Bitvise SSH Client 7.36 - sftpc, a command line SFTP client Copyright (C) 2000-2017 by Bitvise Limited. USAGE: sftpc [username@]host[:port] OR -profile=file [-host=host] [-port=port] [-obfs=y|n] [-obfsKw=keyword] [-spn=SPN] [-gkx=y|n] [-gkxDlg=y|n] [-user=username] [-gka] [-gma [-krb OR -ntlm] [-gmaDlg]] [-pk=location [-pp=passphrase]] [-pw=password [-kbdiFallback=y|n]] [-pwKbdi=password] [-kbdi [-sub=submethods]] [-unat=y|n] [-trustLsp=y|n] [-encr=list] [-mac=list] [-cmpr=list] [-kex=list] [-hkey=list] [-ka=y|n] [-kre=y|n] [-noRegistry OR -baseRegistry=registry-key] [-proxy=y|n [-proxyType=type] -proxyServer=server [-proxyPort=port] [-proxyUsername=username [-proxyPassword=password]] [-proxyResolveLocally=y|n]] [-hostKeyFp=fingerprints] [-hostKeyFile=file] [-keypairFile=file [-keypairPassphrase=passphrase]] [-traceLog] [-flowDebugFile=file] [-title=title] [-bg] [-progress=standard|percent|dots|none] [-pipelineSize=kbytes] [[-ce] -cmd=commands OR -cmdFile=file OR commands] PARAMETERS: -profile=file Load session parameters from the specified Bitvise SSH Client profile. If a command line parameter is additionally provided for any of the profile settings, the command line parameter overrides the profile. -host=host The server host to connect to, overriding any already set host. -port=port The port on server host to connect to, overriding any already set port. -obfs=y|n If the SSH server to which you are conecting uses SSH protocol obfuscation, you can use this parameter to enable it. Obfuscation is supported by some SSH servers, and makes it more difficult for an outside observer to detect that the protocol being used is SSH. -obfsKw=keyword If the SSH server to which you are connecting uses an obfuscation keyword, you can use this parameter to provide it. -spn=SPN If specified, Bitvise SSH Client will use the value of this parameter as the service principal name during Kerberos authentication. If not specified, Bitvise SSH Client will use a default, but possibly incorrect, SPN based on the SSH server's host name. -gkx=y|n Enable GSS/Kerberos key exchange with Kerberos host authentication. Disabled by default, but can also be disabled explicitly to override profile setting. -gkxDlg=y|n Permit access delegation. Disabled by default, but can also be disabled explicitly to override profile setting. For use only with GSS/Kerberos key exchange. -user=username The username to login with overriding the already set username. -gka Log in using the gssapi-keyex method. Available only when GSS key exchange with Kerberos host authentication has been performed. Can be combined with other authentication methods, in which case gssapi-keyex is attempted first. -gma Log in using the gssapi-with-mic method. Can be combined with other authentication methods, in which case gssapi-with-mic is attempted after gssapi-keyex. -krb Use gssapi-with-mic with the Kerberos mechanism only. -ntlm Use gssapi-with-mic with the NTLM mechanism only. -gmaDlg Permit access delegation - disabled by default. For use only with gssapi-with-mic user authentication. -pk=location Log in using the 'publickey' method, with the client key stored on the specified location. Can also be combined with other authentication methods, in which case 'publickey' is attempted after gssapi-with-mic. For keypairs stored globally in Windows registry for the currently logged on account, identify the key as or g. For keypairs stored in a profile provided using the -profile parameter, identify the key as p. For keypairs accessible via PuTTY or OpenSSH authentication agents, use t for PuTTY, or o for OpenSSH. Examples: -pk=3 for the third keypair configured globally for the current user; -pk=p1 for the first keypair stored in the provided profile. -pp=passphrase A passphrase for the keypair specified with -pk. -pw=password Log in with the specified password. Can also be combined with other authentication methods, in which case the password is attempted after the publickey method. -kbdiFallback=y|n A variety of servers, especially Unix-based, accept password authentication, but require the password to be sent using the authentication method 'keyboard-interactive' instead of 'password'. If the client cannot authenticate using 'password'; and if the server offers 'keyboard-interactive'; then this option controls whether the SSH Client should fallback and try to send the password using 'keyboard-interactive'. Enabled by default. -pwKbdi=password Log in with the specified password, sent using the 'keyboard-interactive' authentication method. Can also be combined with other authentication methods, in which case the password is attempted after the 'publickey' method. -kbdi Log in with the keyboard-interactive method. Can also be combined with other authentication methods, in which case the keyboard-interactive method is attempted last. -sub=submethods Optional submethods for keyboard-interactive. -trustLsp=y|n If enabled, only a narrow selection of trusted Windows Sockets LSP providers will be used, promoting stability, but at a possible expense of connectivity. If disabled, any LSP that is installed will be used, promoting connectivity, but at a possible expense of stability. By default, only trusted LSPs are used. -unat=y|n Use unattended mode to prevent any user interaction by the SSH session - in particular, host key verification and user authentication. Unattended mode is used by default only with the -cmd or -cmdFile parameters -encr=list Comma-separated priority list of session encryption algorithms. If not specified, the following algorithm list is assumed: aes256-gcm,aes256-ctr,aes192-ctr,aes128-gcm,aes128-ctr,3des-ctr. -mac=list Comma-separated priority list of session MAC algorithms. If not specified, the following algorithm list is assumed: hmac-sha2-256,hmac-sha1. -cmpr=list Comma-separated priority list of session compression algorithms. If not specified, the following algorithm list is assumed: none,zlib. -kex=list Comma-separated priority list of key exchange algorithms. If not specified, the following algorithm list is assumed: diffie-hellman-group16-sha512,diffie-hellman-group15-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,Curve25519,ECDH/secp256k1,ECDH/nistp521,ECDH/nistp384,ECDH/nistp256,diffie-hellman-group-exchange-sha256. If -gkx is specified, the following GSS algorithms are prepended: gss-group16-sha512/Kerberos,gss-group15-sha512/Kerberos,gss-group14-sha256/Kerberos,gss-gex-sha1/Kerberos,gss-group14-sha1/Kerberos. When connecting to non-Bitvise servers, any group exchange algorithms are automatically de-prioritized to the bottom of the list for compatibility reasons. -hkey=list Comma-separated priority list of host key algorithms. If not specified, the following algorithm list is assumed: RSA/sha2-512,RSA/sha2-256,Ed25519,ECDSA/secp256k1,ECDSA/nistp521,ECDSA/nistp384,ECDSA/nistp256,RSA. -ka Keep-alive / broken session detection - enabled by default, but can also be enabled explicitly to override profile. -kre Key re-exchange - enabled by default, but can also be enabled explicitly to override profile. -noRegistry Do not load settings from or store them to Windows registry. Use of global client proxy settings, host key database, and user keypair database is prevented. -baseRegistry=registry-key A base Windows registry key to replace the default 'HKEY_CURRENT_USER\Software\Bitvise' key. -proxy=y|n Use a proxy server, overrides global client proxy settings. -proxyType=type The type of proxy server to use. 'SOCKS4', 'SOCK5', and 'HTTP' proxy types are supported. 'SOCKS4' is set by default. -proxyServer=server The IP address or DNS name of the proxy server. -proxyPort=port The proxy server port, 1080 by default. -proxyUsername=username The proxy server username (SOCKS5 and HTTP only). -proxyPassword=password The proxy server password (SOCKS5 and HTTP only). -proxyResolveLocally=y|n Resolve a DNS name locally before passing it to the proxy when this flag is used. -hostKeyFp=fingerprints A comma-separated list of SHA-256, Bubble-Babble, or MD5 fingerprints of host keys to accept, used additionally to global and per-profile host keys -hostKeyFile=file A file containing host keys to accept, used additionally to global client host key database -keypairFile=file A file containing a private key for authentication. -keypairPassphrase=passphrase Provide a passphrase for the keypair specified with the -keypairFile parameter. Passphrase must always be present when an OpenSSH encoded and passphrase protected keypair is specified. -traceLog Enable trace logging. Causes trace messages to appear in addition to the client's normal output. -flowDebugFile=file Records an extremely detailed debug log of the session in the specified textual file. If the file already exists, it will be appended to. The recording may include potentially sensitive information exchanged over the session, stored in the file in plaintext. -title=title Use this parameter to set a custom console window title. -bg Start downloads and uploads in background by default. -progress=standard|percent|dots|none Changes the way foreground transfer progress is displayed. 'standard' and 'dots' will display inline progress in the form of a percentage or dots. 'none' will display no progress information. 'percent' will use percentage values, but printed each time on a new line. The default value is 'standard' when using console output, and 'dots' when output is redirected to a file. -pipelineSize=kbytes Pipeline size in kilobytes. The default value is 512. The valid range is 16 to 4096. -ce Continue on error: if multiple commands are specified using the -cmd or -cmdFile parameter and one fails, continue with subsequent commands. By default, execution will stop at the first failed command. The return code for the first failed command is returned in all cases, or 0 if all commands succeed. -cmd=commands Establish the session, run semicolon-separated SFTP commands, and exit. There is no prompt for additional user input. All occurences of '"' that are part of the parameter value must be replaced with '\"', e.g. "-cmd=get \"file name.txt\"". See also Return Codes. -cmdFile=file Like -cmd but load commands from the specified textual file, one per line. In the file, there is no need for escaping the quote character as is necessary with -cmd. The file will be interpreted as Unicode or UTF-8 if the respective BOM marker is present. Otherwise, the ANSI code page will be used. Empty lines and lines containing only whitespace are ignored. EXAMPLES: sftpc myserver Logs into 'myserver' with the account name of the current Windows user as the username. Will prompt to choose an authentication method when connected. sftpc someuser@myserver Logs into 'myserver' as 'someuser'; will prompt to choose an authentication method when connected. sftpc someuser@myserver:9222 -bg Logs into 'myserver' on port 9222 as 'someuser'. Transfers will be started in background by default, i.e. if you execute "get x.txt", this will be treated as "get x.txt -bg". Transfers can still be started in foreground using the '-fg' flag, e.g. "get x.txt -fg". See "help get", "help put". sftpc myusername@myserver -pw=mypassword -cmd="cd /temp; get *; put \"a b c\"" With these parameters, sftpc will log into 'myserver' as 'myusername' with password 'mypassword', and it will proceed to execute commands as follows: cd /temp get * put "a b c" Each of these commands is executed in order; if one fails (e.g. if the /temp directory does not exist), the rest will not be executed. sftpc myusername@myserver -pk=g3 -ce cd /temp; get *; put x.txt This is a similar example to the one above, but the additional -ce parameter will cause execution to continue even if an error occurs, and the -pk=g1 parameter will cause the public key with global client key on location 3 to be used instead of a plain password. retry -w=60 -m=10 -f=100,101 sftpc user@host -pw=... put *.log Uses the retry utility, also included with Bitvise SSH Client, to repeatedly execute sftpc if the first attempt fails. This example executes the sftpc transfer up to 10 times (-m=10), waits 60 seconds between attempts (-w=60), and retries only if the exit code is 100 (SSH session failure) or 101 (Failure connecting to server). Run 'retry' without parameters for help. RETURN CODES: 0 Success 1 Unknown failure 2 Usage error 100 SSH session failure 101 Failure connecting to server 102 SSH host authentication failure 103 SSH user authentication failure 200 SFTP session failure 201 SFTP channel failure 202 SFTP request rejected 205 SFTP session closed by server 1000 Failed -cmd command #1 1001 Failed -cmd command #2 ... ... To more easily read the above help, try: sftpc -help-usage (display usage) sftpc -help | more (displays help page by page) sftpc -help > h.txt (creates a text file you can open e.g. with Notepad) sftpc -help-params (display parameters help) sftpc -help- (display help for a particular parameter) sftpc -help-examples (display examples) sftpc -help-codes (display return codes)