Command Reference

Scripting and shell commands are described in the table below. Abbreviations for commands are noted in the command description.

Where the command has optional arguments, they are shown in square brackets, e.g. open [host[:port]] means that for the open command, the host and port are optional parameters (but if the port is supplied, the host must be supplied).

Command Description
help [command] Prints out help for a specific command, or if no command is specified, a list of supported commands is provided.
version Prints out version details.
Can use ver as an abbreviation.
debug Switches debug on or off. If debug is already on, it is switched off (and vice versa). When debug is enabled, more information is displayed when commands are executed.
set Sets various parameters used during the session, many of which are optional. Syntax is set name=value.

Note that 'set' can be omitted, and thus protocol=ftp is a valid command.

Variables can be created this way. If an unknown variable is set using the 'set' command, then a variable of that name and value is created, e.g. myprotocol=ftp creates a variable called 'myprotocol' set to the string value 'ftp'.

The value of variables can be printed out using echo.

The value of all set variables can be printed out using set without any arguments.

The set command also supports a feature originally found on Unix systems called backquoting. This is where a variable is assigned the value of the output of a command, which must be surrounded by back quotes (the '`' symbol).

For example, to set the variable 'currendir' to the value of the current remote working directory, use set currentdir=`pwd`.
set protocol
Set the protocol to be used. Note that the protocol cannot be changed while connected. Supported protocols are shown below:

Protocol Description
ftp "Plain" FTP protocol
ftps FTPS, i.e. FTP over SSL (explicit mode)
ftpse FTPS, i.e. FTP over SSL (explicit mode)
ftpsi FTPS, i.e. FTP over SSL (implicit mode).
sftp SFTP, i.e. FTP over SSH

Note that server validation is not yet supported for any secure protocol, and the only form of client validation supported is username/password. Future versions will support client and server validation.
set connectmode Sets the connection mode for data transfers and listings. Not applicable for SFTP protocol. Possible values are active or passive., e.g. set connectmode=active.
set remotehost Sets the remote host to be connected to, e.g. set remotehost=ftp.gnu.org
set user Sets the username, e.g. set user=javaftp. This username is used for all supported protocols.
set password Sets the user's password, e.g. set password=javaftp. This password is used for all supported protocols.
set servercert Sets the path of the server certificate (or the server's CA root certificate) to use for server validation for FTPS. Currently supports PEM file format for certificates. Once set, server validation is automatically switched on.
set clientcert Sets the path of the client certificate to use for client validation for FTPS. Currently supports PEM file format for certificates. Note that the password must also be set via certpassword. Once set, client validation is automatically switched on.
set certpassword Sets the password (or passphrase) of the client certificate used for client validation (FTPS).
set serverpublickey Sets the path of the server's public key to use for server validation for SFTP. Supports OpenSSH and SECSH file formats. Once set, server validation is automatically switched on. More typically set knownhosts is used.

Can also use serverkey.
set knownhosts Sets the path of the known_hosts file to use for server validation for SFTP. Once set, server validation is automatically switched on.
set clientprivatekey Sets the path of the client private key file to be used for public key authentication in SFTP. Supports PuTTY, OpenSSH and SSH.com private key formats. Note that the clientprivatekeypass must also be set.

Can also use clientkey.
set clientprivatekeypass Sets the passphrase of the client private key file to be used for public key authentication in SFTP.

Can also use clientkeypass.
set proxytype Sets the type of proxy to be used (if any). Options include "http", "socks4", "socks5" and "noproxy". Use "noproxy" to clear a previous setting.
set proxyaddress Sets the address of the proxy (hostname or IP).
set proxyport Sets the port number to connect to the proxy on.
set publicproxyaddress Optional. Sets the public address of the proxy, which is required for FTP and FTPS in active mode.
set proxyuser Optional. Sets the name of the proxy user.
set proxypassword Opotional. Sets the password of the proxy user.
set timeout Optional. Sets the timeout in seconds for read or write operations (and for the initial connection attempt for JRE 1.4 and greater). The default is 0 (which is an infinite timeout). e.g. set timeout=10
set port Optional. Defaults are determined by the protocol. Sets the port number to connect to, e.g. set port=21
set dataports Optional. Only applicable for active mode. Sets the data port range that the client will listen on for listings and transfers. The low port number must be listed first, e.g. set dataports=10100-10140
set loglevel Optional. Sets the logging level. 0 means no logging, while 5 is the maximum log level (the default). e.g. set loglevel=4
set logfile Sets the name or full path of the logfile to direct logging to, e.g. set logfile=C:\temp\ftp.log
set configflags Sets configuration flags, primarily for FTPS. The flags supported are listed below. The '|' symbol can be used to OR the flags together, e.g. 'set configflags = DISABLE_CONTROL_SSL_CLOSURE | ALLOW_BASIC_CONSTRAINTS_IN_NON_CA'

Flag Description
DISABLE_CONTROL_SSL_CLOSURE Disables standard SSL closure on the control channel forcing SSL connections to close in a non-standard (and insecure) manner. This flag may be useful if it is found that the client or the server (or both) freezes when the FTP connection is closed.
DISABLE_CONTROL_SSL_CLOSURE Disables standard SSL closure on the data channel forcing SSL connections to close in a non-standard (and insecure) manner. This flag may be useful if it is found that the client or the server (or both) freezes after a data-transfer has completed. Note that it is unnecessary to use DISABLE_DATA_WAIT_ON_CLOSE when using this flag.
DISABLE_SSL_CLOSURE Disables standard SSL closure forcing on both data and control channels SSL connections to close in a non-standard (and insecure) manner. This flag may be useful if it is found that the client or the server (or both) freezes after a data-transfer or when the FTP connection is closed. Note that it is unnecessary to use the DISABLE_WAIT_ON_CLOSE when using this flag.
DISABLE_CONTROL_WAIT_ON_CLOSE Stops the client waiting for an SSL closure acknowledgement on the control channel. This flag may be useful if it is found that the client freezes when the FTP connection is closed. Note that it is unnecessary to use this flag when the DISABLE_CONTROL_SSL_CLOSURE flag is on.
DISABLE_DATA_WAIT_ON_CLOSE Stops the client waiting for an SSL closure acknowledgement on the data channel. This flag may be useful if it is found that the client freezes after a data-transfer. Note that it is unnecessary to use this flag when the DISABLE_DATA_SSL_CLOSURE flag is on.
DISABLE_WAIT_ON_CLOSE Stops the client waiting for an SSL closure acknowledgement on both the control channel and the data channel. This flag may be useful if it is found that the client freezes after a data-transfer or when the FTP connection is closed. Note that it is unnecessary to use this flag when the DISABLE_SSL_CLOSURE flag is on.
START_WITH_CLEAR_DATA_CHANNELS By default the scripting client switches to private data channels immediately after connecting. This flag disables this, so that data channels are clear.
ALLOW_BASIC_CONSTRAINTS_IN_NON_CA Enabling this flag relaxes the checking of basic constraints. Basic constraints are sometimes present when they are not required. By default, they are checked if they're present (even if they're not required to be there) and connections will fail if they are then found to be nonstandard. Enabling this flag will prevent failures in cases where basic constraints are not required.
DISABLE_SESSION_RESUMPTION Disables SSL/TLS session resumption. Session resumption is a feature of SSL/TLS, which speeds up the establishment of secure connections by caching certain cryptographic parameters during the first connection, such that they may be used in subsequent connections. This is particularly handy for FTPS which opens a new connection for each file transfer. Occasionally it can cause problems when establishing secure connections on data-channels, so this flag is provided for disabling the feature and thus forcing a full exchange of cryptographic data for every file.
set tlsdebug Sets the level of SSL/TLS debugging. Different levels display different portions of TLS debugging information. The possible levels are 0,1,2,4,8,16,32,64,256,65535. Use 65535 to get all possible debugging output for SSL/TLS processing (warning - there is a lot).
set cryptodebug Sets debugging of cryptographic code on or off, e.g. set cryptodebug=true
echo Echos the value of a variable to standard output, whether user-defined or a system variable such as 'protocol'. The variable must be preceded by a '$' to identify it as a variable, e.g. echo $protocol.

A synonym for echo is print.
open [host[:port]] Opens the connection to the remote server. The user and password must already be set via the set command. If the remote host is not already set, it must be supplied here (and will override any previous setting for this connection attempt). The port number can also be optionally supplied (but the host must be provided). e.g. open edtmobile:21

Can also use connect.
binary Change the current transfer mode to binary mode. Binary is the default.

Can use bin as an abbreviation.
ascii Change the current transfer mode to ASCII mode. Binary is the default.

Can use asc as an abbreviation.
pwd Print the current remote working directory.
dir [remotedir] Perform a detailed listing of the current directory if no directory is supplied as an argument, or of the supplied remote directory.

See ls for a similar command. A synomyn of dir is ls -l.
ls [remotedir] Perform a simple listing (just filenames) of the current directory if no directory is supplied as an argument, or of the supplied remote directory. If ls -l is used, a detailed listing is supplied.

See dir for a similar command. A synomyn of ls -l is dir.
cd remotedir Change the current remote working directory to remotedir.
cdup Change the current remote working directory to its parent directory.
mkdir remotedir Create the remotedir directory.
rmdir remotedir Delete the remotedir directory. It must be empty.
get remotefile [localfile] Download a remotefile to the local host. The localfile parameter can be a filename or the full path of a local file. If it is a filename, the current local working directory is prepended.

Note that the localfile parameter is optional - if not supplied, the downloaded file is saved in the current local working directory with the name of remotefile.

The remotefile parameter can be a filename or a path. Not all servers support the use of a path - in this case navigate to the correct remote directory using cd.
put localfile [remotefile] Upload a local file to the remote host. The localfile parameter can be a filename or the full path of a local file. If it is a filename, the current local working directory is prepended.

The remotefile parameter should be a filename or a path. Not all servers support the use of a path - in this case navigate to the correct remote directory using cd.

If the remotefile parameter is not supplied, the local file name will be used.
append localfile [remotefile] Append the contents of a local file to a remote file (if it exists) on the remote host. The localfile parameter can be a filename or the full path of a local file. If it is a filename, the current local working directory is prepended.

The remotefile parameter should be a filename or a path. Not all servers support the use of a path - in this case navigate to the correct remote directory using cd.

If the remotefile parameter is not supplied, the local file name will be used.
rename remotefile1 remotefile2 Rename a remote file from remotefile1 to remotefile2. Note that both parameters should be filenames, not full paths.

Can use ren as an abbreviation.
delete remotefile Delete a remote file in the current remote working directory.

Can use del as an abbreviation.
mdelete wildcard Delete multiple remote files that match the wildcard in the current remote working directory.

Wildcards supported are '?' for a single matching character, and '*' for multiple matching characters. e.g. to delete all text files in the current remote directory, use mdel *.txt

Can use mdel as an abbreviation.
mput wildcard Upload multiple local files that match the wildcard in the current local working directory to the current remote working directory.

Wildcards supported are '?' for a single matching character, and '*' for multiple matching characters. e.g. to upload all text files from the current local working directory, use mput *.txt
mget wildcard Download multiple local files that match the wildcard in the current remote working directory to the current local working directory.

Wildcards supported are '?' for a single matching character, and '*' for multiple matching characters. e.g. to download all text files from the current remote working directory use mget *.txt
close Closes the connection to the remote server.

Can also use bye, quit, exit or disconnect.
quote command Sends the quoted command to the server and displays the response.
site parameters Sends a SITE command to the FTP server with the supplied parameters. These parameters can vary widely between FTP servers. This command is not applicable to SFTP servers.

For example site CHMOD 0600 /home/user/privatefile might be used to change the permissions of a file on an FTP server that supports this feature.
auth Change from unencrypted 'plain' FTP into secure FTP.

Supported options are ssl, tls, or tls-c. e.g. auth tls
protect Change the protection level of the data channel.

Supported options are clear (or c) to set data channels to unencrypted, and private (or p) to set data channels to encrypted. e.g. protect clear

Alternatively private has the same effect as protect private, and clear has the same effect as protect clear.

An abbreviation for protect is prot, which combined with the argument abbreviations means that to set the data channels to unencrypted could be done with prot c, and to set to encrypted could be done with prot p.
private Change the protection level of the data channel to private. Identical to protect private.
clear Change the protection level of the data channel to clear. Identical to protect clear.
ccc Clears the control channel, setting it back to plain unencrypted text. This can be useful when using firewalls, which need to be able to inspect the control channel to open data channel ports.

Once ccc has been called, no more protect commands can be used. This is a security measure inherent in the protocol.