 | .Fl P |
355 | or | ||
356 | .Fl p | ||
318 | flag is specified, then full file permissions and access times are | 357 | flag is specified, then full file permissions and access times are |
319 | copied too. | 358 | copied too. |
359 | .Pp | ||
360 | If the | ||
361 | .Fl r | ||
362 | flag is specified then directories will be copied recursively. | ||
363 | Note that | ||
364 | .Nm | ||
365 | does not follow symbolic links when performing recursive transfers. | ||
320 | .It Ic help | 366 | .It Ic help |
321 | Display help text. | 367 | Display help text. |
322 | .It Ic lcd Ar path | 368 | .It Ic lcd Ar path |
@@ -347,7 +393,7 @@ to | |||
347 | .It Ic lpwd | 393 | .It Ic lpwd |
348 | Print local working directory. | 394 | Print local working directory. |
349 | .It Xo Ic ls | 395 | .It Xo Ic ls |
350 | .Op Fl 1aflnrSt | 396 | .Op Fl 1afhlnrSt |
351 | .Op Ar path | 397 | .Op Ar path |
352 | .Xc | 398 | .Xc |
353 | Display a remote directory listing of either | 399 | Display a remote directory listing of either |
@@ -372,6 +418,11 @@ List files beginning with a dot | |||
372 | .It Fl f | 418 | .It Fl f |
373 | Do not sort the listing. | 419 | Do not sort the listing. |
374 | The default sort order is lexicographical. | 420 | The default sort order is lexicographical. |
421 | .It Fl h | ||
422 | When used with a long format option, use unit suffixes: Byte, Kilobyte, | ||
423 | Megabyte, Gigabyte, Terabyte, Petabyte, and Exabyte in order to reduce | ||
424 | the number of digits to four or fewer using powers of 2 for sizes (K=1024, | ||
425 | M=1048576, etc.). | ||
375 | .It Fl l | 426 | .It Fl l |
376 | Display additional details including permissions | 427 | Display additional details including permissions |
377 | and ownership information. | 428 | and ownership information. |
@@ -394,7 +445,7 @@ Create remote directory specified by | |||
394 | .It Ic progress | 445 | .It Ic progress |
395 | Toggle display of progress meter. | 446 | Toggle display of progress meter. |
396 | .It Xo Ic put | 447 | .It Xo Ic put |
397 | .Op Fl P | 448 | .Op Fl Ppr |
398 | .Ar local-path | 449 | .Ar local-path |
399 | .Op Ar remote-path | 450 | .Op Ar remote-path |
400 | .Xc | 451 | .Xc |
@@ -412,10 +463,20 @@ If it does and | |||
412 | is specified, then | 463 | is specified, then |
413 | .Ar remote-path | 464 | .Ar remote-path |
414 | must specify a directory. | 465 | must specify a directory. |
415 | If the | 466 | .Pp |
467 | If ether the | ||
416 | .Fl P | 468 | .Fl P |
417 | flag is specified, then the file's full permission and access time are | 469 | or |
470 | .Fl p | ||
471 | flag is specified, then full file permissions and access times are | ||
418 | copied too. | 472 | copied too. |
473 | .Pp | ||
474 | If the | ||
475 | .Fl r | ||
476 | flag is specified then directories will be copied recursively. | ||
477 | Note that | ||
478 | .Nm | ||
479 | does not follow symbolic links when performing recursive transfers. | ||
419 | .It Ic pwd | 480 | .It Ic pwd |
420 | Display remote working directory. | 481 | Display remote working directory. |
421 | .It Ic quit | 482 | .It Ic quit |