Bitvise Tunnelier 4.14 - sftpc, a command line SFTP client. Copyright (C) 2000-2006 by Bitvise Limited. Portions Copyright (C) 1995-2003 by Wei Dai. USAGE: sftpc [username@]host[:port] OR -profile=file [-spn=SPN] [-sspi=y|n] [-dlg=y|n] [-gka] [-gma [-krb OR -ntlm]] [-pk=slot [-pp=passphrase]] [-pw=password] [-kbdi [-sub=submethods]] [-cmd=commands OR -cmdFile=file [-ce]] [-bg] [-encr=list] [-mac=list] [-cmpr=list] [-dhkex=list] [-hkey=list] [-ka=y|n] [-kre=y|n] [-unat=y|n] [-noRegistry] [-proxy=y|n [-proxyType=type] -proxyServer=server [-proxyPort=port] [-proxyUsername=username [-proxyPassword=password]] [-proxyResolveLocally]] [-hostKeyMD5=MD5-fingerprint] [-hostKeyBB=Bubble-Babble] [-hostKeyFile=file] [-keypairFile=file [-keypairPassphrase=passphrase]] [-traceLevel=level [-traceFile=file]] PARAMETERS: -profile=file Load connect parameters from the specified Tunnelier profile. Server host, port, SPN, SSPI, username, initial authentication method, algorithms, keep alive and re-exchange settings are loaded. If a command line parameter is additionally specified for any of these, it overrides the corresponding profile setting. -spn=SPN If specified, Tunnelier will use the value of this parameter as the service principal name during Kerberos authentication. If not specified, Tunnelier will use a default, but possibly incorrect, SPN based on the SSH server's host name. -sspi=y|n SSPI/Kerberos 5 host authentication - disabled by default, but can also be disabled explicitly to override profile setting. -dlg=y|n Permit access delegation - disabled by default, but can also be disabled explicitly to override profile setting. For use only with SSPI/Kerberos 5 host authentication. -gka Log in using the gssapi-keyex method. Available only when SSPI/Kerberos 5 host authentication has been performed. Can also be combined with other authentication methods, in which case gssapi-keyex is attempted first. -gma Log in using the gssapi-with-mic method. Can also be combined with other authentication methods, in which case gssapi-with-mic is attempted after gssapi-keyex. -krb Use gssapi-with-mic with the Kerberos 5 mechanism only. -ntlm Use gssapi-with-mic with the NTLM mechanism only. -pk=slot Log in using the publickey method, with the keypair at the specified slot. Can also be combined with other authentication methods, in which case publickey is attempted after gssapi-with-mic. -pp=passphrase A passphrase for the keypair specified with -pk. -pw=password Log in with the specified password. Can also be combined with other authentication methods, in which case the password is attempted after the publickey method. -kbdi Log in with the keyboard-interactive method. Can also be combined with other authentication methods, in which case the keyboard-interactive method is attempted last. -sub=submethods Optional submethods for keyboard-interactive. -cmd=commands Establish the session, run semicolon-separated SFTP commands, and exit. There is no prompt for additional user input. All occurences of '"' that are part of the parameter value must be replaced with '\"', e.g. "-cmd=get \"file name.txt\"". See also Return Codes. -cmdFile=file Like -cmd but load commands from the specified textual file, one per line. In the file, there is no need for escaping the quote character as is necessary with -cmd. The file will be interpreted as Unicode or UTF-8 if the respective BOM marker is present. Otherwise, the ANSI code page will be used. Empty lines and lines containing only whitespace are ignored. -ce Continue on error: if multiple commands are specified using the -cmd or -cmdFile parameter and one fails, continue with subsequent commands. By default, execution will stop at the first failed command. The return code for the first failed command is returned in all cases, or 0 if all commands succeed. -bg Start downloads and uploads in background by default. -encr=list Comma-separated priority list of session encryption algorithms. If not specified, the following algorithm list is assumed: aes256-cbc,twofish256-cbc, twofish-cbc,aes128-cbc,twofish128-cbc,blowfish-cbc,3des-cbc,arcfour,cast128-cb c. -mac=list Comma-separated priority list of session MAC algorithms. If not specified, the following algorithm list is assumed: hmac-sha1,hmac-md5,hmac-sha1-96,hmac-md5- 96. -cmpr=list Comma-separated priority list of session compression algorithms. If not specified, the following algorithm list is assumed: none. -dhkex=list Comma-separated priority list of DH key exchange algorithms. If not specified, the following algorithm list is assumed: diffie-hellman-group14-sha1,diffie-he llman-group-exchange-sha1,diffie-hellman-group1-sha1, plus any GSSAPI key exchange methods if -sspi was specified. -hkey=list Comma-separated priority list of host key algorithms. If not specified, the following algorithm list is assumed: ssh-dss,ssh-rsa. -ka Keep-alive / broken session detection - enabled by default, but can also be enabled explicitly to override profile. -kre Key re-exchange - enabled by default, but can also be enabled explicitly to override profile. -unat=y|n Use unattended mode to prevent any user interaction by the SSH session - in particular, host key verification and user authentication. Unattended mode is used by default only with the -cmd or -cmdFile parameters -noRegistry Do not load settings from or store them to Windows registry. Use of global client proxy settings, host key database, and user keypair database is prevented. -proxy=y|n Use a proxy server, overrides global client proxy settings. -proxyType=type The type of proxy server to use. 'SOCKS4', 'SOCK5', and 'HTTP' proxy types are supported. 'SOCKS4' is set by default. -proxyServer=server The IP address or DNS name of the proxy server. -proxyPort=port The proxy server port, 1080 by default. -proxyUsername=username The proxy server username (SOCKS5 and HTTP only). -proxyPassword=password The proxy server password (SOCKS5 and HTTP only). -proxyResolveLocally Resolve a DNS name locally before passing it to the proxy when this flag is used. -hostKeyMD5=MD5-fingerprint A MD5 fingerprint of the host key to accept, used additionally to global client host key database -hostKeyBB=Bubble-Babble A Bubble-Babble of the host key to accept, used additionally to global client host key database -hostKeyFile=file A file containing host keys to accept, used additionally to global client host key database -keypairFile=file A file containing a private key for authentication; overrides keys in global client user keypair database. -keypairPassphrase=passphrase Provide a passphrase for the keypair specified with the -keypairFile parameter. Passphrase must always be present when an OpenSSH encoded and passphrase protected keypair is specified. -traceLevel=level An integer number in the range 0-3, default 0 (no tracing). If non-zero, low-level session information such as packets sent and received will be logged. A higher number means more information will be recorded. At trace level 3, all data sent across the SSH connection will be logged. -traceFile=file If a non-zero trace level is specified, a textual file to write trace messages to. If not specified, trace messages are written to standard output. When writing trace messages to standard output, they will be cut off at 200 characters. When tracing, a trace file should usually be used. EXAMPLES: sftpc myserver Logs into 'myserver' with the account name of the current Windows user as the username. Will prompt to choose an authentication method when connected. sftpc someuser@myserver Logs into 'myserver' as 'someuser'; will prompt to choose an authentication method when connected. sftpc someuser@myserver:9222 -bg Logs into 'myserver' on port 9222 as 'someuser'. Transfers will be started in background by default, i.e. if you execute "get x.txt", this will be treated as "get x.txt -bg". Transfers can still be started in foreground using the '-fg' flag, e.g. "get x.txt -fg". See "help get", "help put". sftpc myusername@myserver -pw=mypassword -cmd="cd /temp; get *; put \"a b c\"" With these parameters, sftpc will log into 'myserver' as 'myusername' with password 'mypassword', and it will proceed to execute commands as follows: cd /temp get * put "a b c" Each of these commands is executed in order; if one fails (e.g. if the /temp directory does not exist), the rest will not be executed. sftpc myusername@myserver -pk=1 -ce -cmd="cd /temp; get *; put x.txt" This is a similar example to the one above, but the additional -ce parameter will cause execution to continue even if an error occurs, and the -pk=1 parameter will cause the public key in slot 1 to be used instead of a plain password. RETURN CODES: 0 Success 1 Unknown failure 2 Usage error 100 SSH session failure 101 Failure connecting to server 102 SSH host authentication failure 103 SSH user authentication failure 200 SFTP session failure 201 SFTP channel failure 202 SFTP request rejected 203 SFTP initialization failure 204 SFTP protocol failure 205 SFTP session closed by server 1000 Failed -cmd command #1 1001 Failed -cmd command #2 ... ... To more easily read the above help, try: sftpc -help-usage (display usage) sftpc -help | more (displays help page by page) sftpc -help > h.txt (creates a text file you can open e.g. with Notepad) sftpc -help-params (display parameters help) sftpc -help- (display help for a particular parameter) sftpc -help-examples (display examples) sftpc -help-codes (display return codes)