FTPS(1) BSD General Commands Manual FTPS(1)NAMEftps — ARPANET file transfer program
SYNOPSISftps [-46adeginptUvV] [-P port] [-s src_addr] [-z securemode]
[host [port]]
ftps ftp://[user:password@]host[:port]/file[/]
ftps http://host[:port]/file
ftps host:[/path/]file[/]
DESCRIPTIONftps is the user interface to the ARPANET standard File Transfer Proto‐
col. The program allows a user to transfer files to and from a remote
network site. The version supports IPv6 (Internet protocol version 6),
as well as IPv4.
The latter three usage formats will fetch a file using either the HTTP or
FTP protocols into the current directory. This is ideal for scripts.
Refer to AUTO-FETCHING FILES below for more information.
Options may be specified at the command line, or to the command inter‐
preter.
-4 Forces ftps to use IPv4 addresses only.
-6 Forces ftps to use IPv6 addresses only.
-a Causes ftps to bypass normal login procedure, and use an
anonymous login instead.
-d Enables debugging.
-e Disables command line editing.
-g Disables file name globbing.
-i Turns off interactive prompting during multiple file trans‐
fers.
-n Restrains ftps from attempting “auto-login” upon initial con‐
nection. If auto-login is enabled, ftps will check the
.netrc (see below) file in the user's home directory for an
entry describing an account on the remote machine. If no
entry exists, ftps will prompt for the remote machine login
name (default is the user identity on the local machine),
and, if necessary, prompt for a password and an account with
which to login.
-p Enables passive mode operation for use behind connection fil‐
tering firewalls. Using the pftp command has the same
effect.
-P port Sets the port number to port.
-s src_addr
Sets the local IP address for all connections to src_addr,
which can be an IP address or a host name.
-t Enables packet tracing.
-U Disable data port range restrictions.
-v Enable verbose mode. This is the default if input is from a
terminal. Forces ftps to show all responses from the remote
server, as well as report on data transfer statistics.
-V Disable verbose mode, overriding the default of enabled when
input is from a terminal.
-z This option causes ftps to use the TLS/SSL encryption. There
are several valid values for securemode:
Security policy options
secure Don't fall back into the non-secure mode if the
TLS/SSL handshake fails.
nosecure
Disable the TLS/SSL encryption at all and allow only
non-secure connections.
Protocol negotiation options
tls Use only the RFC2228-compliant FTP-TLS negotiation
mode; don't try to negotiate something different.
ssl Use only the FTP-SSL compatibility mode (for early
implementations of the FTP-SSL upgrade); don't try to
negotiate something different.
By default both FTP-TLS and FTP-SSL security extensions and
the non-secure standard mode are allowed.
Options inside both groups above are mutually exclusive, but
a protocol negotiation option may be used after a security
policy option to specify the security extension to be used
(in this case it overrides the nosecure option and turns on
the TLS/SSL encryption with the selected negotiation mode).
verify=level
Set the X.509 certificate verification level. Possi‐
ble values are:
0 (default) - if not using an anonymous cipher (it is
disabled by default), the server will send the cer‐
tificate which will be checked. The handshake will be
continued regardless of the verification result.
1 - the server certificate is verified. If the veri‐
fication process fails, the TLS/SSL handshake is
immediately terminated. If no server certificate is
sent, because an anonymous cipher is used, this
option is ignored.
cert=certfile
The certificate to use.
key=keyfile
The private key that matches the certificate speci‐
fied by the cert option. If this is not specified
(but cert is), the cert=certfile will be searched for
the private key. Both files are assumed to be in PEM
format.
ftps expects that the server certificate presented for the
data connection must match with one used for the control con‐
nection.
Alternate verify locations
CAfile=cafile
The file which contains the trusted CA certificate in
PEM format. The file can contain several CA certifi‐
cates.
CApath=capath
The directory which contains trusted CA certificates
in PEM format. Each file contains one CA certificate.
The files are looked up by the CA subject name hash
value, which must hence be available. If more than
one CA certificate with the same name hash value
exist, the extension must be different (e.g.
9d66eef0.0, 9d66eef0.1 etc). The search is performed
in the ordering of the extension number.
CRLfile=crlfile
The file that contains the Certificate Revocation
List (CRL) in PEM format. The file can contain sev‐
eral CRLs.
CRLpath=crlpath
The directory which contains CRLs in PEM format. Each
file contains one CRL. The files are looked up by
the issuer name hash value, which must hence be
available. If more than one CRL with the same name
hash value exist, the extension must be different
(e.g. 9d66eef0.r0, 9d66eef0.r1 etc). The search is
performed in the ordering of the extension number.
If none of both CAfile and CApath (or CRLfile and CRLpath)
are specified (and similar pairs of environment variables
too), both cafile and capath (or crlfile and crlpath) will be
set to default values, otherwise each of cafile and capath
(crlfile and crlpath) will be set to specified values or, if
values are not specified, thay will be blanked out. The
default values are cert.pem and crl.pem files for cafile and
crlfile, respectively, and certs/ subdirectory in OpenSSL
directory is the default value for both capath and crlpath.
When looking up CA certificates, they will be searched in
cafile, then those in capath. Certificate matching is done
based on the subject name, the key identifier (if present),
and the serial number as taken from the certificate to be
verified. If the first certificate which matching the parame‐
ters is found, the verification process will be performed.
CRLs are looked up in the similar order: they will be
searched in crlfile, then those in crlpath. CRL matching is
done based on the issuer name. If the first CRL for this
issuer is found, the verification process will be performed.
cipher=cipherlist
The cipher preference list (it also can be specified
by the environment variable). The cipherlist consists
of one or more cipher strings separated by colons.
The actual cipher string can take several different
forms. It can consists of a single cipher suite. It
can represent a list of cipher suites containing a
certain algorithm, or cipher suites of a certain
type. Note that the cipher list, which is specified
by the command line, overrides one from the environ‐
ment.
Lists of cipher suites can be combined in a single
cipher string using the + character. It is used as
the logical and operation.
Each cipher string can be optionally preceded by the
characters !, - or +. If ! is used then the ciphers
are permanently deleted from the list. If - is used
then the ciphers are deleted from the list, but some
of all of them can be added again by later options.
If + is used then the ciphers are moved to the end of
the list. Additionally the cipher string @STRENGTH
can be used at any point to sort the current cipher
list in order of an encryption algorithm key length.
The following is the short list of permitted cipher
strings and their meanings, see the accompanying doc‐
umentation for more information.
DEFAULT - The default cipher list (determined at a
compilation time).
ALL - All cipher suites except the ciphers those
offering no encryption.
HIGH - "High" encryption cipher suites (those with
key lengths larger than 128 bits).
MEDIUM - "Medium" encryption cipher suites (those
using 128 bit encryption).
LOW - "Low" encryption cipher suites (those using 64
or 56 bit encryption algorithms but excluding export
cipher suites).
EXP, EXPORT - Export encryption algorithms (including
40 and 56 bits algorithms).
TLSv1, SSLv3, SSLv2 - TLS v1.0, SSL v3.0 or SSL v2.0
cipher suites respectively.
noprot Do not try to turn on the TLS/SSL protection of data
connections during establishing the secure connection
with server. By default ftps turns on protection dur‐
ing the user login if the FTP-TLS negotiation was
successful and the remote server supports this secu‐
rity level. In the FTP-SSL compatibility mode all
data connections are implicitly secure.
logfile=logfile
The file where the TLS/SSL debugging information will
be logged.
debug Turn on the TLS/SSL debugging code.
The client host with which ftps is to communicate may be specified on the
command line. If this is done, ftps will immediately attempt to estab‐
lish a connection to an FTP server on that host; otherwise, ftps will
enter its command interpreter and await instructions from the user. When
ftps is awaiting commands from the user the prompt ‘ftps>’ is provided to
the user. The following commands are recognized by ftps:
! [command [args]]
Invoke an interactive shell on the local machine. If there
are arguments, the first is taken to be a command to execute
directly, with the rest of the arguments as its arguments.
$ macro-name [args]
Execute the macro macro-name that was defined with the macdef
command. Arguments are passed to the macro unglobbed.
account [passwd]
Supply a supplemental password required by a remote system
for access to resources once a login has been successfully
completed. If no argument is included, the user will be
prompted for an account password in a non-echoing input mode.
append local-file [remote-file]
Append a local file to a file on the remote machine. If
remote-file is left unspecified, the local file name is used
in naming the remote file after being altered by any ntrans
or nmap setting. File transfer uses the current settings for
type, format, mode and structure.
ascii Set the file transfer type to network ASCII. This is the
default type.
bell Arrange that a bell be sounded after each file transfer com‐
mand is completed.
binary Set the file transfer type to support binary image transfer.
bye Terminate the FTP session with the remote server and exit
ftps. An end of file will also terminate the session and
exit.
case Toggle remote computer file name case mapping during mget
commands. When case is on (default is off), remote computer
file names with all letters in upper case are written in the
local directory with the letters mapped to lower case.
cd remote-directory
Change the working directory on the remote machine to
remote-directory.
cdup Change the remote machine working directory to the parent of
the current remote machine working directory.
chmod mode file-name
Change the permission modes of the file file-name on the
remote system to mode.
close Terminate the FTP session with the remote server, and return
to the command interpreter. Any defined macros are erased.
cr Toggle carriage return stripping during ascii type file
retrieval. Records are denoted by a carriage return/linefeed
sequence during ascii type file transfer. When cr is on (the
default), carriage returns are stripped from this sequence to
conform with the UNIX single linefeed record delimiter.
Records on non-UNIX remote systems may contain single line‐
feeds; when an ascii type transfer is made, these linefeeds
may be distinguished from a record delimiter only when cr is
off.
delete remote-file
Delete the file remote-file on the remote machine.
debug [debug-value]
Toggle debugging mode. If an optional debug-value is speci‐
fied, it is used to set the debugging level. When debugging
is on, ftps prints each command sent to the remote machine,
preceded by the string ‘-->’
dir [remote-directory [local-file]]
Print a listing of the contents of a directory on the remote
machine. The listing includes any system-dependent informa‐
tion that the server chooses to include; for example, most
UNIX systems will produce output from the command ‘ls -l’.
(See also ls.) If remote-directory is left unspecified, the
current working directory is used. If interactive prompting
is on, ftps will prompt the user to verify that the last
argument is indeed the target local file for receiving dir
output. If no local file is specified, or if local-file is
‘-’, the output is sent to the terminal.
As this command provides extra information which is system-
dependent, you should use the nlist command instead if you
only want a plain list of files.
disconnect A synonym for close.
edit Toggle command line editing, and context sensitive command
and file completion. This is automatically enabled if input
is from a terminal, and disabled otherwise.
epsv4 Toggle use of EPSV/EPRT commands on IPv4 FTP sessions. Turn‐
ing this option off may remedy problems with some firewalls,
e.g., IPFilter.
epsv6 Toggle use of EPSV/EPRT commands on IPv6 FTP sessions.
exit A synonym for bye.
features Request the remote FTP server for a list of supported exten‐
sions using the FEAT command.
ftp host [port]
A synonym for open.
form format
Set the file transfer form to format. The default format is
“file”.
get remote-file [local-file]
Retrieve the remote-file and store it on the local machine.
If the local file name is not specified, it is given the same
name it has on the remote machine, subject to alteration by
the current case, ntrans and nmap settings. The current set‐
tings for type, form, mode and structure are used while
transferring the file.
gate [host [port]]
Toggle gate-ftp mode. This will not be permitted if the
gate-ftp server hasn't been set (either explicitly by the
user, or from the FTPSERVER environment variable). If host
is given, then gate-ftp mode will be enabled, and the gate-
ftp server will be set to host. If port is also given, that
will be used as the port to connect to on the gate-ftp
server.
glob Toggle filename expansion for mdelete, mget and mput. If
globbing is turned off with glob, the file name arguments are
taken literally and not expanded. Globbing for mput is done
as in csh(1). For mdelete and mget, each remote file name is
expanded separately on the remote machine and the lists are
not merged. Expansion of a directory name is likely to be
different from expansion of the name of an ordinary file: the
exact result depends on the foreign operating system and ftp
server, and can be previewed by doing ‘mls remote-files -’
Note: mget and mput are not meant to transfer entire direc‐
tory subtrees of files. That can be done by transferring a
tar(1) archive of the subtree (in binary mode).
hash [size]
Toggle hash-sign (``#'') printing for each data block trans‐
ferred. The size of a data block defaults to 1024 bytes.
This can be changed by specifying size in bytes.
help [command]
Print an informative message about the meaning of command.
If no argument is given, ftps prints a list of the known com‐
mands.
idle [seconds]
Set the inactivity timer on the remote server to seconds sec‐
onds. If seconds is omitted, the current inactivity timer is
printed.
lcd [directory]
Change the working directory on the local machine. If no
directory is specified, the user's home directory is used.
less file A synonym for page.
lpwd Print the working directory on the local machine.
ls [remote-directory [local-file]]
A synonym for dir.
macdef macro-name
Define a macro. Subsequent lines are stored as the macro
macro-name; a null line (consecutive newline characters in a
file or carriage returns from the terminal) terminates macro
input mode. There is a limit of 16 macros and 4096 total
characters in all defined macros. Macros remain defined
until a close command is executed. The macro processor
interprets `$' and `\' as special characters. A `$' followed
by a number (or numbers) is replaced by the corresponding
argument on the macro invocation command line. A `$' fol‐
lowed by an `i' signals that macro processor that the execut‐
ing macro is to be looped. On the first pass `$i' is
replaced by the first argument on the macro invocation com‐
mand line, on the second pass it is replaced by the second
argument, and so on. A `\' followed by any character is
replaced by that character. Use the `\' to prevent special
treatment of the `$'.
mdelete [remote-files]
Delete the remote-files on the remote machine.
mdir remote-files local-file
Like dir, except multiple remote files may be specified. If
interactive prompting is on, ftps will prompt the user to
verify that the last argument is indeed the target local file
for receiving mdir output.
mget remote-files
Expand the remote-files on the remote machine and do a get
for each file name thus produced. See glob for details on
the filename expansion. Resulting file names will then be
processed according to case, ntrans and nmap settings. Files
are transferred into the local working directory, which can
be changed with ‘lcd directory’; new local directories can be
created with ‘! mkdir directory’.
mkdir directory-name
Make a directory on the remote machine.
mls remote-files local-file
Like ls, except multiple remote files may be specified, and
the local-file must be specified. If interactive prompting
is on, ftps will prompt the user to verify that the last
argument is indeed the target local file for receiving mls
output.
mode [mode-name]
Set the file transfer mode to mode-name. The default mode is
“stream” mode.
modtime file-name
Show the last modification time of the file on the remote
machine.
more file A synonym for page.
mput local-files
Expand wild cards in the list of local files given as argu‐
ments and do a put for each file in the resulting list. See
glob for details of filename expansion. Resulting file names
will then be processed according to ntrans and nmap settings.
msend local-files
A synonym for mput.
newer file-name
Get the file only if the modification time of the remote file
is more recent that the file on the current system. If the
file does not exist on the current system, the remote file is
considered newer. Otherwise, this command is identical to
get.
nlist [remote-directory [local-file]]
Print a list of the files in a directory on the remote
machine. If remote-directory is left unspecified, the cur‐
rent working directory is used. If interactive prompting is
on, ftps will prompt the user to verify that the last argu‐
ment is indeed the target local file for receiving ls output.
If no local file is specified, or if local-file is -, the
output is sent to the terminal.
Note that this command only returns the filenames in the
remote directory. If you wish to see more information about
the files (often size, modification time, and so on), you
should use the dir command instead.
nmap [inpattern outpattern]
Set or unset the filename mapping mechanism. If no arguments
are specified, the filename mapping mechanism is unset. If
arguments are specified, remote filenames are mapped during
mput commands and put commands issued without a specified
remote target filename. If arguments are specified, local
filenames are mapped during mget commands and get commands
issued without a specified local target filename. This com‐
mand is useful when connecting to a non-UNIX remote computer
with different file naming conventions or practices. The
mapping follows the pattern set by inpattern and outpattern.
[Inpattern] is a template for incoming filenames (which may
have already been processed according to the ntrans and case
settings). Variable templating is accomplished by including
the sequences `$1', `$2', ..., `$9' in inpattern. Use `\' to
prevent this special treatment of the `$' character. All
other characters are treated literally, and are used to
determine the nmap [inpattern] variable values. For example,
given inpattern $1.$2 and the remote file name "mydata.data",
$1 would have the value "mydata", and $2 would have the value
"data". The outpattern determines the resulting mapped file‐
name. The sequences `$1', `$2', ...., `$9' are replaced by
any value resulting from the inpattern template. The
sequence `$0' is replace by the original filename. Addition‐
ally, the sequence ‘[seq1, seq2]’ is replaced by [seq1] if
seq1 is not a null string; otherwise it is replaced by seq2.
For example, the command
nmap $1.$2.$3 [$1,$2].[$2,file]
would yield the output filename "myfile.data" for input file‐
names "myfile.data" and "myfile.data.old", "myfile.file" for
the input filename "myfile", and "myfile.myfile" for the
input filename ".myfile". Spaces may be included in
outpattern, as in the example: `nmap $1 sed "s/ *$//" > $1'
. Use the `\' character to prevent special treatment of the
`$','[',']' and `,' characters.
ntrans [inchars [outchars]]
Set or unset the filename character translation mechanism.
If no arguments are specified, the filename character trans‐
lation mechanism is unset. If arguments are specified, char‐
acters in remote filenames are translated during mput com‐
mands and put commands issued without a specified remote tar‐
get filename. If arguments are specified, characters in
local filenames are translated during mget commands and get
commands issued without a specified local target filename.
This command is useful when connecting to a non-UNIX remote
computer with different file naming conventions or practices.
Characters in a filename matching a character in inchars are
replaced with the corresponding character in outchars. If
the character's position in inchars is longer than the length
of outchars, the character is deleted from the file name.
open host [port]
Establish a connection to the specified host FTP server. An
optional port number may be supplied, in which case, ftps
will attempt to contact an FTP server at that port. If the
auto-login option is on (default), ftps will also attempt to
automatically log the user in to the FTP server (see below).
page file Retrieve file and display with the program defined in PAGER
(which defaults to more(1)).
passive Toggle passive mode. If passive mode is turned on (default
is off), the ftp client will send a PASV command for all data
connections instead of the usual PORT command. The PASV com‐
mand requests that the remote server open a port for the data
connection and return the address of that port. The remote
server listens on that port and the client connects to it.
When using the more traditional PORT command, the client lis‐
tens on a port and sends that address to the remote server,
who connects back to it. Passive mode is useful when using
ftps through a gateway router or host that controls the
directionality of traffic. (Note that though ftp servers are
required to support the PASV command by RFC 1123, some do
not. Please note that if you are connecting to IPv6 ftp
server, the program will use EPSV/EPRT pair and LPSV/LPRT
pair, instead of PASV and PORT. The meaning is the same.)
preserve Toggle preservation of modification times on retrieved files.
progress Toggle display of transfer progress bar. The progress bar
will be disabled for a transfer that has local-file as ‘-’ or
a command that starts with ‘|’. Refer to FILE NAMING
CONVENTIONS for more information.
prompt Toggle interactive prompting. Interactive prompting occurs
during multiple file transfers to allow the user to selec‐
tively retrieve or store files. If prompting is turned off
(default is on), any mget or mput will transfer all files,
and any mdelete will delete all files.
When prompting is on, the following commands are available at
a prompt:
n Do not transfer the file.
a Answer ‘yes’ to the current file, and automatically
answer ‘yes’ to any remaining files for the current
command.
p Answer ‘yes’ to the current file, and turn off
prompt mode (as if “prompt off” had been given).
Any other reponse will answer ‘yes’ to the current file.
prot Toggle TLS/SSL protection of data connections if remote
server supports this operation (in FTP-SSL compatibility mode
they are implicitly secure). By default ftps tries to turn on
protection during user login if FTP-TLS negotiation was suc‐
cessful.
proxy ftp-command
Execute an ftp command on a secondary control connection.
This command allows simultaneous connection to two remote ftp
servers for transferring files between the two servers. The
first proxy command should be an open, to establish the sec‐
ondary control connection. Enter the command "proxy ?" to
see other ftp commands executable on the secondary connec‐
tion. The following commands behave differently when pref‐
aced by proxy: open will not define new macros during the
auto-login process, close will not erase existing macro defi‐
nitions, get and mget transfer files from the host on the
primary control connection to the host on the secondary con‐
trol connection, and put, mput and append transfer files from
the host on the secondary control connection to the host on
the primary control connection. Third party file transfers
depend upon support of the ftp protocol PASV command by the
server on the secondary control connection.
Please note that ftps supports both standard and TLS/SSL FTP
servers on both primary and secondary control connections
with both protected or unprotected state of data connections,
but file transferring between remote FTP servers may be done
only over unprotected data connections.
put local-file [remote-file]
Store a local file on the remote machine. If remote-file is
left unspecified, the local file name is used after process‐
ing according to any ntrans or nmap settings in naming the
remote file. File transfer uses the current settings for
type, format, mode and structure.
pwd Print the name of the current working directory on the remote
machine.
quit A synonym for bye.
quote arg1 arg2 ...
The arguments specified are sent, verbatim, to the remote FTP
server.
recv remote-file [local-file]
A synonym for get.
reget remote-file [local-file]
Reget acts like get, except that if local-file exists and is
smaller than remote-file, local-file is presumed to be a par‐
tially transferred copy of remote-file and the transfer is
continued from the apparent point of failure. This command
is useful when transferring very large files over networks
that are prone to dropping connections.
remotehelp [command-name]
Request help from the remote FTP server. If a command-name
is specified it is supplied to the server as well.
rstatus [file-name]
With no arguments, show status of remote machine. If
file-name is specified, show status of file-name on remote
machine.
rename [from [to]]
Rename the file from on the remote machine, to the file to.
reset Clear reply queue. This command re-synchronizes com‐
mand/reply sequencing with the remote ftp server. Resynchro‐
nization may be necessary following a violation of the ftp
protocol by the remote server.
restart marker
Restart the immediately following get or put at the indicated
marker. On UNIX systems, marker is usually a byte offset
into the file.
restrict Toggle data port range restrictions. When not operating in
passive mode, the ftps client program requests that the
remote server open a connection back to the client host on a
separate data port. In previous versions, that remote port
fell in the range 1024..4999. However, most firewall setups
filter that range of TCP ports because other services reside
there. The default behavior now is for the client to request
that the server connect back to the client using the port
range 49152..65535. Firewall administrators can chose to
allow TCP connections in that range, if they deem it not to
be a security risk.
rmdir directory-name
Delete a directory on the remote machine.
runique Toggle storing of files on the local system with unique file‐
names. If a file already exists with a name equal to the
target local filename for a get or mget command, a ".1" is
appended to the name. If the resulting name matches another
existing file, a ".2" is appended to the original name. If
this process continues up to ".99", an error message is
printed, and the transfer does not take place. The generated
unique filename will be reported. Note that runique will not
affect local files generated from a shell command (see
below). The default value is off.
send local-file [remote-file]
A synonym for put.
sendport Toggle the use of PORT commands. By default, ftps will
attempt to use a PORT command when establishing a connection
for each data transfer. The use of PORT commands can prevent
delays when performing multiple file transfers. If the PORT
command fails, ftps will use the default data port. When the
use of PORT commands is disabled, no attempt will be made to
use PORT commands for each data transfer. This is useful for
certain FTP implementations which do ignore PORT commands
but, incorrectly, indicate they've been accepted.
site arg1 arg2 ...
The arguments specified are sent, verbatim, to the remote FTP
server as a SITE command.
size file-name
Return size of file-name on remote machine.
status Show the current status of ftps.
struct [struct-name]
Set the file transfer structure to struct-name. By default
“stream” structure is used.
sunique Toggle storing of files on remote machine under unique file
names. Remote ftp server must support ftp protocol STOU com‐
mand for successful completion. The remote server will
report unique name. Default value is off.
system Show the type of operating system running on the remote
machine.
tenex Set the file transfer type to that needed to talk to TENEX
machines.
trace Toggle packet tracing.
type [type-name]
Set the file transfer type to type-name. If no type is spec‐
ified, the current type is printed. The default type is net‐
work ASCII.
umask [newmask]
Set the default umask on the remote server to newmask. If
newmask is omitted, the current umask is printed.
user user-name [password [account]]
Identify yourself to the remote FTP server. If the password
is not specified and the server requires it, ftps will prompt
the user for it (after disabling local echo). If an account
field is not specified, and the FTP server requires it, the
user will be prompted for it. If an account field is speci‐
fied, an account command will be relayed to the remote server
after the login sequence is completed if the remote server
did not require it for logging in. Unless ftps is invoked
with “auto-login” disabled, this process is done automati‐
cally on initial connection to the FTP server.
verbose Toggle verbose mode. In verbose mode, all responses from the
FTP server are displayed to the user. In addition, if ver‐
bose is on, when a file transfer completes, statistics
regarding the efficiency of the transfer are reported. By
default, verbose is on.
? [command]
A synonym for help.
Command arguments which have embedded spaces may be quoted with quote `"'
marks.
Commands which toggle settings can take an explicit on or off argument to
force the setting appropriately.
If ftps receives a SIGINFO (see the “status” argument of stty(1)) signal
whilst a transfer is in progress, the current transfer rate statistics
will be written to the standard error output, in the same format as the
standard completion message.
AUTO-FETCHING FILES
In addition to standard commands, this version of ftps supports an auto-
fetch feature. To enable auto-fetch, simply pass the list of host‐
names/files on the command line.
The following formats are valid syntax for an auto-fetch element:
host:/file “Classic” ftp format
ftp://[user:password@]host[:port]/file
An ftp URL, retrieved using the ftp protocol if ftp_proxy
isn't defined. Otherwise, transfer using http via the proxy
defined in ftp_proxy. If user:password@ is given and
ftp_proxy isn't defined, login as user with a password of
password.
http://host[:port]/file
An HTTP URL, retrieved using the http protocol. If
http_proxy is defined, it is used as a URL to an HTTP proxy
server.
If a classic format or a ftp URL format has a trailing ‘/’, then ftps
will connect to the site and cd to the directory given as the path, and
leave the user in interactive mode ready for further input.
If successive auto-fetch ftp elements refer to the same host, then the
connection is maintained between transfers, reducing overhead on connec‐
tion creation and deletion.
If file contains a glob character and globbing is enabled, (see glob),
then the equivalent of mget file is performed.
If the directory component of file contains no globbing characters, it is
stored in the current directory as the basename(1) of file. Otherwise,
the remote name is used as the local name.
ABORTING A FILE TRANSFER
To abort a file transfer, use the terminal interrupt key (usually Ctrl-
C). Sending transfers will be immediately halted. Receiving transfers
will be halted by sending a ftp protocol ABOR command to the remote
server, and discarding any further data received. The speed at which
this is accomplished depends upon the remote server's support for ABOR
processing. If the remote server does not support the ABOR command, an
‘ftps>’ prompt will not appear until the remote server has completed
sending the requested file.
The terminal interrupt key sequence will be ignored when ftps has com‐
pleted any local processing and is awaiting a reply from the remote
server. A long delay in this mode may result from the ABOR processing
described above, or from unexpected behavior by the remote server,
including violations of the ftp protocol. If the delay results from
unexpected remote server behavior, the local ftps program must be killed
by hand.
FILE NAMING CONVENTIONS
Files specified as arguments to ftps commands are processed according to
the following rules.
1. If the file name ‘-’ is specified, the stdin (for reading) or stdout
(for writing) is used.
2. If the first character of the file name is ‘|’, the remainder of the
argument is interpreted as a shell command. ftps then forks a
shell, using popen(3) with the argument supplied, and reads (writes)
from the stdin (stdout). If the shell command includes spaces, the
argument must be quoted; e.g. “" ls -lt"”. A particularly useful
example of this mechanism is: “dir |more”.
3. Failing the above checks, if “globbing” is enabled, local file names
are expanded according to the rules used in the csh(1); c.f. the
glob command. If the ftps command expects a single local file (e.g.
put), only the first filename generated by the "globbing" operation
is used.
4. For mget commands and get commands with unspecified local file
names, the local filename is the remote filename, which may be
altered by a case, ntrans, or nmap setting. The resulting filename
may then be altered if runique is on.
5. For mput commands and put commands with unspecified remote file
names, the remote filename is the local filename, which may be
altered by a ntrans or nmap setting. The resulting filename may
then be altered by the remote server if sunique is on.
FILE TRANSFER PARAMETERS
The FTP specification specifies many parameters which may affect a file
transfer. The type may be one of “ascii”, “image” (binary), “ebcdic” and
“local byte size” (for PDP-10's and PDP-20's mostly). ftps supports the
ascii and image types of file transfer, plus local byte size 8 for tenex
mode transfers.
ftps supports only the default values for the remaining file transfer
parameters: mode, form and struct.
THE .netrc FILE
The .netrc file contains login and initialization information used by the
auto-login process. It resides in the user's home directory. The fol‐
lowing tokens are recognized; they may be separated by spaces, tabs, or
new-lines:
machine name
Identify a remote machine name. The auto-login process
searches the .netrc file for a machine token that matches the
remote machine specified on the ftps command line or as an open
command argument. Once a match is made, the subsequent .netrc
tokens are processed, stopping when the end of file is reached
or another machine or a default token is encountered.
default This is the same as machine name except that default matches
any name. There can be only one default token, and it must be
after all machine tokens. This is normally used as:
default login anonymous password user@site
thereby giving the user automatic anonymous ftp login to
machines not specified in .netrc. This can be overridden by
using the -n flag to disable auto-login.
login name
Identify a user on the remote machine. If this token is
present, the auto-login process will initiate a login using the
specified name.
password string
Supply a password. If this token is present, the auto-login
process will supply the specified string if the remote server
requires a password as part of the login process. Note that if
this token is present in the .netrc file for any user other
than anonymous, ftps will abort the auto-login process if the
.netrc is readable by anyone besides the user.
account string
Supply an additional account password. If this token is
present, the auto-login process will supply the specified
string if the remote server requires an additional account
password, or the auto-login process will initiate an ACCT com‐
mand if it does not.
macdef name
Define a macro. This token functions like the ftps macdef com‐
mand functions. A macro is defined with the specified name;
its contents begin with the next .netrc line and continue until
a null line (consecutive new-line characters) is encountered.
If a macro named init is defined, it is automatically executed
as the last step in the auto-login process.
COMMAND LINE EDITINGftps supports interactive command line editing, via the editline(3)
library. It is enabled with the edit command, and is enabled by default
if input is from a tty. Previous lines can be recalled and edited with
the arrow keys, and other GNU Emacs-style editing keys may be used as
well.
The editline(3) library is configured with a .editrc file - refer to
editrc(5) for more information.
An extra key binding is available to ftps to provide context sensitive
command and filename completion (including remote file completion). To
use this, bind a key to the editline(3) command ftp-complete. By
default, this is bound to the TAB key.
ENVIRONMENTftps utilizes the following environment variables.
FTP_PASSIVE_MODE If this variable is set to something else than ‘NO’,
ftps will use passive mode by default.
FTPSERVER Host to use as gate-ftp server when gate is enabled.
FTPSERVERPORT Port to use when connecting to gate-ftp server when
gate is enabled. Default is port returned by a
getservbyname() lookup of “ftpgate/tcp”.
HOME For default location of a .netrc file, if one exists.
PAGER Used by page to display files.
SHELL For default shell.
ftp_proxy URL of FTP proxy to use when making FTP URL requests
(if not defined, use the standard ftp protocol).
http_proxy URL of HTTP proxy to use when making HTTP URL requests.
SSL_CERT_FILE For alternate file which contains trusted CA certifi‐
cates.
SSL_CERT_DIR For alternate directory which contains trusted CA cer‐
tificates.
SSL_CRL_FILE For alternate file which contains CRLs.
SSL_CRL_DIR For alternate directory which contains CRLs.
SSL_CIPHER The TLS/SSL cipher preference list.
SEE ALSOopenssl(1), getservbyname(3), editrc(5), services(5), ftpd(8)HISTORY
The original ftp command appeared in 4.2BSD.
Various features such as command line editing, context sensitive command
and file completion, dynamic progress bar, automatic fetching of files,
ftp and http URLs, and modification time preservation were implemented in
NetBSD 1.3 by Luke Mewburn, with assistance from Jason Thorpe.
IPv6 support was added by WIDE/KAME Project.
Modifications for TLS/SSL support, RFC2228 features and Linux port were
made by Nick Leuta <skynick@mail.sc.ru>.
BUGS
Correct execution of many commands depends upon proper behavior by the
remote server.
An error in the treatment of carriage returns in the 4.2BSD ascii-mode
transfer code has been corrected. This correction may result in incor‐
rect transfers of binary files to and from 4.2BSD servers using the ascii
type. Avoid this problem by using the binary image type.
Proxying functionalities, such as ftp_proxy, may not work for IPv6 con‐
nection.
BSD Nov 1, 2004 BSD
