NAME

SYNOPSIS

DESCRIPTION

The latter three usage formats will fetch a file using either the HTTP or FTP protocols into the current directory. This is ideal for scripts. Refer to AUTO-FETCHING FILES below for more information.

Options may be specified at the command line, or to the command interpreter.

-4

Forces ftps to use IPv4 addresses only.

-6

Forces ftps to use IPv6 addresses only.

-a

Causes ftps to bypass normal login procedure, and use an anonymous login instead.

-d

Enables debugging.

-e

Disables command line editing.

-g

Disables file name globbing.

-i

Turns off interactive prompting during multiple file transfers.

-n

Restrains ftps from attempting “auto-login” upon initial connection. If auto-login is enabled, ftps will check the .netrc (see below) file in the user's home directory for an entry describing an account on the remote machine. If no entry exists, ftps will prompt for the remote machine login name (default is the user identity on the local machine), and, if necessary, prompt for a password and an account with which to login.

-p

Enables passive mode operation for use behind connection filtering firewalls. Using the pftp command has the same effect.

-P port

Sets the port number to port.

-s src_addr

Sets the local IP address for all connections to src_addr, which can be an IP address or a host name.

-t

Enables packet tracing.

-U

Disable data port range restrictions.

-v

Enable verbose mode. This is the default if input is from a terminal. Forces ftps to show all responses from the remote server, as well as report on data transfer statistics.

-V

Disable verbose mode, overriding the default of enabled when input is from a terminal.

-z

This option causes ftps to use the TLS/SSL encryption. There are several valid values for securemode:

Security policy options

 

secure

Don't fall back into the non-secure mode if the TLS/SSL handshake fails.

nosecure

Disable the TLS/SSL encryption at all and allow only non-secure connections.

Protocol negotiation options

 

tls

Use only the RFC2228-compliant FTP-TLS negotiation mode; don't try to negotiate something different.

ssl

Use only the FTP-SSL compatibility mode (for early implementations of the FTP-SSL upgrade); don't try to negotiate something different.

By default both FTP-TLS and FTP-SSL security extensions and the non-secure standard mode are allowed.

Options inside both groups above are mutually exclusive, but a protocol negotiation option may be used after a security policy option to specify the security extension to be used (in this case it overrides the nosecure option and turns on the TLS/SSL encryption with the selected negotiation mode).

verify=level

Set the X.509 certificate verification level. Possible values are:
0 (default) - if not using an anonymous cipher (it is disabled by default), the server will send the certificate which will be checked. The handshake will be continued regardless of the verification result.
1 - the server certificate is verified. If the verification process fails, the TLS/SSL handshake is immediately terminated. If no server certificate is sent, because an anonymous cipher is used, this option is ignored.

cert=certfile

The certificate to use.

key=keyfile

The private key that matches the certificate specified by the cert option. If this is not specified (but cert is), the cert=certfile will be searched for the private key. Both files are assumed to be in PEM format.

ftps expects that the server certificate presented for the data connection must match with one used for the control connection.

Alternate verify locations

CAfile=cafile

The file which contains the trusted CA certificate in PEM format. The file can contain several CA certificates.

CApath=capath

The directory which contains trusted CA certificates in PEM format. Each file contains one CA certificate. The files are looked up by the CA subject name hash value, which must hence be available. If more than one CA certificate with the same name hash value exist, the extension must be different (e.g. 9d66eef0.0, 9d66eef0.1 etc). The search is performed in the ordering of the extension number.

CRLfile=crlfile

The file that contains the Certificate Revocation List (CRL) in PEM format. The file can contain several CRLs.

CRLpath=crlpath

The directory which contains CRLs in PEM format. Each file contains one CRL. The files are looked up by the issuer name hash value, which must hence be available. If more than one CRL with the same name hash value exist, the extension must be different (e.g. 9d66eef0.r0, 9d66eef0.r1 etc). The search is performed in the ordering of the extension number.

If none of both CAfile and CApath (or CRLfile and CRLpath) are specified (and similar pairs of environment variables too), both cafile and capath (or crlfile and crlpath) will be set to default values, otherwise each of cafile and capath (crlfile and crlpath) will be set to specified values or, if values are not specified, thay will be blanked out. The default values are cert.pem and crl.pem files for cafile and crlfile, respectively, and certs/ subdirectory in OpenSSL directory is the default value for both capath and crlpath.

When looking up CA certificates, they will be searched in cafile, then those in capath. Certificate matching is done based on the subject name, the key identifier (if present), and the serial number as taken from the certificate to be verified. If the first certificate which matching the parameters is found, the verification process will be performed.

CRLs are looked up in the similar order: they will be searched in crlfile, then those in crlpath. CRL matching is done based on the issuer name. If the first CRL for this issuer is found, the verification process will be performed.

cipher=cipherlist

The cipher preference list (it also can be specified by the environment variable). The cipherlist consists of one or more cipher strings separated by colons. The actual cipher string can take several different forms. It can consists of a single cipher suite. It can represent a list of cipher suites containing a certain algorithm, or cipher suites of a certain type. Note that the cipher list, which is specified by the command line, overrides one from the environment.

Lists of cipher suites can be combined in a single cipher string using the + character. It is used as the logical and operation.

Each cipher string can be optionally preceded by the characters !, - or +. If ! is used then the ciphers are permanently deleted from the list. If - is used then the ciphers are deleted from the list, but some of all of them can be added again by later options. If + is used then the ciphers are moved to the end of the list. Additionally the cipher string @STRENGTH can be used at any point to sort the current cipher list in order of an encryption algorithm key length.

The following is the short list of permitted cipher strings and their meanings, see the accompanying documentation for more information.
DEFAULT - The default cipher list (determined at a compilation time).
ALL - All cipher suites except the ciphers those offering no encryption.
HIGH - "High" encryption cipher suites (those with key lengths larger than 128 bits).
MEDIUM - "Medium" encryption cipher suites (those using 128 bit encryption).
LOW - "Low" encryption cipher suites (those using 64 or 56 bit encryption algorithms but excluding export cipher suites).
EXP, EXPORT - Export encryption algorithms (including 40 and 56 bits algorithms).
TLSv1, SSLv3, SSLv2 - TLS v1.0, SSL v3.0 or SSL v2.0 cipher suites respectively.

noprot

Do not try to turn on the TLS/SSL protection of data connections during establishing the secure connection with server. By default ftps turns on protection during the user login if the FTP-TLS negotiation was successful and the remote server supports this security level. In the FTP-SSL compatibility mode all data connections are implicitly secure.

logfile=logfile

The file where the TLS/SSL debugging information will be logged.

debug

Turn on the TLS/SSL debugging code.

The client host with which ftps is to communicate may be specified on the command line. If this is done, ftps will immediately attempt to establish a connection to an FTP server on that host; otherwise, ftps will enter its command interpreter and await instructions from the user. When ftps is awaiting commands from the user the prompt ‘ftps>’ is provided to the user. The following commands are recognized by ftps:

! [command [args]]

Invoke an interactive shell on the local machine. If there are arguments, the first is taken to be a command to execute directly, with the rest of the arguments as its arguments.

$ macro-name [args]

Execute the macro macro-name that was defined with the macdef command. Arguments are passed to the macro unglobbed.

account [passwd]

Supply a supplemental password required by a remote system for access to resources once a login has been successfully completed. If no argument is included, the user will be prompted for an account password in a non-echoing input mode.

append local-file [remote-file]

Append a local file to a file on the remote machine. If remote-file is left unspecified, the local file name is used in naming the remote file after being altered by any ntrans or nmap setting. File transfer uses the current settings for type, format, mode and structure.

ascii

Set the file transfer type to network ASCII. This is the default type.

bell

Arrange that a bell be sounded after each file transfer command is completed.

binary

Set the file transfer type to support binary image transfer.

bye

Terminate the FTP session with the remote server and exit ftps. An end of file will also terminate the session and exit.

case

Toggle remote computer file name case mapping during mget commands. When case is on (default is off), remote computer file names with all letters in upper case are written in the local directory with the letters mapped to lower case.

cd remote-directory

Change the working directory on the remote machine to remote-directory.

cdup

Change the remote machine working directory to the parent of the current remote machine working directory.

chmod mode file-name

Change the permission modes of the file file-name on the remote system to mode.

close

Terminate the FTP session with the remote server, and return to the command interpreter. Any defined macros are erased.

cr

Toggle carriage return stripping during ascii type file retrieval. Records are denoted by a carriage return/linefeed sequence during ascii type file transfer. When cr is on (the default), carriage returns are stripped from this sequence to conform with the UNIX single linefeed record delimiter. Records on non-UNIX remote systems may contain single linefeeds; when an ascii type transfer is made, these linefeeds may be distinguished from a record delimiter only when cr is off.

delete remote-file

Delete the file remote-file on the remote machine.

debug [debug-value]

Toggle debugging mode. If an optional debug-value is specified, it is used to set the debugging level. When debugging is on, ftps prints each command sent to the remote machine, preceded by the string ‘-->’

dir [remote-directory [local-file]]

Print a listing of the contents of a directory on the remote machine. The listing includes any system-dependent information that the server chooses to include; for example, most UNIX systems will produce output from the command ‘ls -l’. (See also ls.) If remote-directory is left unspecified, the current working directory is used. If interactive prompting is on, ftps will prompt the user to verify that the last argument is indeed the target local file for receiving dir output. If no local file is specified, or if local-file is ‘-’, the output is sent to the terminal.

As this command provides extra information which is system-dependent, you should use the nlist command instead if you only want a plain list of files.

disconnect

A synonym for close.

edit

Toggle command line editing, and context sensitive command and file completion. This is automatically enabled if input is from a terminal, and disabled otherwise.

epsv4

Toggle use of EPSV/EPRT commands on IPv4 FTP sessions. Turning this option off may remedy problems with some firewalls, e.g., IPFilter.

epsv6

Toggle use of EPSV/EPRT commands on IPv6 FTP sessions.

exit

A synonym for bye.

features

Request the remote FTP server for a list of supported extensions using the FEAT command.

ftp host [port]

A synonym for open.

form format

Set the file transfer form to format. The default format is “file”.

get remote-file [local-file]

Retrieve the remote-file and store it on the local machine. If the local file name is not specified, it is given the same name it has on the remote machine, subject to alteration by the current case, ntrans and nmap settings. The current settings for type, form, mode and structure are used while transferring the file.

gate [host [port]]

Toggle gate-ftp mode. This will not be permitted if the gate-ftp server hasn't been set (either explicitly by the user, or from the FTPSERVER environment variable). If host is given, then gate-ftp mode will be enabled, and the gate-ftp server will be set to host. If port is also given, that will be used as the port to connect to on the gate-ftp server.

glob

Toggle filename expansion for mdelete, mget and mput. If globbing is turned off with glob, the file name arguments are taken literally and not expanded. Globbing for mput is done as in csh(1). For mdelete and mget, each remote file name is expanded separately on the remote machine and the lists are not merged. Expansion of a directory name is likely to be different from expansion of the name of an ordinary file: the exact result depends on the foreign operating system and ftp server, and can be previewed by doing ‘mls remote-files -’ Note: mget and mput are not meant to transfer entire directory subtrees of files. That can be done by transferring a tar(1) archive of the subtree (in binary mode).

hash [size]

Toggle hash-sign (``#'') printing for each data block transferred. The size of a data block defaults to 1024 bytes. This can be changed by specifying size in bytes.

help [command]

Print an informative message about the meaning of command. If no argument is given, ftps prints a list of the known commands.

idle [seconds]

Set the inactivity timer on the remote server to seconds seconds. If seconds is omitted, the current inactivity timer is printed.

lcd [directory]

Change the working directory on the local machine. If no directory is specified, the user's home directory is used.

less file

A synonym for page.

lpwd

Print the working directory on the local machine.

ls [remote-directory [local-file]]

A synonym for dir.

macdef macro-name

Define a macro. Subsequent lines are stored as the macro macro-name; a null line (consecutive newline characters in a file or carriage returns from the terminal) terminates macro input mode. There is a limit of 16 macros and 4096 total characters in all defined macros. Macros remain defined until a close command is executed. The macro processor interprets `$' and `\' as special characters. A `$' followed by a number (or numbers) is replaced by the corresponding argument on the macro invocation command line. A `$' followed by an `i' signals that macro processor that the executing macro is to be looped. On the first pass `$i' is replaced by the first argument on the macro invocation command line, on the second pass it is replaced by the second argument, and so on. A `\' followed by any character is replaced by that character. Use the `\' to prevent special treatment of the `$'.

mdelete [remote-files]

Delete the remote-files on the remote machine.

mdir remote-files local-file

Like dir, except multiple remote files may be specified. If interactive prompting is on, ftps will prompt the user to verify that the last argument is indeed the target local file for receiving mdir output.

mget remote-files

Expand the remote-files on the remote machine and do a get for each file name thus produced. See glob for details on the filename expansion. Resulting file names will then be processed according to case, ntrans and nmap settings. Files are transferred into the local working directory, which can be changed with ‘lcd directory’; new local directories can be created with ‘! mkdir directory’.

mkdir directory-name

Make a directory on the remote machine.

mls remote-files local-file

Like ls, except multiple remote files may be specified, and the local-file must be specified. If interactive prompting is on, ftps will prompt the user to verify that the last argument is indeed the target local file for receiving mls output.

mode [mode-name]

Set the file transfer mode to mode-name. The default mode is “stream” mode.

modtime file-name

Show the last modification time of the file on the remote machine.

more file

A synonym for page.

mput local-files

Expand wild cards in the list of local files given as arguments and do a put for each file in the resulting list. See glob for details of filename expansion. Resulting file names will then be processed according to ntrans and nmap settings.

msend local-files

A synonym for mput.

newer file-name

Get the file only if the modification time of the remote file is more recent that the file on the current system. If the file does not exist on the current system, the remote file is considered newer. Otherwise, this command is identical to get.

nlist [remote-directory [local-file]]

Print a list of the files in a directory on the remote machine. If remote-directory is left unspecified, the current working directory is used. If interactive prompting is on, ftps will prompt the user to verify that the last argument is indeed the target local file for receiving ls output. If no local file is specified, or if local-file is -, the output is sent to the terminal.

Note that this command only returns the filenames in the remote directory. If you wish to see more information about the files (often size, modification time, and so on), you should use the dir command instead.

nmap [inpattern outpattern]

Set or unset the filename mapping mechanism. If no arguments are specified, the filename mapping mechanism is unset. If arguments are specified, remote filenames are mapped during mput commands and put commands issued without a specified remote target filename. If arguments are specified, local filenames are mapped during mget commands and get commands issued without a specified local target filename. This command is useful when connecting to a non-UNIX remote computer with different file naming conventions or practices. The mapping follows the pattern set by inpattern and outpattern. [Inpattern] is a template for incoming filenames (which may have already been processed according to the ntrans and case settings). Variable templating is accomplished by including the sequences `$1', `$2', ..., `$9' in inpattern. Use `\' to prevent this special treatment of the `$' character. All other characters are treated literally, and are used to determine the nmap [inpattern] variable values. For example, given inpattern $1.$2 and the remote file name "mydata.data", $1 would have the value "mydata", and $2 would have the value "data". The outpattern determines the resulting mapped filename. The sequences `$1', `$2', ...., `$9' are replaced by any value resulting from the inpattern template. The sequence `$0' is replace by the original filename. Additionally, the sequence ‘[seq1, seq2]’ is replaced by [seq1] if seq1 is not a null string; otherwise it is replaced by seq2. For example, the command

nmap $1.$2.$3 [$1,$2].[$2,file]
    

would yield the output filename "myfile.data" for input filenames "myfile.data" and "myfile.data.old", "myfile.file" for the input filename "myfile", and "myfile.myfile" for the input filename ".myfile". Spaces may be included in outpattern, as in the example: `nmap $1 sed "s/ *$//" > $1' . Use the `\' character to prevent special treatment of the `$','[',']' and `,' characters.

ntrans [inchars [outchars]]

Set or unset the filename character translation mechanism. If no arguments are specified, the filename character translation mechanism is unset. If arguments are specified, characters in remote filenames are translated during mput commands and put commands issued without a specified remote target filename. If arguments are specified, characters in local filenames are translated during mget commands and get commands issued without a specified local target filename. This command is useful when connecting to a non-UNIX remote computer with different file naming conventions or practices. Characters in a filename matching a character in inchars are replaced with the corresponding character in outchars. If the character's position in inchars is longer than the length of outchars, the character is deleted from the file name.

open host [port]

Establish a connection to the specified host FTP server. An optional port number may be supplied, in which case, ftps will attempt to contact an FTP server at that port. If the auto-login option is on (default), ftps will also attempt to automatically log the user in to the FTP server (see below).

page file

Retrieve file and display with the program defined in PAGER (which defaults to more(1)).

passive

Toggle passive mode. If passive mode is turned on (default is off), the ftp client will send a PASV command for all data connections instead of the usual PORT command. The PASV command requests that the remote server open a port for the data connection and return the address of that port. The remote server listens on that port and the client connects to it. When using the more traditional PORT command, the client listens on a port and sends that address to the remote server, who connects back to it. Passive mode is useful when using ftps through a gateway router or host that controls the directionality of traffic. (Note that though ftp servers are required to support the PASV command by RFC 1123, some do not. Please note that if you are connecting to IPv6 ftp server, the program will use EPSV/EPRT pair and LPSV/LPRT pair, instead of PASV and PORT. The meaning is the same.)

preserve

Toggle preservation of modification times on retrieved files.

progress

Toggle display of transfer progress bar. The progress bar will be disabled for a transfer that has local-file as ‘-’ or a command that starts with ‘|’. Refer to FILE NAMING CONVENTIONS for more information.

prompt

Toggle interactive prompting. Interactive prompting occurs during multiple file transfers to allow the user to selectively retrieve or store files. If prompting is turned off (default is on), any mget or mput will transfer all files, and any mdelete will delete all files.

When prompting is on, the following commands are available at a prompt:

n

Do not transfer the file.

a

Answer ‘yes’ to the current file, and automatically answer ‘yes’ to any remaining files for the current command.

p

Answer ‘yes’ to the current file, and turn off prompt mode (as if “prompt off” had been given).

Any other reponse will answer ‘yes’ to the current file.

prot

Toggle TLS/SSL protection of data connections if remote server supports this operation (in FTP-SSL compatibility mode they are implicitly secure). By default ftps tries to turn on protection during user login if FTP-TLS negotiation was successful.

proxy ftp-command

Execute an ftp command on a secondary control connection. This command allows simultaneous connection to two remote ftp servers for transferring files between the two servers. The first proxy command should be an open, to establish the secondary control connection. Enter the command "proxy ?" to see other ftp commands executable on the secondary connection. The following commands behave differently when prefaced by proxy: open will not define new macros during the auto-login process, close will not erase existing macro definitions, get and mget transfer files from the host on the primary control connection to the host on the secondary control connection, and put, mput and append transfer files from the host on the secondary control connection to the host on the primary control connection. Third party file transfers depend upon support of the ftp protocol PASV command by the server on the secondary control connection.

Please note that ftps supports both standard and TLS/SSL FTP servers on both primary and secondary control connections with both protected or unprotected state of data connections, but file transferring between remote FTP servers may be done only over unprotected data connections.

put local-file [remote-file]

Store a local file on the remote machine. If remote-file is left unspecified, the local file name is used after processing according to any ntrans or nmap settings in naming the remote file. File transfer uses the current settings for type, format, mode and structure.

pwd

Print the name of the current working directory on the remote machine.

quit

A synonym for bye.

quote arg1 arg2 ...

The arguments specified are sent, verbatim, to the remote FTP server.

recv remote-file [local-file]

A synonym for get.

reget remote-file [local-file]

Reget acts like get, except that if local-file exists and is smaller than remote-file, local-file is presumed to be a partially transferred copy of remote-file and the transfer is continued from the apparent point of failure. This command is useful when transferring very large files over networks that are prone to dropping connections.

remotehelp [command-name]

Request help from the remote FTP server. If a command-name is specified it is supplied to the server as well.

rstatus [file-name]

With no arguments, show status of remote machine. If file-name is specified, show status of file-name on remote machine.

rename [from [to]]

Rename the file from on the remote machine, to the file to.

reset

Clear reply queue. This command re-synchronizes command/reply sequencing with the remote ftp server. Resynchronization may be necessary following a violation of the ftp protocol by the remote server.

restart marker

Restart the immediately following get or put at the indicated marker. On UNIX systems, marker is usually a byte offset into the file.

restrict

Toggle data port range restrictions. When not operating in passive mode, the ftps client program requests that the remote server open a connection back to the client host on a separate data port. In previous versions, that remote port fell in the range 1024..4999. However, most firewall setups filter that range of TCP ports because other services reside there. The default behavior now is for the client to request that the server connect back to the client using the port range 49152..65535. Firewall administrators can chose to allow TCP connections in that range, if they deem it not to be a security risk.

rmdir directory-name

Delete a directory on the remote machine.

runique

Toggle storing of files on the local system with unique filenames. If a file already exists with a name equal to the target local filename for a get or mget command, a ".1" is appended to the name. If the resulting name matches another existing file, a ".2" is appended to the original name. If this process continues up to ".99", an error message is printed, and the transfer does not take place. The generated unique filename will be reported. Note that runique will not affect local files generated from a shell command (see below). The default value is off.

send local-file [remote-file]

A synonym for put.

sendport

Toggle the use of PORT commands. By default, ftps will attempt to use a PORT command when establishing a connection for each data transfer. The use of PORT commands can prevent delays when performing multiple file transfers. If the PORT command fails, ftps will use the default data port. When the use of PORT commands is disabled, no attempt will be made to use PORT commands for each data transfer. This is useful for certain FTP implementations which do ignore PORT commands but, incorrectly, indicate they've been accepted.

site arg1 arg2 ...

The arguments specified are sent, verbatim, to the remote FTP server as a SITE command.

size file-name

Return size of file-name on remote machine.

status

Show the current status of ftps.

struct [struct-name]

Set the file transfer structure to struct-name. By default “stream” structure is used.

sunique

Toggle storing of files on remote machine under unique file names. Remote ftp server must support ftp protocol STOU command for successful completion. The remote server will report unique name. Default value is off.

system

Show the type of operating system running on the remote machine.

tenex

Set the file transfer type to that needed to talk to TENEX machines.

trace

Toggle packet tracing.

type [type-name]

Set the file transfer type to type-name. If no type is specified, the current type is printed. The default type is network ASCII.

umask [newmask]

Set the default umask on the remote server to newmask. If newmask is omitted, the current umask is printed.

user user-name [password [account]]

Identify yourself to the remote FTP server. If the password is not specified and the server requires it, ftps will prompt the user for it (after disabling local echo). If an account field is not specified, and the FTP server requires it, the user will be prompted for it. If an account field is specified, an account command will be relayed to the remote server after the login sequence is completed if the remote server did not require it for logging in. Unless ftps is invoked with “auto-login” disabled, this process is done automatically on initial connection to the FTP server.

verbose

Toggle verbose mode. In verbose mode, all responses from the FTP server are displayed to the user. In addition, if verbose is on, when a file transfer completes, statistics regarding the efficiency of the transfer are reported. By default, verbose is on.

? [command]

A synonym for help.

Command arguments which have embedded spaces may be quoted with quote `"' marks.

Commands which toggle settings can take an explicit on or off argument to force the setting appropriately.

If ftps receives a SIGINFO (see the “status” argument of stty(1)) signal whilst a transfer is in progress, the current transfer rate statistics will be written to the standard error output, in the same format as the standard completion message.

AUTO-FETCHING FILES

The following formats are valid syntax for an auto-fetch element:

host:/file

“Classic” ftp format

ftp://[user:password@]host[:port]/file

An ftp URL, retrieved using the ftp protocol if ftp_proxy isn't defined. Otherwise, transfer using http via the proxy defined in ftp_proxy. If user:password@ is given and ftp_proxy isn't defined, login as user with a password of password.

http://host[:port]/file

An HTTP URL, retrieved using the http protocol. If http_proxy is defined, it is used as a URL to an HTTP proxy server.

If a classic format or a ftp URL format has a trailing ‘/’, then ftps will connect to the site and cd to the directory given as the path, and leave the user in interactive mode ready for further input.

If successive auto-fetch ftp elements refer to the same host, then the connection is maintained between transfers, reducing overhead on connection creation and deletion.

If file contains a glob character and globbing is enabled, (see glob), then the equivalent of mget file is performed.

If the directory component of file contains no globbing characters, it is stored in the current directory as the basename(1) of file. Otherwise, the remote name is used as the local name.

ABORTING A FILE TRANSFER

The terminal interrupt key sequence will be ignored when ftps has completed any local processing and is awaiting a reply from the remote server. A long delay in this mode may result from the ABOR processing described above, or from unexpected behavior by the remote server, including violations of the ftp protocol. If the delay results from unexpected remote server behavior, the local ftps program must be killed by hand.

FILE NAMING CONVENTIONS

1. If the file name ‘-’ is specified, the stdin (for reading) or stdout (for writing) is used.
2. If the first character of the file name is ‘|’, the remainder of the argument is interpreted as a shell command. ftps then forks a shell, using popen(3) with the argument supplied, and reads (writes) from the stdin (stdout). If the shell command includes spaces, the argument must be quoted; e.g. “" ls -lt"”. A particularly useful example of this mechanism is: “dir |more”.
3. Failing the above checks, if “globbing” is enabled, local file names are expanded according to the rules used in the csh(1); c.f. the glob command. If the ftps command expects a single local file (e.g. put), only the first filename generated by the "globbing" operation is used.
4. For mget commands and get commands with unspecified local file names, the local filename is the remote filename, which may be altered by a case, ntrans, or nmap setting. The resulting filename may then be altered if runique is on.
5. For mput commands and put commands with unspecified remote file names, the remote filename is the local filename, which may be altered by a ntrans or nmap setting. The resulting filename may then be altered by the remote server if sunique is on.

FILE TRANSFER PARAMETERS

ftps supports only the default values for the remaining file transfer parameters: mode, form and struct.

THE .netrc FILE

machine name

Identify a remote machine name. The auto-login process searches the .netrc file for a machine token that matches the remote machine specified on the ftps command line or as an open command argument. Once a match is made, the subsequent .netrc tokens are processed, stopping when the end of file is reached or another machine or a default token is encountered.

default

This is the same as machine name except that default matches any name. There can be only one default token, and it must be after all machine tokens. This is normally used as:

default login anonymous password user@site

thereby giving the user automatic anonymous ftp login to machines not specified in .netrc. This can be overridden by using the -n flag to disable auto-login.

login name

Identify a user on the remote machine. If this token is present, the auto-login process will initiate a login using the specified name.

password string

Supply a password. If this token is present, the auto-login process will supply the specified string if the remote server requires a password as part of the login process. Note that if this token is present in the .netrc file for any user other than anonymous, ftps will abort the auto-login process if the .netrc is readable by anyone besides the user.

account string

Supply an additional account password. If this token is present, the auto-login process will supply the specified string if the remote server requires an additional account password, or the auto-login process will initiate an ACCT command if it does not.

macdef name

Define a macro. This token functions like the ftps macdef command functions. A macro is defined with the specified name; its contents begin with the next .netrc line and continue until a null line (consecutive new-line characters) is encountered. If a macro named init is defined, it is automatically executed as the last step in the auto-login process.

COMMAND LINE EDITING

The editline(3) library is configured with a .editrc file - refer to editrc(5) for more information.

An extra key binding is available to ftps to provide context sensitive command and filename completion (including remote file completion). To use this, bind a key to the editline(3) command ftp-complete. By default, this is bound to the TAB key.

ENVIRONMENT

FTP_PASSIVE_MODE

If this variable is set to something else than ‘NO’, ftps will use passive mode by default.

FTPSERVER

Host to use as gate-ftp server when gate is enabled.

FTPSERVERPORT

Port to use when connecting to gate-ftp server when gate is enabled. Default is port returned by a getservbyname() lookup of “ftpgate/tcp”.

HOME

For default location of a .netrc file, if one exists.

PAGER

Used by page to display files.

SHELL

For default shell.

ftp_proxy

URL of FTP proxy to use when making FTP URL requests (if not defined, use the standard ftp protocol).

http_proxy

URL of HTTP proxy to use when making HTTP URL requests.

SSL_CERT_FILE

For alternate file which contains trusted CA certificates.

SSL_CERT_DIR

For alternate directory which contains trusted CA certificates.

SSL_CRL_FILE

For alternate file which contains CRLs.

SSL_CRL_DIR

For alternate directory which contains CRLs.

SSL_CIPHER

The TLS/SSL cipher preference list.

SEE ALSO

HISTORY

Various features such as command line editing, context sensitive command and file completion, dynamic progress bar, automatic fetching of files, ftp and http URLs, and modification time preservation were implemented in NetBSD 1.3 by Luke Mewburn, with assistance from Jason Thorpe.

IPv6 support was added by WIDE/KAME Project.

Modifications for TLS/SSL support, RFC2228 features and Linux port were made by Nick Leuta <skynick@mail.sc.ru>.

BUGS

An error in the treatment of carriage returns in the 4.2BSD ascii-mode transfer code has been corrected. This correction may result in incorrect transfers of binary files to and from 4.2BSD servers using the ascii type. Avoid this problem by using the binary image type.

Proxying functionalities, such as ftp_proxy, may not work for IPv6 connection.