Command |
Description |
help [command] |
Prints out help for a specific command, or if no command is specified, a list of supported commands is provided. |
version |
Prints out version details.
Can use ver as an abbreviation.
|
debug |
Switches debug on or off. If debug is already on, it is switched off (and vice versa). When debug is enabled, more information is displayed when commands are executed. |
set
|
Sets various parameters used during the session, many of which are optional. Syntax is set name=value.
Note that 'set' can be omitted, and thus protocol=ftp is a valid
command.
Variables can be created this way. If an unknown variable is set using the 'set' command, then a variable of that name and value is created, e.g. myprotocol=ftp creates a
variable called 'myprotocol' set to the string value 'ftp'.
The value of variables can be printed out using echo.
The value of all set variables can be printed out using set without any arguments.
The set command also supports a feature originally found on Unix systems called backquoting.
This is where a variable is assigned the value of the output of a command, which must be surrounded by back quotes (the '`' symbol).
For example, to set the variable 'currendir' to the value of the current remote working directory, use set currentdir=`pwd`.
|
set protocol |
Set the protocol to be used. Note that the protocol cannot be changed while connected. Supported protocols are shown below:
Protocol |
Description |
ftp |
"Plain" FTP protocol |
ftps |
FTPS, i.e. FTP over SSL (explicit mode) |
ftpse |
FTPS, i.e. FTP over SSL (explicit mode) |
ftpsi |
FTPS, i.e. FTP over SSL (implicit mode). |
sftp |
SFTP, i.e. FTP over SSH |
Note that server validation is not yet supported for any secure protocol, and the only form of client validation supported is username/password. Future versions will support client and server validation.
|
set connectmode |
Sets the connection mode for data transfers and listings. Not applicable for SFTP protocol. Possible values are active or passive., e.g. set connectmode=active. |
set remotehost |
Sets the remote host to be connected to, e.g. set remotehost=ftp.gnu.org |
set user |
Sets the username, e.g. set user=javaftp. This username is used for all supported protocols. |
set password |
Sets the user's password, e.g. set password=javaftp. This password is used for all supported protocols. |
set servercert |
Sets the path of the server certificate (or the server's CA root certificate) to use for server validation for FTPS. Currently supports PEM file format for certificates.
Once set, server validation is automatically switched on.
|
set clientcert |
Sets the path of the client certificate to use for client validation for FTPS. Currently supports PEM file format for certificates.
Note that the password must also be set via certpassword.
Once set, client validation is automatically switched on.
|
set certpassword |
Sets the password (or passphrase) of the client certificate used for client validation (FTPS). |
set serverpublickey |
Sets the path of the server's public key to use for server validation for SFTP. Supports OpenSSH and SECSH file formats.
Once set, server validation is automatically switched on. More typically set knownhosts is used.
Can also use serverkey.
|
set knownhosts |
Sets the path of the known_hosts file to use for server validation for SFTP. Once set, server validation is automatically switched on. |
set clientprivatekey |
Sets the path of the client private key file to be used for public key authentication in SFTP. Supports PuTTY,
OpenSSH and SSH.com private key formats. Note that the clientprivatekeypass must also be set.
Can also use clientkey.
|
set clientprivatekeypass |
Sets the passphrase of the client private key file to be used for public key authentication in SFTP.
Can also use clientkeypass.
|
set proxytype |
Sets the type of proxy to be used (if any). Options include "http", "socks4", "socks5" and "noproxy". Use "noproxy" to clear a previous setting. |
set proxyaddress |
Sets the address of the proxy (hostname or IP). |
set proxyport |
Sets the port number to connect to the proxy on. |
set publicproxyaddress |
Optional. Sets the public address of the proxy, which is required for FTP and FTPS in active mode. |
set proxyuser |
Optional. Sets the name of the proxy user. |
set proxypassword |
Opotional. Sets the password of the proxy user. |
set timeout |
Optional. Sets the timeout in seconds for read or write operations (and for the initial connection attempt for
JRE 1.4 and greater). The default is 0 (which is an infinite timeout). e.g. set timeout=10
|
set port |
Optional.
Defaults are determined by the protocol. Sets the port number to
connect to, e.g. set port=21
|
set dataports |
Optional. Only applicable for active mode. Sets the data port range
that the client will listen on for listings and transfers. The low port number must be listed first, e.g. set dataports=10100-10140
|
set loglevel |
Optional. Sets the logging level. 0 means no
logging, while 5 is the maximum log level (the default). e.g. set
loglevel=4
|
set logfile |
Sets the name or full path of the logfile to direct logging to, e.g. set logfile=C:\temp\ftp.log |
set configflags |
Sets
configuration flags, primarily for FTPS. The flags supported are listed below. The '|' symbol
can be used to OR the flags together, e.g. 'set configflags = DISABLE_CONTROL_SSL_CLOSURE | ALLOW_BASIC_CONSTRAINTS_IN_NON_CA'
Flag |
Description |
DISABLE_CONTROL_SSL_CLOSURE |
Disables standard SSL closure on the control channel forcing SSL connections to close in a non-standard (and insecure) manner.
This flag may be useful if it is found that the client or the server
(or both) freezes when the FTP connection is closed.
|
DISABLE_CONTROL_SSL_CLOSURE |
Disables standard SSL closure on the data channel forcing
SSL connections to close in a non-standard (and insecure) manner.
This flag may be useful if it is found that the client or the server
(or both) freezes after a data-transfer has completed. Note that it is unnecessary to use
DISABLE_DATA_WAIT_ON_CLOSE when using this flag.
|
DISABLE_SSL_CLOSURE |
Disables standard SSL closure forcing on both data and control
channels SSL connections to close in a non-standard (and insecure)
manner. This flag may be useful if it is found that the client or the
server (or both) freezes after a data-transfer or when the FTP
connection is closed. Note that it is unnecessary to use the
DISABLE_WAIT_ON_CLOSE when using
this flag.
|
DISABLE_CONTROL_WAIT_ON_CLOSE |
Stops the client waiting for an SSL closure acknowledgement on
the control channel. This flag may be useful if it is found that
the client freezes when the FTP connection is closed.
Note that it is unnecessary to use this flag when the
DISABLE_CONTROL_SSL_CLOSURE flag is on.
|
DISABLE_DATA_WAIT_ON_CLOSE |
Stops the client waiting for an SSL closure acknowledgement on
the data channel. This flag may be useful if it is found that
the client freezes after a data-transfer.
Note that it is unnecessary to use this flag when the
DISABLE_DATA_SSL_CLOSURE flag is on.
|
DISABLE_WAIT_ON_CLOSE |
Stops the client waiting for an SSL closure acknowledgement on
both the control channel and the data channel. This flag may be useful
if it is found that the client freezes after a data-transfer or when the
FTP connection is closed.
Note that it is unnecessary to use this flag when the
DISABLE_SSL_CLOSURE flag is on.
|
START_WITH_CLEAR_DATA_CHANNELS |
By default the scripting client switches to private
data channels immediately after connecting. This flag disables this, so that data channels are clear.
|
ALLOW_BASIC_CONSTRAINTS_IN_NON_CA |
Enabling this flag relaxes the checking of basic constraints. Basic constraints
are sometimes present when they are not required. By default, they are checked
if they're present (even if they're not required to be there) and connections
will fail if they are then found to be nonstandard. Enabling this flag will
prevent failures in cases where basic constraints are not required.
|
DISABLE_SESSION_RESUMPTION |
Disables SSL/TLS session resumption.
Session resumption is a feature of SSL/TLS, which speeds up the establishment of
secure connections by caching certain cryptographic parameters during the first
connection, such that they may be used in subsequent connections. This is
particularly handy for FTPS which opens a new connection for each file transfer.
Occasionally it can cause problems when establishing secure connections on
data-channels, so this flag is provided for disabling the feature and thus
forcing a full exchange of cryptographic data for every file.
|
|
set tlsdebug |
Sets
the level of SSL/TLS debugging. Different levels display different portions
of TLS debugging information. The possible levels are 0,1,2,4,8,16,32,64,256,65535. Use 65535 to get all possible debugging output for SSL/TLS processing (warning - there is a lot).
|
set cryptodebug |
Sets debugging of cryptographic code on or off, e.g. set cryptodebug=true |
echo |
Echos the value of a variable to standard output, whether user-defined or a system variable such
as 'protocol'. The variable must be preceded by a '$' to identify it as a variable,
e.g. echo $protocol.
A synonym for echo is print.
|
open [host[:port]] |
Opens the connection to the remote server. The user and password must already
be set via the set command. If the remote host is not already set, it
must be supplied here (and will override any previous setting for this
connection attempt). The port number can also be optionally supplied (but the host must be provided). e.g. open
edtmobile:21
Can also use connect.
|
binary |
Change the current transfer mode to binary mode. Binary is the default.
Can use bin as an abbreviation.
|
ascii |
Change the current transfer mode to ASCII mode. Binary is the default.
Can use asc as an abbreviation.
|
pwd |
Print the current remote working directory. |
dir [remotedir] |
Perform a detailed listing of the current directory if no directory
is supplied as an argument, or of the supplied remote directory.
See ls for a similar command. A synomyn of dir
is ls -l.
|
ls [remotedir] |
Perform a simple listing (just filenames) of the current directory if no directory
is supplied as an argument, or of the supplied remote directory. If ls -l is used, a
detailed listing is supplied.
See dir for a similar command. A synomyn of ls -l
is dir.
|
cd remotedir |
Change the current remote working directory to remotedir. |
cdup |
Change the current remote working directory to its parent directory. |
mkdir remotedir |
Create the remotedir directory. |
rmdir remotedir |
Delete the remotedir directory. It must be empty. |
get remotefile [localfile] |
Download a remotefile to the local host. The localfile
parameter can be a filename or the full path of a local file. If it is
a filename, the current local working directory is prepended.
Note that the localfile
parameter is optional - if not supplied, the downloaded file is saved
in the current local working directory with the name of remotefile.
The remotefile
parameter can be a filename or a path. Not all servers support the use
of a path - in this case navigate to the correct
remote directory using cd.
|
put localfile [remotefile] |
Upload
a local file to the remote host. The localfile parameter
can be a filename or the full path of a local file. If it is a
filename, the current local working directory is prepended.
The remotefile
parameter should be a filename or
a path. Not all servers support the use of a path - in this case
navigate to the correct
remote directory using cd.
If the remotefile parameter
is not
supplied, the local file name will be used.
|
append localfile [remotefile] |
Append
the contents of a local file to a remote file (if it exists) on the
remote host. The localfile
parameter
can be a filename or the full path of a local file. If it is a
filename, the current local working directory is prepended.
The remotefile parameter
should be a filename or
a path. Not all servers support the use of a path - in this case
navigate to the correct
remote directory using cd.
If the remotefile parameter
is not
supplied, the local file name will be used.
|
rename remotefile1 remotefile2 |
Rename
a remote file from
remotefile1 to remotefile2.
Note that both parameters should be filenames, not
full paths.
Can use ren as an
abbreviation.
|
delete remotefile |
Delete a remote file in the current remote working directory.
Can use del
as an abbreviation.
|
mdelete wildcard |
Delete
multiple remote files that match the wildcard in the current
remote working directory.
Wildcards supported are '?' for a single matching character, and '*'
for multiple matching characters. e.g. to delete all text files in the
current remote directory, use mdel *.txt
Can use mdel as an
abbreviation.
|
mput wildcard |
Upload multiple
local files that match the wildcard in the current local working
directory to the current remote working directory.
Wildcards supported
are '?' for a single matching character, and '*' for multiple matching
characters. e.g. to upload all text files from the current local
working
directory, use mput *.txt
|
mget wildcard |
Download
multiple
local files that match the wildcard in the current remote working
directory to the current local working directory.
Wildcards supported
are '?' for a single matching character, and '*' for multiple matching
characters. e.g. to download all text files from the current remote
working
directory use mget *.txt
|
close |
Closes
the connection to the remote server.
Can also use bye, quit, exit or disconnect.
|
quote command |
Sends the quoted command to the server and displays the response. |
site parameters |
Sends a SITE command to the FTP server with the supplied parameters. These parameters
can vary widely between FTP servers. This command is not applicable to SFTP servers.
For example site CHMOD 0600 /home/user/privatefile might
be used to change the permissions of a file on an FTP server that supports this feature.
|
auth |
Change
from unencrypted 'plain' FTP into secure FTP.
Supported options are ssl, tls, or tls-c. e.g. auth tls
|
protect |
Change
the protection level of the data channel.
Supported options are
clear (or c) to set data
channels to unencrypted, and private (or p)
to set data channels to encrypted. e.g. protect clear
Alternatively
private
has the same effect as protect private, and clear
has the same effect as protect clear.
An abbreviation for protect
is prot, which combined with the argument abbreviations means that to set
the data channels to unencrypted could be done with prot c, and to set to
encrypted could be done with prot p.
|
private |
Change
the protection level of the data channel to private. Identical to protect private.
|
clear |
Change
the protection level of the data channel to clear. Identical to protect clear.
|
ccc |
Clears
the control channel, setting it back to plain unencrypted text. This
can be useful when using firewalls, which need to be able to inspect
the control channel to open data channel ports.
Once ccc
has been called, no more protect
commands can be used. This is a security measure inherent in the
protocol.
|