Show Contents / Index / Search

sftp Command Line Options

The sftp syntax is:

sftp [-b buffer_size] [-B batch_file] [-c cipher] [-D debug_level] [-h] [-m mac_algorithm] [-N max_requests] [-o option] [-P port] [-v] [-V] [[user@]host[#port]]

Options are available in both a single-character form (such as -o) and a descriptive equivalent (--option). Single characters are shown here. To view the descriptive equivalents, use the -h command line option.

-b buffer_size

Specifies the buffer size used for data transfer. The default is 32768 bytes. The minimum allowed value is 1024. The maximum value is limited by the amount of physical memory on your computer. In most cases the default value provides close to optimal transfer speeds. On some systems, moderate increases to the buffer size can improve performance. Caution: Using very large buffer sizes rarely improves performance and can create problems including: slower transfers, transfer failures with servers that don't support very large buffers, and fatal errors when client or server memory limits are exceeded.

-B batch_file

Specifies a file to use for batch processing sftp commands. After a successful login, sftp executes each command in the specified file until a bye, exit or quit command is found, and then terminates the connection. Authentication methods that require user interaction are not supported in this mode. The batch file can use any of the interactive commands documented below. If a command in the batch file fails, sftp continues executing the remaining commands, and returns the error code of the first failed command. However, commands prefixed with "-" (dash) always return 0, even if the command fails.

-c cipher

Specifies one or more (comma-separated) encryption algorithm supported by the client. The client and server agree on a cipher during the key exchange portion of the connection process. The client presents a list of supported ciphers in order of preference. The cipher used for a given session is the first item in this list that is also supported by the server. Allowed values are `aes128-ctr', `aes128-cbc', aes192-ctr', `aes192-cbc', `aes256-ctr', `aes256-cbc', `blowfish-cbc', `arcfour', `arcfour128', `arcfour256', `cast128-cbc', and `3des-cbc'.

You can also set this value to `none'. When `none' is the agreed on cipher, data is not encrypted. Note that this method provides no confidentiality protection, and is not recommended.

The following values are provided for convenience: `aes' (all supported aes ciphers), `blowfish' (equivalent to `blowfish-cbc'), `cast' (equivalent to `cast128-cbc'), `3des' (equivalent to `3des-cbc'), `Any' or `AnyStd' (all available ciphers plus `none'), and `AnyCipher' or `AnyStdCipher' (all available ciphers). If no cipher is specified, the cipher is determined by the Ciphers keyword in the Secure Shell configuration file ssh2_config(5); the default is `AnyStdCipher'.

-D debug_level

Sets the debug level. Increasing the value increases the amount of information displayed. Use 1, 2, 3, or 99. (Values 4-98 are accepted, but are equivalent to 3.)


Displays a brief summary of command options.

-m mac_algorithm

Specifies which MACs (message authentication codes) are supported for this connection. Allowed values are `hmac-sha1', `hmac-sha1-96', `hmac-md5', `hmac-md5-96'; and `hmac-ripemd160'. Use `AnyMac' to support all of these. Use `AnyStdMac' to support `hmac-sha1', `hmac-sha1-96', `hmac-md5', and `hmac-md5-96'. Additional options are `none', `any' (equivalent to AnyMac plus `none'), and `AnyStd' (equivalent to `AnyStdMac' plus `none'). Multiple MACs can also be specified as a comma-separated list. When `none' is the agreed on MAC, no message authentication code is used. Because this provides no data integrity protection, options that include `none' are not recommended.

-N max_requests

Specifies the maximum number of concurrent requests. Increasing this may slightly improve file transfer speed, but also increases memory use. The default is 16.

-o option

Sets any option that can be configured using a configuration file keyword. For a list of keywords and their meanings, see ssh2_config(5). Syntax alternatives are shown below. Use quotation marks to contain expressions that include spaces.

-o key1=value

-o key1="sample value"

-o "key1 value"

To configure multiple options, use multiple -o switches.

-o key1=value -o key2=value

--overwrite [yes|no|ask]

Specifies whether or not to overwrite existing destination files. The allowed values are `yes', `no', and `ask'. The default is `yes'.

-P port

Specifies the port to connect to on the server. The default is 22, which is the standard port for Secure Shell connections. You can also configure the port in the configuration file using the Port keyword.


Sets the debug level to verbose mode, which is equivalent to setting the debug level to 2. You can also configure this in the configuration file using the VerboseMode keyword.


Displays product name and version information and exits. If other options are specified on the command line, they are ignored.

Related Topics

Secure File Transfer (sftp)

Use sftp Interactively

Run sftp Batch Files

Supported sftp Commands