vsftp is an interactive file transfer program which performs all operations over a Secure Shell-based strong-encryption enabled transport. vsftp supports SSH features such as public-key authentication, ciphers, and MACs.
Using vsftp
The following is the format for vsftp commands:
vsftp [options] [user@[domain@]]host[:port]
The user@ argument is optional. If it is not specified, your network username will be used.
Options
The following table lists the command-line options that can be used with vsftp commands.
Option |
Argument |
Description |
--accepthostkeys |
|
Instructs vsftp to automatically accept host keys. Note: This option should be used with caution. If a host key has changed, it will invalidate the ability to detect a man-in-the-middle attack. |
|
|
The authentication methods to be used in a comma separated list. Valid methods are keyboard-interactive, publickey, password, gss-ms-kerberos, and gssapi. |
-b |
filename |
Instructs vsftp to use batch mode. For more information on using batch mode, read the VanDyke Support tip "How To Use vsftp Batch Mode To Automate File Transfers" on our website. |
|
|
The cipher that the SSH2 server will use. Protocol strings or display strings are permitted. |
--check-crls |
|
Instructs the application to check certificate revocation lists (CRLs) to ensure that certificates (and any in its chain) have not been listed as revoked. |
--hostkeyalgorithm |
host key algorithm |
Specifies which host key algorithm to use. Valid algorithms are ssh-rsa, ssh-ed25519, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521, ssh-dss, pgp, x509v3-sign-rsa, x509v3-ssh-rsa, x509v3-sign-dss, and x509v3-ssh-dss. Note: The administrative policy for host key algorithms has precedence over the command line option. |
--http-proxy |
hostname[:port] |
Specifies the http proxy to be used during connection. |
|
|
The identity file to use for public-key authentication or a PKCS #12 file to use for X.509 authentication. vsftp also supports accessing certificates through PKCS #11. The locator prefix (e.g., “pkcs11::”) and suffix (e.g., “::standard”) specify which public-key algorithm to use. To use this feature, specify a string similar to one of the following examples but using your PKCS #11 .dll file: pkcs11::prov=c:\windows\system32\opensc-pkcs11.dll pkcs11::prov=c:\windows\system32\pkcs11.dll::cert The above examples use the x509v3-sign-rsa algorithm. pkcs11::prov=c:\windows\system32\opensc-pkcs11.dll::standard The above example uses the x509v3-sign-rsa-sha1 algorithm. pkcs11key::prov=c:\windows\system32\pkcs11.dll The above example uses the ssh-rsa algorithm, which can be used to send the certificate as a raw key. |
--kex |
KEX |
Specifies which key exchange algorithm to use. Valid algorithms are diffie-hellman, diffie-hellman-group14, diffie-hellman-group, diffie-hellman-group-exchange-sha256, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, Kerberos, and any OID in dotted number format) supported by the GSSAPI provider. |
--log |
file |
Specifies the file where vsftp will log all output, in addition to sending it to the console. If the file does not exist, vsftp will create it; or, if the file does exist, vsftp will append the output to it. If used in combination with the -v (verbose) option, the extra verbose output will also be logged. |
-m |
|
The MAC that the SSH2 server will use. |
--no-flock |
|
Disables the use of flock for uploads and downloads. |
--nopreserve |
|
Instructs vsftp not to preserve timestamp and permissions. |
|
|
Fails if prompted for user input. |
|
port |
The port to be used during connection. |
|
|
The passphrase for your private key. |
|
|
Your user password. Valid with password and keyboard-interactive authentication. |
--sftp-version |
version |
Specifies the SFTP version to use. Valid versions are 3, 4, 5, and 6. |
|
|
|
|
|
Socks version 5 server to be used during connection. |
--spn |
hostname |
Allows you to manually specify the SPN (Service Principal Name). The SPN is almost always of the form host@<server canonical name>. An example of a valid string is "host@mail.mydomain.com". If the server is in a different Kerberos realm, the realm name may need to be appended (e.g., host@mail.mydomain.com@KRBS.MYDOMAIN.COM. |
|
|
Displays verbose file transfer information. If you want even more and connection debug information, you can instruct vsftp to display the complete SSH trace output by entering "-v -v" on the command line. |
|
|
The compression level (0-9). By default, the compression level is set to 5. Setting the level to 0 turns off compression. When compression is on, vsftp attempts to use zlib@openssh.com, zlib, and no compression, in that order, when making a connection. |
|
|
Displays usage. |
Interactive Commands
Interactive command options are described below. Commands that specify a path can contain the wildcard characters * and ?. vsftp will expand these wildcard characters. Multiple wildcard characters are permitted in a path (e.g., "*.*" or "*.?"). vsftp also supports file "globbing". The sequence [...] will match any one of the characters enclosed. Within [...], a pair of characters separated by a quotation mark (") matches any character lexically between the two. The backslash can be used to turn off wildcard characters (e.g., \* or \[).
Option |
Argument |
Description |
ascii |
|
Sets the file transfer mode to ASCII. |
binary |
|
Sets the file transfer mode to binary. |
cd |
path |
Changes the remote directory to that specified by the path. |
chgrp |
group path |
Changes group of file "path" to "group". |
chmod |
mode path |
Changes permissions of file "path" to "mode". |
chown |
owner path |
Changes owner of file "path" to "owner". |
close |
|
Closes the connection, but does not exit vsftp. |
detail |
remotepath |
Displays system information about the specified remote file or folder. |
error |
continue | exit | exit-all |
Specifies whether, on a command error, vsftp should continue, exit the file (either from include or batch mode), or exit all files (this also exits the application, if in batch mode). The default behavior is to continue. |
exit |
|
Exits the vsftp application. |
get |
[-r] [- a|-b] [--nopreserve] [--move] [--no-flock] remotepath |
Retrieves the remote path and stores it in the current local directory. The -r argument specifies a recursive get. The -a argument specifies that the files are transferred as ASCII; -b specifies binary. If neither -a nor -b is specified, the current transfer mode will be used (see type command). If the option --nopreserve is specified, the timestamp and permissions will not be preserved. If --move is specified, the file(s) will be moved. If --no-flock is specified, the use of flock for uploads and downloads is disabled. |
help |
|
Displays usage. |
include |
filename or |
Includes the commands in the specified file as though they had been typed in. |
lcd |
path |
Changes the local directory to that specified by the path. |
ldetail |
localpath |
Displays system information about the specified local file or folder. |
lls |
-l [-a] [-d] path |
Displays the local directory listing of either the path or of the current directory if the path is not specified. Adding the -a argument will show all files and folders (including those hidden), and the -d argument will show only directories. |
lmkdir |
path |
Creates local directory specified by the path. |
lmv |
oldpath newpath |
Moves/renames local file. Identical to the local Rename (lrename) command. |
ln |
existingpath linkpath |
Creates symbolic link on remote file. |
lpwd |
|
Prints local working directory. |
lrename |
oldname newname |
Renames the specified file. Identical to the local Move (lmv) command. |
lrm |
path |
Deletes local file. |
lrmdir |
path |
Removes local directory. |
ls |
-l [-a] [-d] path |
Displays the remote directory listing of either the path or of the current directory if the path is not specified. If the -l flag is set, vsftp displays permission and ownership information. Adding the -a argument will show all files and folders (including those hidden), and the -d argument will show only directories. Note: This command, if used with a / (i.e., ls / ), lists the roots when connecting to a server that allows multiple roots, such as VanDyke Software's VShell ® . |
mkdir |
path |
Creates remote directory specified by the path. |
mv |
oldpath newpath |
Moves remote file. |
open |
host[:port] |
Connects to the specified host on the specified port. |
put |
[-r] [- a|-b] [--nopreserve] [--move] [--no-flock] localpath |
Uploads the local path to the currently open directory on the remote machine. The -r argument specifies a recursive put. The -a argument specifies that the files are transferred as ASCII; -b specifies binary. If neither -a nor -b is specified, the current transfer mode will be used (see type comment). If the option --nopreserve is specified, the timestamp and permissions will not be preserved. If --move is specified, the file(s) will be moved. If --no-flock is specified, the use of flock for uploads and downloads is disabled. |
pwd |
|
Prints the remote working directory. |
quit |
|
Quits SFTP. |
rename |
oldpath newpath |
Renames the remote file. |
rm |
[-r] path |
Deletes the remote file specified by the path. Adding the -r argument will initiate a recursive remove operation. |
rmdir |
path |
Deletes the remote directory specified by the path. |
su |
username |
Substitutes the current user with the one specified. Note: This command can only be called if the remote machine is running VShell for Windows 3.5 or later. |
type |
transfer mode |
Displays or sets the file transfer mode. Issuing this command with no parameter will display the current mode; issuing it with a mode parameter (either ascii or binary) will set the mode to that parameter. |
version |
|
Displays the remote vendor information (when available) and the SFTP protocol version. |
view |
filename |
Displays or, if applicable, runs the specified file or files. Displayed files can be modified but changes made will not be uploaded to the original file. |
Examples
The following are examples of vsftp command-line use.
Publickey Authentication, Logging, Batch File for commands
vsftp --log C:\Temp\VSFTPlog.txt -b C:\Temp\vsftp_cmds.txt --auth publickey -i "C:\keys\Identity" --passphrase p@ssph3se bleaker@redhat.com
In the above example, vsftp will authenticate "bleaker" on "redhat.com" using the private key "C:\keys\Identity" with passphrase "p@ssph3se" using public-key authentication. After authentication, the commands in the batch file "vsftp_cmds.txt" will be executed. All information will be logged to a file "VSFTPlog.txt" in the "Temp" folder.
Contents of "vsftp_cmds.txt":
put C:\Temp\file1.txt
put C:\Temp\file2.txt
lcd C:\Temp
get history.txt
Publickey Authentication via indicated SOCKS Proxy Server and Port
vsftp --auth publickey -i "C:\keys\Identity" --passphrase p@ssph3se --socks5 SOCKSserver:1080 bleaker@redhat.com
In this example, vsftp will authenticate "bleaker" on "redhat.com" using the private key "C:\keys\Identity" with passphrase "p@ssph3se" using public-Skey authentication through the "SOCKSserver" port 1080.
Password Authentication, connecting to non-standard Port
vsftp -p 1022 --log C:\Temp\VSFTPlog.txt --pw passw0rd johnson@redhat.com
In the above example, vsftp will use password authentication to authenticate the "johnson" account on "redhat.com" using the password "passw0rd". All information will be logged to the file "VSFTPlog.txt" in the "Temp" directory. Communication will occur over port 1022.