Overview of vsftp


vsftp is an interactive file transfer program which performs all operations over a Secure Shell-based strong-encryption enabled transport. vsftp supports SSH features such as public-key authentication, ciphers, and MACs.

Using vsftp

The following is the format for vsftp commands:

vsftp [options] [user@[domain@]]host[:port]

The user@ argument is optional. If it is not specified, your network username will be used.

Options

The following table lists the command-line options that can be used with vsftp commands.

Option

Argument

Description

--accepthostkeys

 

Instructs vsftp to automatically accept host keys.

Note: This option should be used with caution. If a host key has changed, it will invalidate the ability to detect a man-in-the-middle attack.

--auth

authentication list

The authentication methods to be used in a comma separated list. Valid methods are keyboard-interactive, publickey, password, gss-ms-kerberos, and gssapi.

-b

filename

Instructs vsftp to use batch mode. For more information on using batch mode, read the VanDyke Support tip "How To Use vsftp Batch Mode To Automate File Transfers" on our website.

-c

cipher

The cipher [An algorithm used to encrypt data at varying levels of security. Examples include 3DES, AES, Blowfish, RC4, and Twofish.] that the SSH2 server [A computer program that provides services to other computer programs (called clients). Often the computer on which a server program runs is also called a server. The term host is often used as a synonym for server.] will use. Protocol strings or display strings are permitted.

--check-crls

 

Instructs the application to check certificate revocation lists (CRLs) to ensure that certificates (and any in its chain) have not been listed as revoked.

--hostkeyalgorithm

host key algorithm

Specifies which host key algorithm to use. Valid algorithms are ssh-rsa, ssh-ed25519, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521, ssh-dss, pgp, x509v3-sign-rsa, x509v3-ssh-rsa, x509v3-sign-dss, and x509v3-ssh-dss.

Note: The administrative policy for host key algorithms has precedence over the command line option.

--http-proxy

hostname[:port]

Specifies the http proxy to be used during connection.

-i

file

The identity file to use for public-key authentication or a PKCS #12 file to use for X.509 authentication.

vsftp also supports accessing certificates through PKCS #11. The locator prefix (e.g., “pkcs11::”) and suffix (e.g., “::standard”) specify which public-key algorithm to use. To use this feature, specify a string similar to one of the following examples but using your PKCS #11 .dll file:

pkcs11::prov=c:\windows\system32\opensc-pkcs11.dll

pkcs11::prov=c:\windows\system32\pkcs11.dll::cert

The above examples use the x509v3-sign-rsa algorithm.

pkcs11::prov=c:\windows\system32\opensc-pkcs11.dll::standard

The above example uses the x509v3-sign-rsa-sha1 algorithm.

pkcs11key::prov=c:\windows\system32\pkcs11.dll

The above example uses the ssh-rsa algorithm, which can be used to send the certificate as a raw key.

--kex

KEX

Specifies which key exchange algorithm to use. Valid algorithms are diffie-hellman, diffie-hellman-group14, diffie-hellman-group, diffie-hellman-group-exchange-sha256, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, Kerberos, and any OID in dotted number format) supported by the GSSAPI provider.

--log

file

Specifies the file where vsftp will log all output, in addition to sending it to the console. If the file does not exist, vsftp will create it; or, if the file does exist, vsftp will append the output to it. If used in combination with the -v (verbose) option, the extra verbose output will also be logged.

-m

MAC

The MAC that the SSH2 server will use.

--no-flock

 

Disables the use of flock for uploads and downloads.

--nopreserve

 

Instructs vsftp not to preserve timestamp and permissions.

--noprompt

 

Fails if prompted for user input.

-p

port

The port to be used during connection.

--passphrase

passphrase

The passphrase for your private key.

--pw

password

Your user password. Valid with password and keyboard-interactive authentication.

--sftp-version

version

Specifies the SFTP version to use. Valid versions are 3, 4, 5, and 6.

--socks4

server[:port]

Socks version 4 server to be used during connection.

--socks5

server[:port]

Socks version 5 server to be used during connection.

--spn

hostname

Allows you to manually specify the SPN (Service Principal Name). The SPN is almost always of the form host@<server canonical name>. An example of a valid string is "host@mail.mydomain.com". If the server is in a different Kerberos realm, the realm name may need to be appended (e.g., host@mail.mydomain.com@KRBS.MYDOMAIN.COM.

-v

 

Displays verbose file transfer information. If you want even more and connection debug information, you can instruct vsftp to display the complete SSH trace output by entering "-v -v" on the command line.

-z

n

The compression level (0-9). By default, the compression level is set to 5. Setting the level to 0 turns off compression. When compression is on, vsftp attempts to use zlib@openssh.com, zlib, and no compression, in that order, when making a connection.

-?
--help

 

Displays usage.

Interactive Commands

Interactive command options are described below. Commands that specify a path can contain the wildcard characters * and ?. vsftp will expand these wildcard characters. Multiple wildcard characters are permitted in a path (e.g., "*.*" or "*.?"). vsftp also supports file "globbing". The sequence [...] will match any one of the characters enclosed. Within [...], a pair of characters separated by a quotation mark (") matches any character lexically between the two. The backslash can be used to turn off wildcard characters (e.g., \* or \[).

Option

Argument

Description

ascii

 

Sets the file transfer mode to ASCII.

binary

 

Sets the file transfer mode to binary.

cd

path

Changes the remote directory to that specified by the path.

chgrp

group path

Changes group of file "path" to "group".

chmod

mode path

Changes permissions of file "path" to "mode".

chown

owner path

Changes owner of file "path" to "owner".

close

 

Closes the connection, but does not exit vsftp.

detail

remotepath

Displays system information about the specified remote file or folder.

error

continue | exit | exit-all

Specifies whether, on a command error, vsftp should continue, exit the file (either from include or batch mode), or exit all files (this also exits the application, if in batch mode).

The default behavior is to continue.

exit

 

Exits the vsftp application.

get

[-r] [- a|-b] [--nopreserve] [--move] [--no-flock] remotepath

Retrieves the remote path and stores it in the current local directory. The -r argument specifies a recursive get. The -a argument specifies that the files are transferred as ASCII; -b specifies binary. If neither -a nor -b is specified, the current transfer mode will be used (see type command). If the option --nopreserve is specified, the timestamp and permissions will not be preserved. If --move is specified, the file(s) will be moved. If --no-flock is specified, the use of flock for uploads and downloads is disabled.

help

 

Displays usage.

include

filename  or
< filename

Includes the commands in the specified file as though they had been typed in.

lcd

path

Changes the local directory to that specified by the path.

ldetail

localpath

Displays system information about the specified local file or folder.

lls

-l [-a] [-d] path

Displays the local directory listing of either the path or of the current directory if the path is not specified. Adding the -a argument will show all files and folders (including those hidden), and the -d argument will show only directories.

lmkdir

path

Creates local directory specified by the path.

lmv

oldpath newpath

Moves/renames local file. Identical to the local Rename (lrename) command.

ln

existingpath linkpath

Creates symbolic link on remote file.

lpwd

 

Prints local working directory.

lrename

oldname newname

Renames the specified file. Identical to the local Move (lmv) command.

lrm

path

Deletes local file.

lrmdir

path

Removes local directory.

ls

-l [-a] [-d] path

Displays the remote directory listing of either the path or of the current directory if the path is not specified. If the -l flag is set, vsftp displays permission and ownership information. Adding the -a argument will show all files and folders (including those hidden), and the -d argument will show only directories.

Note: This command, if used with a / (i.e., ls / ), lists the roots when connecting to a server that allows multiple roots, such as VanDyke Software's VShell ® .

mkdir

path

Creates remote directory specified by the path.

mv

oldpath newpath

Moves remote file.

open

host[:port]

Connects to the specified host on the specified port.

put

[-r] [- a|-b] [--nopreserve] [--move] [--no-flock] localpath

Uploads the local path to the currently open directory on the remote machine. The -r argument specifies a recursive put. The -a argument specifies that the files are transferred as ASCII; -b specifies binary. If neither -a nor -b is specified, the current transfer mode will be used (see type comment). If the option --nopreserve is specified, the timestamp and permissions will not be preserved. If --move is specified, the file(s) will be moved. If --no-flock is specified, the use of flock for uploads and downloads is disabled.

pwd

 

Prints the remote working directory.

quit

 

Quits SFTP.

rename

oldpath newpath

Renames the remote file.

rm

[-r] path

Deletes the remote file specified by the path. Adding the -r argument will initiate a recursive remove operation.

rmdir

path

Deletes the remote directory specified by the path.

su

username

Substitutes the current user with the one specified.

Note: This command can only be called if the remote machine is running VShell for Windows 3.5 or later.

type

transfer mode

Displays or sets the file transfer mode. Issuing this command with no parameter will display the current mode; issuing it with a mode parameter (either ascii or binary) will set the mode to that parameter.

version

 

Displays the remote vendor information (when available) and the SFTP protocol version.

view

filename

Displays or, if applicable, runs the specified file or files. Displayed files can be modified but changes made will not be uploaded to the original file.

Examples

The following are examples of vsftp command-line use.

Publickey Authentication, Logging, Batch File for commands

vsftp --log C:\Temp\VSFTPlog.txt -b C:\Temp\vsftp_cmds.txt --auth publickey -i "C:\keys\Identity" --passphrase p@ssph3se bleaker@redhat.com

In the above example, vsftp will authenticate "bleaker" on "redhat.com" using the private key "C:\keys\Identity" with passphrase "p@ssph3se" using public-key authentication. After authentication, the commands in the batch file "vsftp_cmds.txt" will be executed. All information will be logged to a file "VSFTPlog.txt" in the "Temp" folder.

Contents of "vsftp_cmds.txt":

put C:\Temp\file1.txt

put C:\Temp\file2.txt

lcd C:\Temp

get history.txt

Publickey Authentication via indicated SOCKS Proxy Server and Port

vsftp --auth publickey -i "C:\keys\Identity" --passphrase p@ssph3se --socks5 SOCKSserver:1080 bleaker@redhat.com

In this example, vsftp will authenticate "bleaker" on "redhat.com" using the private key "C:\keys\Identity" with passphrase "p@ssph3se" using public-Skey authentication through the "SOCKSserver" port 1080.

Password Authentication, connecting to non-standard Port

vsftp -p 1022 --log C:\Temp\VSFTPlog.txt --pw passw0rd johnson@redhat.com

In the above example, vsftp will use password authentication to authenticate the "johnson" account on "redhat.com" using the password "passw0rd". All information will be logged to the file "VSFTPlog.txt" in the "Temp" directory. Communication will occur over port 1022.