Setting up secure file transfers using the Windows SFTP command line? You’ve come to the right place. Learn to swiftly establish SFTP on your Windows system, execute file transfers, and manage your connections with ease. Expect to dive into essential commands and configurations without the fluff, getting right to the meat of SFTP on Windows.
Setting Up SFTP on Windows
Beginning with version 1803 (build 17134) of Windows 10, Microsoft has introduced OpenSSH as an optional feature accessible through the Command Prompt application. This addition enables users to utilize SFTP (Secure File Transfer Protocol) directly via the command line, facilitating secure file transfers between systems. For guidance on activating this feature, please refer to
this detailed article
that provides step-by-step instructions on how to enable OpenSSH in Windows 10 and Windows 11.
Establishing an SFTP Connection on Windows via the Command Line
An SFTP connection, also known as SSH File Transfer Protocol, allows you to perform file transfers via a secure connection. An SFTP session is initiated by using the command
sftp user@host
, which allows the use of file transfer commands thereafter. The login format required is similar to the one used by SSH, using the user’s username and either a password or SSH keys for authentication. Let’s see how to establish a connection.
1. Open Command Prompt
: Press
Windows + R
, type
cmd
, and press Enter to open the Command Prompt.
2.
Initiate SFTP Connection
:
Replace
[username]
with your username on the SFTP server and
[host]
with the server’s address or IP. For example:
sftp user@us-east-1.sftpcloud.io
3. Enter Your Password
: You’ll be prompted to enter your password for the SFTP server. Input your password when prompted (note that it won’t be visible).
Navigating Directories in SFTP
Effective directory navigation is key in SFTP. Whether you’re on your local system or the remote server, SFTP provides commands akin to traditional shell commands for file and directory manipulation. You can navigate to local directories using the ‘lcd’ command and remote directories using the ‘cd’ command. It’s also possible to switch to the local shell from within an SFTP session by typing an exclamation mark ‘!’.
Next, we will examine in depth the navigation of remote working directory as well as local directories.
Remote Directory Navigation
Navigating remote directories effectively can enhance your SFTP experience.
The
pwd
command prints the current remote directory path, showing you where you’re located on the remote file system.
The
cd
command changes the current directory, such as ‘cd Documents’ to switch to the Documents directory.
The
ls
command displays the contents of the current remote directory, with the -l flag providing a detailed list, and the -a flag showing hidden files and directories.
ls
# show hidden files and directories
ls -a
# provide detailed list
ls -l
These commands facilitate efficient navigation of remote directories. Now, let’s turn our focus to local directories.
Local Directory Navigation
Navigating local directories during an SFTP session is just as crucial as navigating remote directories.
The lpwd command (local present working directory) displays the current working directory on the local system.
The lcd command changes the current working directory on the local file system. This command affects where files are uploaded from or downloaded to.
The lls command is used to list files and directories in the local working directory. It provides a convenient way to view the contents of the current folder.
With these commands in your arsenal, navigating local directories becomes a breeze. Having mastered directory navigation, we can now focus on transferring files using SFTP.
Transferring Files Using SFTP
Transferring files securely is the heart of SFTP, a file transfer protocol that utilizes encryption for both commands and data. Files are uploaded to the remote directory using the ‘put’ command, provided the user has write permissions on the server. Similarly, the ‘get’ command copies files from the remote directory to the user’s local directory.
Transferring a directory is slightly different as it requires the directory to be compressed locally and then transferred as a file using the ‘put’ command. With this knowledge, let’s explore how to transfer files by uploading and downloading them.
Uploading Files to the Remote Server
Uploading files to a remote server via SFTP (Secure File Transfer Protocol) from the Windows command line involves a straightforward process.
To upload a single file, use the
put
command followed by the path of the file on your local machine and the target path on the remote server (optional):
put local_file_path remote_file_path
If you want to upload the file to the current directory on the server, you can omit the
remote_file_path
, and the file will be uploaded to the current directory you navigated to (or the home directory if you didn’t change directories).
Now that we’ve mastered uploading, let’s learn how to download files from a remote server.
Downloading Files from Remote Server
One of the various SFTP commands is the ‘get’ command which allows for the transfer of files from a remote server to the local system, simplifying the process of accessing and managing files.
get remote_filename /local/path/for/file
Having covered file transfers, we can now proceed to manage files and directories in SFTP.
Managing Files and Directories in SFTP
Effective management of files and directories is a valuable skill in SFTP. Familiarity with commands such as ‘mkdir’ for creating a new directory, ‘rmdir’ for removing an empty directory, and ‘rename’ for changing file or directory names can significantly enhance your SFTP experience. These commands, prefixed with ‘l’, pertain to the local system, like ‘lpwd’, ‘lcd’, ‘lrmdir’, whereas commands without ‘l’ affect the remote system, such as ‘pwd’, ‘cd’, ‘rmdir’.
Next, we will explore more about creating and deleting directories, as well as renaming and deleting files.
Creating and Deleting Directories
Creating and deleting directories is a fundamental operation in SFTP. A directory on the remote server can be created using the mkdir command, and the rmdir command is used to remove a directory from the remote server. These commands allow you to manage your file structure effectively.
However, as you create and delete directories, there might also be a need to rename or delete files.
Renaming and Deleting Files
Renaming and deleting files are key operations in managing your files in SFTP. The ‘rename’ command is used to modify the name of files on the remote server. This helps in managing file organization and maintaining clarity within the server’s directories. To rename a file, the command format is ‘rename oldfilename newfilename’, replacing ‘oldfilename’ with the current file name and ‘newfilename’ with the desired new name. The ‘lrename’ command allows you to rename files on your local machine while connected to an SFTP session.
The ‘rm’ command can be used to delete files from the remote server. It is important to use this command carefully to avoid accidental deletion of important files. To remove a file, type ‘rm filename’, where ‘filename’ is the name of the file to be deleted. The ‘lrm’ command is used to delete files from the local system during an SFTP session. With these commands, you can effectively manage your files and directories.
Summary
Mastering SFTP via the command line is a valuable skill in today’s interconnected digital world. From setting up SFTP on Windows, through transferring files, to troubleshooting common issues, you now possess the knowledge to navigate the realm of secure file transfers effectively. Remember, every journey begins with a single step. So, why not take that step in the world of SFTP today?
Connecting to an SFTP (Secure File Transfer Protocol) server via the Windows Command Prompt can seem daunting, especially if you are new to command-line interfaces. However, once you understand the steps involved, you can easily transfer files securely between your computer and an SFTP server. In this comprehensive guide, we’ll walk you through everything you need to know, from setting up your environment to executing your first secure file transfer.
Understanding SFTP and Its Importance
Before diving into how to connect to an SFTP server, it’s essential to understand what SFTP is and why it’s widely used.
What is SFTP?
SFTP, or Secure File Transfer Protocol, is a secure version of FTP, allowing for secure file access, transfer, and management over a network. Unlike regular FTP, SFTP encrypts the data being transferred, protecting it from interception and unauthorized access.
Why Use SFTP?
Utilizing SFTP has numerous benefits, including:
- Security: SFTP encrypts not just the files but also commands and authentication information, making it significantly more secure than standard FTP.
- File Integrity: The protocol ensures that files are transferred without any corruption, maintaining data integrity.
- Firewall-Friendly: SFTP uses a single port (commonly port 22), making it easier to manage firewalls and security settings compared to FTP.
Understanding these fundamentals will help you appreciate the importance of connecting to an SFTP server securely.
Pre-requisites for Connecting to SFTP from Windows
Before you can connect to an SFTP server, you’ll need to make sure that you have the following:
1. SFTP Client Installed
Windows does not come with a built-in SFTP client in the Command Prompt, but you have a few options for enabling SFTP capabilities:
- Built-in OpenSSH (Windows 10 and later): Recent versions of Windows 10 come with OpenSSH, which allows SFTP connections right from the Command Prompt.
- Third-party Applications: If your version of Windows does not include OpenSSH, you can consider third-party applications such as PuTTY, WinSCP, or Cyberduck.
2. SFTP Server Address and Credentials
To connect to an SFTP server, you’ll need the following information:
- Hostname/IP Address: The address of the SFTP server you wish to connect to.
- Username: Your account username on the server.
- Password: The associated password for the username. (In some cases, SSH keys can be used instead.)
Step-by-Step Guide to Connect to SFTP Server from Windows Command Prompt
With your pre-requisites in place, you are ready to start connecting to your SFTP server. The following steps will guide you through the process smoothly.
Step 1: Open the Windows Command Prompt
To start, you need to open the Command Prompt. Here’s how:
- Press the Windows key, type
cmd, and hit Enter. - Alternatively, you can press Windows + R, type
cmd, and then press Enter.
Step 2: Enter the SFTP Command
Once the Command Prompt window is open, use the following command format to connect to your SFTP server:
sftp username@hostname
Replace username with your actual username and hostname with the server’s IP address or domain name. For example:
sftp [email protected]
Step 3: Authenticate Yourself
After entering the command, you will be prompted to enter your password:
[email protected]'s password:
Enter your password and press Enter. If the credentials are correct, you will see a message confirming your connection.
Step 4: Using SFTP Commands
Once connected, you will be in the SFTP prompt. You can execute various commands similar to using the Unix command line. Here are a few basic commands:
- ls – Lists the files and directories in the current directory on the SFTP server.
- cd – Changes the directory on the SFTP server.
- get – Downloads a file from the SFTP server to your local machine (e.g., `get filename.txt`).
- put – Uploads a file from your local machine to the SFTP server (e.g., `put filename.txt`).
- exit – Disconnects from the SFTP server.
Managing Files with SFTP Commands
Now that you’ve connected to your SFTP server, let’s explore some common file management tasks you can perform.
Downloading Files
To download remote files, you can use the get command:
get remoteFilename
You can also use a wildcard to download multiple files:
get *.txt
This command would download all text files from the current remote directory.
Uploading Files
To upload files from your local system to the SFTP server, you can use the put command:
put localFilename
As an example, if you want to upload a document named report.pdf, you would use:
put report.pdf
Creating and Navigating Directories
SFTP lets you manage directories easily:
- Creating a New Directory: Use the
mkdircommand followed by the directory name:
mkdir newFolder
- Changing Directories: The
cdcommand allows you to move into a specific directory:
cd newFolder
- Listing Directory Contents: Use the
lscommand to list files in your current directory.
Troubleshooting Connection Issues
Connecting to an SFTP server might not always go as planned. Here are a few common issues you may encounter along with their solutions.
1. Authentication Failed
If you receive an “Authentication failed” message, double-check your username and password. Ensure that they are entered correctly, including case sensitivity.
2. Connection Timeout
If you get a “Connection timed out” error, it could be due to several reasons:
- The SFTP server may be down or not accessible.
- Firewalls on your network or the server may be blocking connections. Confirm with your network administrator.
3. Host Not Found
The error “Host not found” usually indicates that the server address was incorrect. Double-check the hostname or IP address you entered.
Advanced Options and Best Practices
As you become more comfortable with SFTP, you might want to explore some advanced options and best practices.
Using SSH Keys for Authentication
For enhanced security, consider using SSH keys instead of passwords for authentication. This method requires generating a pair of cryptographic keys – one public and one private.
Steps to Set Up SSH Key Authentication:
- Generate SSH keys using a tool like PuTTYgen or OpenSSH keygen.
- Place the public key in the
~/.ssh/authorized_keysfile on the SFTP server. - Use the
-iflag with the SFTP command to specify your private key during login:
sftp -i /path/to/private_key username@hostname
Regular Data Backups
Always maintain regular backups of your critical data. Consider scheduling automated backups to your SFTP server to enhance data availability and security.
Stay Updated
Finally, keep your SFTP client updated. Security vulnerabilities are often discovered, and patches are released to address them. Stay informed about updates to ensure your data remains secure.
Conclusion
Connecting to an SFTP server from the Windows Command Prompt opens the door to secure file transfers and management. By following the steps outlined in this guide, you can easily perform tasks like downloading and uploading files, navigating directories, and troubleshooting any potential issues.
Remember to embrace security best practices, such as using SSH keys where applicable, and ensure your connection remains stable with regular maintenance and updates. With these skills, you will be equipped to manage your files securely using SFTP effectively.
Happy transferring!
What is SFTP and how does it differ from FTP?
SFTP, or Secure File Transfer Protocol, is a secure method of transferring files over a network. It uses a single connection that is encrypted using Secure Shell (SSH), ensuring that both authentication and data transfers are secure. In contrast, FTP (File Transfer Protocol) sends data in plaintext, making it vulnerable to interception and unauthorized access.
Additionally, SFTP provides features such as file management capabilities, which allows users to manage files on the remote server (e.g., uploading, downloading, deleting files) within the same session. This is not inherently present in basic FTP, where separate commands need to be used, and security features are limited.
How can I access the Windows Command Prompt for SFTP?
To access the Windows Command Prompt, you can type “cmd” in the Windows search bar and hit Enter. This opens the command prompt window, where you can enter various commands. If you intend to connect to an SFTP server, ensure you are in a command prompt with the required permissions.
Before using SFTP, make sure that the SSH client is available on your Windows machine. Since Windows 10, OpenSSH client is included as an optional feature. You can enable it through the “Manage optional features” section in Windows Settings if it’s not already available.
What command do I use to connect to an SFTP server?
To connect to an SFTP server from the Windows Command Prompt, you would typically use the command sftp username@hostname, where “username” is your user account on the SFTP server, and “hostname” is the server’s IP address or domain name. This command initiates a connection to the SFTP server.
Once you execute the command, you will likely be prompted to enter your password. After successfully inputting your password, you’ll be connected to the server, allowing you to execute various file management commands like put, get, ls, and cd within the SFTP environment.
What are the common commands used in SFTP?
While connected to an SFTP server, several common commands facilitate file management. For instance, put is used to upload files from your local machine to the server, whereas get is used to download files from the server to your local machine. The ls command lists files in the current directory on the server, and cd changes the directory on the server.
Another useful command is exit or bye, which disconnects you from the SFTP session. These commands are fundamental to navigating and managing files effectively when utilizing SFTP for file transfer tasks.
Do I need to configure my firewall or antivirus to allow SFTP connections?
In some cases, you may need to adjust your firewall or antivirus settings to allow SFTP connections. Many firewalls block unfamiliar ports, including the default port used by SFTP, which is port 22. To ensure a seamless connection, check your firewall settings, and if necessary, configure it to allow outbound connections on this port.
Moreover, if you are using third-party antivirus software, it could also interfere with SFTP connections. Make sure that SFTP is whitelisted, or temporarily disable the antivirus while testing the connection to rule out any interference.
What do I do if I encounter a connection error?
If you encounter a connection error while trying to connect to an SFTP server, the first step is to verify the hostname and port number. Ensure that you are using the correct server address and that the port (default is 22) is open. Double-check your username and password as well to rule out any authentication issues.
If the credentials are correct and you’re still facing issues, it’s advisable to check the server status. Sometimes the server might be down for maintenance or experiencing connectivity problems. Contacting the server administrator can provide insights into any ongoing issues or specific configurations needed to establish a connection.
Can I use SFTP with a graphical interface on Windows?
Yes, while this article focuses on using SFTP through the command prompt, various graphical user interface (GUI) applications are available for Windows that support SFTP. Popular FTP clients such as WinSCP, FileZilla, and Cyberduck offer SFTP functionality, providing a more user-friendly way to manage files without needing to remember command-line instructions.
These GUI applications typically allow drag-and-drop file transfers, making it easier to upload or download files. They also provide visual feedback on the status of your transfers and automatically handle issues like authentication prompts and connection errors, which can be advantageous for users who prefer a more visual approach to file management.
Welcome to our Support Center
To connect to Hosted~FTP~ by SFTP using the command line, you need to run the following command:
“username@ftp.hostedftp.com” or “Username@your-custom-domain”
This will Return the following:
Password authentication
Password:
You then enter your password, and a live connection will be established.
For example, You are trying to login to your Hosted~FTP~ account to download a file called “test.txt” in a folder called “article”
Your script will look like this:
>> sftp username@hostname
For example sftp hostedftptutorial@ftp.hostedftp.com
>>Password or the file path if you are using a PKI key pair (more info here).
>> Remote command to change directory “CD remote folder”
For example “cd article”
Then to download the folder, you run the command
>> Get “test.txt”
SFTP Command Line Commands
The following image below shows commands you can run during an SFTP connection and their description:
- Parameters
- Session
- Logging
- Console/scripting mode
- Operations
- Configuration
- Mass-modification of sites
- Private key conversion and modification
- Public key installation
- Auxiliary
- Syntax
- Executables
- Hint
- Running from Bash
Advertisement
Parameters
Parameters for winscp.exe executable:
winscp.exe site|workspace|folder winscp.exe <session_url>[/path/[file]] winscp.exe [mysession] [/sessionname=<name>] winscp.exe [mysession] [/newinstance] winscp.exe [mysession] /edit <path> winscp.exe [mysession] /browse[=<file>] winscp.exe [mysession] /synchronize [local_directory] [remote_directory] [/defaults[=secs]] winscp.exe [mysession] /keepuptodate [local_directory] [remote_directory] [/defaults[=secs]] winscp.exe [mysession] /refresh [path] winscp.exe [mysession] /upload file1 file2 file3 ... [/defaults[=secs]] winscp.exe [mysession] [/privatekey=<file> [/passphrase=<passphrase>]] winscp.exe [mysession] [/hostkey=<fingerprint>] winscp.exe [mysession] [/username=<user>] [/password=<pass>] winscp.exe [mysession] [/passwordsfromfiles] winscp.exe [mysession] [/clientcert=<file> [/passphrase=<passphrase>]] winscp.exe [mysession] [/certificate=<fingerprint>] winscp.exe [mysession] [/passive[=on|off]] [/implicit|explicit] winscp.exe [mysession] [/timeout=<sec>] winscp.exe [mysession] [/rawsettings setting1=value1 setting2=value2 ...] winscp.exe [/console] [/script=<script_file>] [/command command1 command2 ...] [/parameter // param1 ...] winscp.exe [/log=<logfile> [/loglevel=<level>] [/logsize=[<count>*]<size>]] [/xmllog=<logfile> [/xmlgroups]] winscp.exe [/ini=<inifile>] winscp.exe [/rawconfig config1=value1 config2=value2 ...] winscp.exe [/rawtransfersettings setting1=value1 setting2=value2 ...] winscp.exe /batchsettings <site_mask> setting1=value1 setting2=value2 ... winscp.exe /keygen keyfile [/output=<file>] [/changepassphrase] winscp.exe /keygen keyfile [/comment=<text>] [/certificate=<file>] winscp.exe /copyid /identity=publickey mysession winscp.exe /update winscp.exe /info winscp.exe /help
Advertisement
Parameters for winscp.com executable:
winscp.com [/script=script_file] [/command command1 command2 ...] [/parameter // param1 ...] winscp.com [/stdout[=binary|chunked]] [/stdin] winscp.com [/log=<logfile> [/loglevel=<level>] [/logsize=[<count>*]<size>]] [/xmllog=<logfile> [/xmlgroups]] [/nointeractiveinput] winscp.com [/ini=<inifile>] winscp.com [/rawconfig config1=value1 config2=value2 ...] winscp.com /batchsettings <site_mask> setting1=value1 setting2=value2 ... winscp.com /keygen keyfile [/output=<file>] [/changepassphrase] winscp.com /keygen keyfile [/comment=<text>] [/certificate=<file>] winscp.exe /copyid /identity=publickey mysession winscp.com /info winscp.com /help
Session
The first syntax opens the site. To open site, stored in folder, use path syntax “folder/site”. You can also open workspace or all sites in site folder.
The second creates the session specified by session URL and optionally by initial remote path. If the remote path is not ended by slash (/), it is treated as path to file (or even directory) that should be downloaded.
The parameter /sessionname specifies a custom name of the session to be used instead of the automatically generated name in a format username@hostname or to override the name of the saved site.
If there’s already an idle WinSCP instance running, the session(s) opens in the existing instance. To force the session to open in a new instance of WinSCP, use /newinstance parameter. If no session is specified on command-line, Login dialog opens to select one.
The parameter /privatekey specifies a local path to an SSH private key file. If the key file is encrypted, use the /passphrase to specify its passphrase. The passphrase can be read from a file.
The parameter /hostkey specifies the fingerprint of the expected SSH host key (or several alternative fingerprints separated by a semicolon). It makes WinSCP automatically accept the host key with the fingerprint.
You can use the parameters /username and /password as an alternative way to specify the credentials. The credentials are normally part of the session URL. Using these switches has the advantage of not needing to URL-encode special characters. The password can be read from a file.
With parameter /passwordsfromfiles, the values of /password, /passphrase and in general all passwords from all sources are interpreted as paths to files, where the actual passwords are read from. The files must use UTF-8 or UTF-16 encoding.1
The parameter /clientcert specifies a local path to FTPS or WebDAVS TLS/SSL client certificate. If the certificate is encrypted, use the /passphrase to specify its passphrase.
When a FTPS or WebDAVS server TLS/SSL certificate is not trusted (typically a self-signed certificate), use the parameter /certificate to specify the fingerprint of the untrusted certificate. It makes WinSCP trust the certificate. Several alternative fingerprints can be separated by a semicolon.
The parameter /passive enables a passive (=on) or an active (=off) transfer mode (FTP protocol only).
Advertisement
The parameters /implicit, and /explicit enable respective method of invoking FTPS.
The parameter /timeout specifies server response timeout.
The parameter /rawsettings allows configuring any site settings using raw format as in an INI file. E.g. to enable an SSH compression and an agent forwarding, use /rawsettings Compression=1 AgentFwd=1. The parameter must come after the session URL (if any).
When using scripting, use the open command (and its switches) instead.
Examples:
winscp.exe "My site" winscp.exe sftp://martin:password@example.com/ /hostkey="ssh-rsa 2048 xxxxxxxxxxx..." winscp.exe scp://test@example.com:2222/ /privatekey=mykey.ppk winscp.exe ftps://martin:password@example.com/
Logging
With /log parameter you may turn on session logging to file specified by local path. In the path you can use the same patterns as in the logging preferences.
Use parameter /loglevel to change logging level. The value can be in range -1…2 (for Reduced, Normal, Debug 1 and Debug 2 logging levels respectively). Append additional * to enable password logging (e.g. /loglevel=2*).2
Use parameter /logsize to configure log file size limit and log file rotation. Specify maximum size in bytes, optionally with K, M or G units. Optionally you can limit number of archived log files using count* prefix. For example /logsize=5*10M will limit log file size to 10 MB and will allow up to 5 archived logs.
winscp.exe sftp://martin@example.com/ /log="C:\winscp.log" /loglevel=0
With /xmllog parameter you may turn on XML logging to file specified by local path.3 In the path you can use the same patterns as in the logging preferences.
Use parameter /xmlgroups along with /xmllog, to group all XML log elements belonging to the same command under parent group element.
Console/scripting mode
Parameter /console executes WinSCP in console (scripting) mode. Note that when using winscp.com, the console mode is implicit, so using /console parameter is redundant.
To run batch script either pass script file using /script parameter or specify the commands directly on command line using /command. In the latter case each following parameter is treated as single command. See syntax section and examples below for details how to deal with spaces and double-quotes.
If both /script and /command parameters are used, commands from script file are executed first. When the last command is not exit, regular non-batch mode follows.
Use parameter /parameter to specify list of arguments to be passed to script. It is recommended to escape the arguments with // switch.
With winscp.exe, if /console parameter is not used along with /script or /command, the script/command is executed without visual feedback (window).
Advertisement
Use the parameter /stdout to enable streaming files to the standard output of winscp.com. When the parameter is used, the get command will stream the downloaded file(s) to the standard output, when - is used as a download target. By default (or with the binary flag), the files are streamed unmodified. With the chunked flag, the files are individually encoded using Chunked transfer encoding, what allows separating contents of multiple streamed files. When the parameter is used, all console output that would normally be printed to the standard output is redirected to the error output. Streaming is supported with the SFTP and FTP protocols only.
Use the parameter /stdin to enable streaming files from the standard input of winscp.com. When the parameter is used, the put command will stream the standard input to the remote server, when - is used as an upload source. Implies /nointeractiveinput. Streaming is supported with the SFTP and FTP protocols only.
Use parameter /nointeractiveinput, when feeding commands to winscp.com using standard input, to make sure prompts for anything other than commands (such as password prompts) are cancelled. Also prevents error message popping up when fatal error occurs while starting WinSCP. When combined with /xmllog the fatal error is recorded in the XML log.
Examples:
winscp.com /script="C:\Users\martin\Documents\myscript.txt" winscp.com /command "open sftp://martin@example.com/ -hostkey=""ssh-rsa 2048 xxxx...""" "exit" winscp.exe /console /script="myscript.txt" /log="myscript.log"
You can have WinSCP generate a scripting command-line for you.
Operations
The following parameters can be used to create a shortcut that initiates operation in GUI mode. They are not intended for automation, for that see scripting.
Use /edit to open a remote file in WinSCP internal editor.
Use /browse to select the specified file in (both) file panel(s). The switch can also be used together with a file URL for the same effect, overriding the default download action.
With /synchronize or /keepuptodate parameter WinSCP performs Synchronize or Keep remote directory up to date commands respectively on the specified session and directories. A dialog to set options is displayed first.
With /upload parameter WinSCP uploads specified files to initial remote directory of session.4 A dialog to set options is displayed first.
Use /defaults parameter along with /upload, /synchronize or /keepuptodate to skip the settings dialog and start the operation straight away with default settings. Alternatively you can specify a number of seconds, to actually show the settings dialogs, but have them automatically submit after the specified time elapses.
Use the /refresh parameter to reload remote panel of all running instances of WinSCP. If a session is specified on command-line, only instances that have that session as active are refreshed. If a path is specified after the /refresh, only that directory is refreshed.
It is recommended to escape the arguments with // switch.
Example:
winscp.exe /defaults /synchronize // "C:\Users\martin\Documents\MySite" /home/martin/public_html
Advertisement
Configuration
With /ini parameter you may specify local path to configuration INI file. It effectively disables using registry as configuration storage. If the file does not exist, default configuration will be used and the file will be created.
winscp.exe /ini="C:\Users\martin\Documents\myconfig.ini"
Use nul instead of path to force WinSCP start with its default configuration and not save the configuration on exit.
With /rawconfig parameter you can set any configuration settings using raw format as in an INI file. E.g. to configure an external IP address use /rawconfig Interface\ExternalIpAddress=198.51.100.10. The parameter must come after a session URL (if any). The configuration set this way is preserved.
With /rawtransfersettings you can set any transfer settings using raw format as in an INI file. E.g. to enable preserving of directory timestamps, use /rawtransfersettings PreserveTimeDirs=1. The configuration set this way is preserved. In scripting, it is better to use -rawtransfersettings switch of individual scripting commands, like get, put, etc.
Mass-modification of sites
Use /batchsettings to mass-modify stored sites. The first argument is a mask to select sites to modify. Use a syntax of basic file masks. You can also use path mask to select sites based on their folders. The other arguments define new values for site settings. Use the same syntax as for /rawsettings.
For example to configure a proxy for all sites in a “clients” folder, use:
winscp.exe /batchsettings clients/* ProxyMethod=3 ProxyHost=proxy
Private key conversion and modification
Use the /keygen switch to convert private keys from other formats to a PuTTY .ppk format or to change their passphrase or comment or to add a certificate. You can combine a conversion and key changes into one command.
A parameter after the /keygen switch specifies a path to an input private key file. The input key can be in OpenSSH or ssh.com format (when converting the key to the PuTTY format) or in the PuTTY format (when modifying the key).
When converting the key from other format, you need to specify an output key path using the /output switch. When modifying a PuTTY key, the existing file is overwritten, if /output is not specified.
Use /changepassphrase switch to change the key passphrase.
Use /comment switch to change the key comment.
Use /certificate switch to add an certificate to the key.
For example, to convert key mykey.pem from OpenSSH format to mykey.ppk in PuTTY format and set its comment:
winscp.com /keygen mykey.pem /output=mykey.ppk /comment="Converted from OpenSSH format"
Advertisement
To change the passphrase of existing mykey.ppk:
winscp.com /keygen mykey.ppk /changepassphrase
For a compatibility with *nix puttygen, the -o, -P, -C, --old-passphrase and --certificate switches are understood as aliases to /output, /changepassphrase, /comment, /passphrase and /certificate respectively. The --new-passphrase is recognized too. So, for features supported by WinSCP, you can use the same arguments as for puttygen, just prefixed with /keygen:
winscp.com /keygen mykey.pem -o mykey.ppk -C "Converted from OpenSSH format"
Public key installation
Use the /copyid switch to install your public key in a server’s authorized_keys file. Use /identity switch to specify the path to your key pair in PPK format or public key in authorized_keys format. Supported with SFTP protocol only.
For example, to install public key from mykey.ppk key pair file, use:
winscp.com /copyid /identity=mykey.ppk martin@example.com
The functionality is a replacement for OpenSSH ssh-copy-id script. Contrary to the OpenSSH script, it does not require shell interpreter locally. Additionally, it uses SFTP protocol, so it does not rely on a shell access and shell commands on the server. For a compatibility with the script, the -i switch is understood as an alias to /identity. So, for features supported by WinSCP, you can use the same arguments as for ssh-copy-id, just prefixed with /copyid.
Auxiliary
When run with /update parameter, WinSCP only checks for its updates.
The parameter /info lists the supported SSH and TLS/SSL algorithms.
Parameter /help shows usage (overview similar to this).
Syntax
Command-line parameters that include space(s) must be surrounded by double-quotes:
winscp.exe /ini="C:\Users\martin\Documents\myconfig.ini"
To use the double-quote as a literal, use two double-quotes sequentially. For example, the /command expects that each script command is surrounded by double quotes, so that it is passed as a single command-line argument. In addition, any script command argument that includes spaces is expected to be surrounded by double-quotes within the command (see doubling double-quotes):
winscp.com /command "open sftp://... -hostkey=""ssh-rsa ...""" "put ""C:\my file.dat""" <- Script command 1 -> <- Script command 2 ->
Advertisement
When executing such command from PowerShell, you additionally have to escape the doubled inner double-quotes with ` (backtick) to prevent PowerShell from interpreting them on its own:5
winscp.com /command "open sftp://... -hostkey=`"`"ssh-rsa ...`"`"" "put `"`"C:\my file.dat`"`"" <- Script command 1 -> <- Script command 2 ->
To debug the quoting, enable session logging on level Debug 1 (/loglevel=1). The log will show how WinSCP understands your command-line.
An argument that begins with a slash is considered a switch. To pass a parameter that itself starts with the slash in its syntax (i.e. a remote path like /root), use the special switch // (two slashes) before the argument. The switch // denotes that all following arguments are not switches. Example:
winscp.exe /synchronize // "C:\Users\martin\Documents\MySite" /root
Executables
Learn about two WinSCP executables, winscp.exe and winscp.com.
Hint
If you are going to run WinSCP from command-line often, you may wish to add WinSCP installation directory to search path.
Running from Bash
When running WinSCP from a shell, where /switch is interpreted as a path, such as Git Bash, use a dash (-) instead of the slash (/) for switches. For example:
./WinSCP.com -script="myscript.txt" -log="myscript.log"
Transferring files over a network is pretty common in this world. Some do it without knowing that they are sharing said data while others have a dedicated server configured for the mentioned purpose. SFTP or Secure File Transfer Protocol is now preferred over the standard FTP or File Transfer Protocol because of the SSH encryption that comes alongside it. If you have used FTP, you would know that the data involved during the transfer such as the usernames, passwords and more are shared through plain text. This would be a nightmare for network admins to deal with but thankfully, there are now different versions available such as FTPS and SFTP as mentioned above.
One of the reasons you might find people preferring FTP is that it does not have a file size limit on the files that are to be transferred. Having an SFTP server in your work network has to be one of the most important things as it gives you secure file transfers to both client applications and the server. When it comes to setting up an FTP server however, things can get a little complicated due to the numerous options available on the internet. Even though there are many choices to choose from, SolarWinds stands on top as usual due to the high quality of their products like the NPM which lets you monitor your network performance along with many other things. The Serv-U FTP Server from SolarWinds is no different from the high standards of their products which is why we will be using it in this article to setup and configure an SFTP server.
Install Serv-u FTP Server
In order to be able to configure your own SFTP server, you will first need to install it naturally. To download the Serv-U FTP server, head over to this link. You can either choose to download the free trial by clicking the respective button or buy the product through the provided button which we would highly recommend.
Whatever you decide on, you will get a zip file when the download finishes containing the installer. So, go ahead and unzip and then run the installer. The installation process is rather simple so just follow through the on-screen prompts to get through it. During the setup, make sure the Install Serv-U as a system service option is ticked. At the end, you will be asked to add Serv-U as an exception, make sure the check is ticked and then click Next. Once you have done that, you are done with the installation and have successfully got a SFTP server on your system.
Configuring Serv-U FTP Server
Now that we have gone through the installation, it is time to configure the Serv-U FTP server. The process is pretty and user-friendly thanks to the Serv-U Management Console. Follow through to configure the server.
Creating a Domain
A domain is basically the core of the Serv-U server. For a layman, a Serv-U domain is essentially a number of listeners and user accounts that are basically allowed to connect to the SFTP server and access the files and folders. For further restriction and control, you can configure the domain created to restrict access based on IP address and even limit bandwidth usage so that the server performance remains optimal. With that said, creating a domain is really. Follow the instructions given down below:
- First of all, when you finish the setup wizard, the Serv-U Management Console should open up automatically. In case it doesn’t, go ahead and open up the Start Menu and search for it.
- When you open the management console for the first time, you will be asked to define a domain. Click on the Yes button.
Creating a New Domain - Alternatively, you can click the New Domain button on the left-hand side to define a domain.
New Domain Button - This will open up the Domain Wizard. First of all, give the domain a name and provide a description.
Providing Domain Details - On the Domain Type screen, choose what you want the domain to be used for i.e. file transfer or file sharing. Click Next.
Choosing Domain Type - Now, if you choose the File Sharing option, you will be taken to the File Sharing tab. Here, provide the domain URL that is to be used and then follow it up by choosing the file sharing directory.
- If you wish to use HTTPS, make sure to tick the Use Secure URL checkbox.
Changing File Sharing Settings - In addition, if you want the server to send emails for email notifications as well as events that use email actions, click on the Configure SMTP button and provide the requested details.
- In case you chose the File Transfer option, you will be seeing the Protocols screen instead. Here, choose the protocols to be used along with the respective ports. Then, click Next.
Choosing the Protocols for File Transfer - By default, the SFTP server will listen to connections on all available IPv4 and IPv6 addresses, however, you can change this later on via the Listeners tab that is located in the Domain Details page.
SFTP Server Listeners - If you chose File Transfer, you can choose the password encryption mode on the Encryption screen. In case you want to enable password recovery through the HTTP login page, tick the Allow users to recover passwords option.
Choosing the Encryption Mode - Finally, once you have done all of that, click the Finish button.
Create a User Account
Now that we have created a domain, it is basically useless if there are no created user accounts. Therefore, let us get started and create a user account that will be used to connect to the SFTP server.
- When you create your first domain, you should be automatically prompted to create a user account. Click the Yes button. When asked to use the wizard, click the Yes button.
Creating a New User Account - First of all, provide the login ID of the user account. Additionally, you can provide the name and email as well. Click Next.
Providing the Login Details - On the next screen, you will be asked to create a password. A password will be generated automatically for you so you can choose to use that or create one on your own. In addition, if you want the user to change their password on their next login, click the User must change password at next login checkbox. Click Next.
Changing the User Account Password - Then, you will have to choose the home directory of the user. This is where the user will be placed after they have successfully logged in. You can also choose to lock the user to their home directory via the option given. While providing the home directory, you can use the %HOME% macro to insert the login ID to the path.
Providing the Home Directory of the User - Finally, on the last screen, you will be asked to choose the Access Rights of the user.
- Give the user Read Only Access if you want him to be able to browse and download files. On the other hand, choose the Full Access option if you wish to grant the user full control of their files and folders in their home directory.
Choosing the User Access - Then, click the Finish button to add the user.
- You can also add more users via the Add button provided on the Users page.
At this point, we have successfully created a custom domain as well as a user account that we can use to connect to the SFTP server. With the help of this, we will be able to send and receive files depending on the type of domain that you created. You can easily connect to the server via a Windows command prompt window. To connect to the Sftp Server from Windows Command prompt, follow the instructions given down below:
- First of all, open up a command prompt window by searching for it in the Start Menu.
- Once it is open, type in the following command to connect to your SFTP server. Make sure to replace the user and domain with your respective user account and domain name. Once done, hit the Enter key.
sftp user@domain
Connecting to the SFTP Server from Command Prompt - After doing that, you will be asked to enter the password of the user account. Provide the password that you created earlier during the User Account wizard.
Providing the User Password - Once you connect to the SFTP server, you will see the prompt change to “sftp>“.
- Now, to see a list of all the commands available, type in help and hit Enter.
Available SFTP Commands - You can use these commands to interact with the server, for example, to download a file, you can use the get command.
Kamil Anwar
Kamil is a certified MCITP, CCNA (W), CCNA (S) and a former British Computer Society Member with over 9 years of experience Configuring, Deploying and Managing Switches, Firewalls and Domain Controllers also an old-school still active on FreeNode.