Code:
C:\>sftpc /?
Bitvise Tunnelier 4.16 - sftpc, a command line SFTP client.
Copyright (C) 2000-2006 by Bitvise Limited.
Portions Copyright (C) 1995-2003 by Wei Dai.
USAGE:
sftpc [username@]host[:port] OR -profile=file [-host=host] [-port=port] [-spn=SPN] [-sspi=y|n] [-dlg=y|n]
[-user=username] [-gka] [-gma [-krb OR -ntlm]] [-pk=slot [-pp=passphrase]] [-pw=password] [-kbdi
[-sub=submethods]]
[-cmd=commands OR -cmdFile=file [-ce]] [-bg]
[-encr=list] [-mac=list] [-cmpr=list] [-dhkex=list] [-hkey=list] [-ka=y|n] [-kre=y|n]
[-unat=y|n]
[-noRegistry]
[-proxy=y|n [-proxyType=type] -proxyServer=server [-proxyPort=port] [-proxyUsername=username
[-proxyPassword=password]] [-proxyResolveLocally]]
[-hostKeyMD5=MD5-fingerprint] [-hostKeyBB=Bubble-Babble] [-hostKeyFile=file]
[-keypairFile=file [-keypairPassphrase=passphrase]]
[-traceLevel=level [-traceFile=file]]
PARAMETERS:
-profile=file
Load connect parameters from the specified Tunnelier profile. Server host, port, SPN, SSPI, username, initial
authentication method, algorithms, keep alive and re-exchange settings are loaded. If a command line parameter is
additionally specified for any of these, it overrides the corresponding profile setting.
-host=host
The server host to connect to overriding the already set host.
-port=port
The port on server host to connect to overriding the already set port.
-spn=SPN
If specified, Tunnelier will use the value of this parameter as the service principal name during Kerberos
authentication. If not specified, Tunnelier will use a default, but possibly incorrect, SPN based on the SSH server's
host name.
-sspi=y|n
SSPI/Kerberos 5 host authentication - disabled by default, but can also be disabled explicitly to override profile
setting.
-dlg=y|n
Permit access delegation - disabled by default, but can also be disabled explicitly to override profile setting. For
use only with SSPI/Kerberos 5 host authentication.
-user=username
The username to login with overriding the already set username.
-gka
Log in using the gssapi-keyex method. Available only when SSPI/Kerberos 5 host authentication has been performed. Can
also be combined with other authentication methods, in which case gssapi-keyex is attempted first.
-gma
Log in using the gssapi-with-mic method. Can also be combined with other authentication methods, in which case
gssapi-with-mic is attempted after gssapi-keyex.
-krb
Use gssapi-with-mic with the Kerberos 5 mechanism only.
-ntlm
Use gssapi-with-mic with the NTLM mechanism only.
-pk=slot
Log in using the publickey method, with the keypair at the specified slot. Can also be combined with other
authentication methods, in which case publickey is attempted after gssapi-with-mic.
-pp=passphrase
A passphrase for the keypair specified with -pk.
-pw=password
Log in with the specified password. Can also be combined with other authentication methods, in which case the password
is attempted after the publickey method.
-kbdi
Log in with the keyboard-interactive method. Can also be combined with other authentication methods, in which case the
keyboard-interactive method is attempted last.
-sub=submethods
Optional submethods for keyboard-interactive.
-cmd=commands
Establish the session, run semicolon-separated SFTP commands, and exit. There is no prompt for additional user input.
All occurences of '"' that are part of the parameter value must be replaced with '\"', e.g. "-cmd=get \"file
name.txt\"". See also Return Codes.
-cmdFile=file
Like -cmd but load commands from the specified textual file, one per line. In the file, there is no need for escaping
the quote character as is necessary with -cmd. The file will be interpreted as Unicode or UTF-8 if the respective BOM
marker is present. Otherwise, the ANSI code page will be used. Empty lines and lines containing only whitespace are
ignored.
-ce
Continue on error: if multiple commands are specified using the -cmd or -cmdFile parameter and one fails, continue
with subsequent commands. By default, execution will stop at the first failed command. The return code for the first
failed command is returned in all cases, or 0 if all commands succeed.
-bg
Start downloads and uploads in background by default.
-encr=list
Comma-separated priority list of session encryption algorithms. If not specified, the following algorithm list is
assumed: aes256-cbc,twofish256-cbc,twofish-cbc,aes128-cbc,twofish128-cbc,blowfish-cbc,3des-cbc,arcfour,cast128-cbc.
-mac=list
Comma-separated priority list of session MAC algorithms. If not specified, the following algorithm list is assumed:
hmac-sha1,hmac-md5,hmac-sha1-96,hmac-md5-96.
-cmpr=list
Comma-separated priority list of session compression algorithms. If not specified, the following algorithm list is
assumed: none.
-dhkex=list
Comma-separated priority list of DH key exchange algorithms. If not specified, the following algorithm list is
assumed: diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1, plus any GSSAPI
key exchange methods if -sspi was specified.
-hkey=list
Comma-separated priority list of host key algorithms. If not specified, the following algorithm list is assumed:
ssh-dss,ssh-rsa.
-ka
Keep-alive / broken session detection - enabled by default, but can also be enabled explicitly to override profile.
-kre
Key re-exchange - enabled by default, but can also be enabled explicitly to override profile.
-unat=y|n
Use unattended mode to prevent any user interaction by the SSH session - in particular, host key verification and user
authentication. Unattended mode is used by default only with the -cmd or -cmdFile parameters
-noRegistry
Do not load settings from or store them to Windows registry. Use of global client proxy settings, host key database,
and user keypair database is prevented.
-proxy=y|n
Use a proxy server, overrides global client proxy settings.
-proxyType=type
The type of proxy server to use. 'SOCKS4', 'SOCK5', and 'HTTP' proxy types are supported. 'SOCKS4' is set by default.
-proxyServer=server
The IP address or DNS name of the proxy server.
-proxyPort=port
The proxy server port, 1080 by default.
-proxyUsername=username
The proxy server username (SOCKS5 and HTTP only).
-proxyPassword=password
The proxy server password (SOCKS5 and HTTP only).
-proxyResolveLocally
Resolve a DNS name locally before passing it to the proxy when this flag is used.
-hostKeyMD5=MD5-fingerprint
A MD5 fingerprint of the host key to accept, used additionally to global client host key database
-hostKeyBB=Bubble-Babble
A Bubble-Babble of the host key to accept, used additionally to global client host key database
-hostKeyFile=file
A file containing host keys to accept, used additionally to global client host key database
-keypairFile=file
A file containing a private key for authentication; overrides keys in global client user keypair database.
-keypairPassphrase=passphrase
Provide a passphrase for the keypair specified with the -keypairFile parameter. Passphrase must always be present when
an OpenSSH encoded and passphrase protected keypair is specified.
-traceLevel=level
An integer number in the range 0-3, default 0 (no tracing). If non-zero, low-level session information such as packets
sent and received will be logged. A higher number means more information will be recorded. At trace level 3, all data
sent across the SSH connection will be logged.
-traceFile=file
If a non-zero trace level is specified, a textual file to write trace messages to. If not specified, trace messages
are written to standard output. When writing trace messages to standard output, they will be cut off at 200
characters. When tracing, a trace file should usually be used.
EXAMPLES:
sftpc myserver
Logs into 'myserver' with the account name of the current Windows user as the username. Will prompt to choose an
authentication method when connected.
sftpc someuser@myserver
Logs into 'myserver' as 'someuser'; will prompt to choose an authentication method when connected.
sftpc someuser@myserver:9222 -bg
Logs into 'myserver' on port 9222 as 'someuser'. Transfers will be started in background by default, i.e. if you
execute "get x.txt", this will be treated as "get x.txt -bg". Transfers can still be started in foreground using the
'-fg' flag, e.g. "get x.txt -fg". See "help get", "help put".
sftpc myusername@myserver -pw=mypassword -cmd="cd /temp; get *; put \"a b c\""
With these parameters, sftpc will log into 'myserver' as 'myusername' with password 'mypassword', and it will proceed
to execute commands as follows:
cd /temp
get *
put "a b c"
Each of these commands is executed in order; if one fails (e.g. if the /temp directory does not exist), the rest will
not be executed.
sftpc myusername@myserver -pk=1 -ce -cmd="cd /temp; get *; put x.txt"
This is a similar example to the one above, but the additional -ce parameter will cause execution to continue even if
an error occurs, and the -pk=1 parameter will cause the public key in slot 1 to be used instead of a plain password.
RETURN CODES:
0 Success
1 Unknown failure
2 Usage error
100 SSH session failure
101 Failure connecting to server
102 SSH host authentication failure
103 SSH user authentication failure
200 SFTP session failure
201 SFTP channel failure
202 SFTP request rejected
203 SFTP initialization failure
204 SFTP protocol failure
205 SFTP session closed by server
1000 Failed -cmd command #1
1001 Failed -cmd command #2
... ...
To more easily read the above help, try:
sftpc -help-usage (display usage)
sftpc -help | more (displays help page by page)
sftpc -help > h.txt (creates a text file you can open e.g. with Notepad)
sftpc -help-params (display parameters help)
sftpc -help-<param> (display help for a particular parameter)
sftpc -help-examples (display examples)
sftpc -help-codes (display return codes)