jftp, jtool ftp

This is the platform agent non-interactive ftp tool; all options are specified directly on the command line. The jftp tool will return error code 1 when an error occurs. Note that native UNIX and Windows ftp run interactively and do not return error code 1 when something unexpected happens. jftp will also return a code that indicates the issue, for more information on return codes see the jftp return codes section of the documentation.

note

Regardless of which platform your FTP server runs on, you can always use UNIX path separators (/), it is part of the FTP standard. Also, when you use quotes, always use double quotes, they are more portable.

jftp adheres to the following RFC:

• RFC 959 - File Transfer Protocol.
• RFC 2228 - FTP Security Extensions.
• RFC 2246 - The TLS Protocol Version 1.0.
• RFC 4217 - Securing FTP with TLS.
• RFC 4346 - The TLS Protocol Version 1.1.
• RFC 5246 - The TLS Protocol Version 1.2.
• RFC 8446 - The TLS Protocol Version 1.3.

You do not have to hard-code the username and password or provide credentials in your process definitions, you can use a "secret" file instead. Since credentials cannot be exported, a "secret" file is also useful when you have multiple Redwood Server environments. You generate secret files with jsecret, using the -c option. Note that for FTP, the default port is 21. Another alternative is to use the FTP definition type that uses the RemoteRunAs field for the credentials of the FTP server.

Syntax

Usage: ftp  [-h|-?|-help] [-l <loglevel>] [-f <logfile>] [-j|-job-context] [<[-]command>...]

  Option           Default                Purpose
  ---------------- ---------------------- -----------------------------------
  -h|-?|-help                             Show this help and exit
  -l <loglevel>    ${JCS_LOGLEVEL:-info}  Set the logging level
  -f <logfile>     ${JCS_LOGFILE:-stderr} Log to file instead of stderr
  -j|-job-context                         Obtain environment from job-context
  <[-]command>...                         Command(s) passed to jftp

where command represents one of the following:

login   <options|login arguments>
get     <options> <login arguments> <outfile> <infile>
mget    <options> <login arguments> <pattern> <localdir>
put     <options> <login arguments> <infile> <outfile>
mput    <options> <login arguments> <pattern> <remotedir>
append  <options> <login arguments> <infile> <outfile>
list    <options> <login arguments> <directory>
nlst    <options> <login arguments> <directory>
delete  <options> <login arguments> <file>
mdelete <options> <login arguments> <pattern>
mkdir   <options> <login arguments> <directory>
rmdir   <options> <login arguments> <directory>
rename  <options> <login arguments> <from> <to>
quote   <options> <login arguments> <command>
include <options> <login arguments> <includefile>

  Option                                       Default    Purpose
  -------------------------------------------  ---------  -------------------------------------
  -ascii|-binary                               -ascii     Transfer mode
  -[no]crlf-to-lf                              -nocrlf-to-lf Convert content on this side from CRLF to LF
  -[no]lf-to-crlf                              -nolf-to-crlf Convert content on this side from LF to CRLF
  -[no]resume                                  -noresume  Resume file transfer
  -[no]delete                                  -nodelete  Delete source file after transfer
  -[no]pasv                                    -pasv      Use passive mode or active mode
  -[no]epsv                                    -epsv      Use extended passive mode
  -use_cwd                                                Use CWD instead of remote filepaths
  -port <port>                                 21         Port to use for FTP control connection
  -secretfile <file>                                      Use <file> for <login arguments> and <port>
  -[no]verbose                                 -verbose   Echo FTP server output or not
  -progress                                               Show progress in job description
  -protect                                                Use TLS/SSL secured connections
  -protectmode {explicit|implicit|implicitzos} explicit   Which FTP/S mode to use
  -datamode    {stream|block|deflate}          stream     FTP data mode
  -deflatelevel 1..9                           6          Compression level for datamode deflate
  -[no]persist                                 nopersist  Keep data connection in datamode block and deflate
  -[no]timestamp                               timestamp  Try to keep file timestamp (modified time) correct
  -[no]checksum                                nochecksum Check file integrity after transfer using SHA-256/MD5/CRC

<login arguments> := <host> <user> <password>
<host>            := Hostname of the FTP server
<user>            := Username to logon to the server
<password>        := Password to logon (if environment variable JFTP_PASSWORD is set this is optional)
<infile>          := file on this system
<outfile>         := file on remote system
<file>            := file on remote system
<directory>       := directory on remote system

Notes:
- <login arguments> can only be specified for the first command.
- <options> can be specified for all commands.
- You must use a numerical value if you set the port number using the -port option.
- Datamode block requires MODE B support on FTP server.
- Datamode deflate requires MODE Z support on FTP server.
- Checksum requires HASH SHA-256, XSHA256, XCRC, XMD5, CRC or MD5 support on FTP server.
- Timestamp requires MDTM and MFMT or MFF support on FTP server. Is ignored silently if server does not support it.
- To cater for buggy servers the default for persist is off.

Some general notes regarding the use of jftp:

• Command parsing:
  • All commands take a fixed number of arguments. For example when using put you MUST specify a local and a remote file.
  • The number of arguments is fixed so that the parser knows when the next command starts.
  • <login arguments> can only be specified for the first command. <options> can be specified for all commands. If you specify multiple commands it is probably easier to understand if you specify login as the first command.
  • <options> must be specified immediately after the command, except for the extra commandline arguments for the secure library which may appear anywhere on the commandline.
  • If you use list, mget or mput ensure that the wildcard definition gets to the FTP server. If you use jftp from a UNIX shell enclose the wildcard argument in double or single quotes.
  • You must use a numerical value if you set the port number using the -port option.
• Security
  • -protect and/or -protectmode can be used to enable encryption via the secure library. explicit means FTPTLS according to RFC4217. implicit is for FTP servers that use a different server port, usually 990, that do immediate SSL/TLS handshake on incoming connections. implicitzos is for z/OS FTP servers that use the SECUREIMPLICITZOS historic mode with the first message not encrypted.

TLS Arguments

The arguments require the -protect argument.

Argument	Environment Variable	Description
-tlsv1_3, -tls13	JCS_SSL_METHOD=tlsv1_3	Use TLS v1.3 secured connection.
-tlsv1_2, -tls12	JCS_SSL_METHOD=tlsv1_2	Use TLS v1.2 secured connection.
-tlsv1_1, -tls11	JCS_SSL_METHOD=tlsv1_1	Use TLS v1.1 or better secured connection.
-tlsv1, -tls	JCS_SSL_METHOD=tlsv1	Use TLS v1.0 or better secured connection (default).
-sslv3, -ssl	JCS_SSL_METHOD=sslv3	Use SSL v3 or better secured connection.
-cipherlist <text>	JCS_SSL_CIPHERLIST	Set list of available ciphers.
-passphrase <text>	JCS_SSL_PASSPHRASE	Set passphrase for private key.
-key <file>	JCS_SSL_KEYPATH	Set private key.
-cert <file>	JCS_SSL_CERTIFICATE_PATH	Set public certificate.
-ca <file_path>	JCS_SSL_TRUSTED_CERTIFICATE_FILE	Trusted CA certificates path or file.
-[no]verify	JCS_SSL_VERIFY_CERT	(Do not) verify peer (server or client) certificate.
-verify-names <namelist>	JCS_SSL_VERIFY_SERVER_NAMES, JCS_SSL_VERIFY_CLIENT_NAMES	Verify peer (server or client) certificate hostname against list.

Proxy Settings

The following environment variables are used to retrieve proxy server connection details:

• HTTP_PROXY - The URL to the proxy server, https://proxy.example.com:3128
• PROXY_USER - The user for the proxy server, ignored if HTTP_PROXY is not set
• PROXY_PASSWORD - The password for the proxy user, ignored if HTTP_PROXY is not set
• NO_PROXY - Enforce a direct connection

note

These environment variables override the settings in the connection file.

Examples

note

Since some examples may exceed the maximum width a new line has been added (illustrated with a \); all commands should be issued on the same line.

        jftp get -ascii myhostname myusername mypassword myremotefile mylocalfile

        jftp put -ascii myhostname myusername mypassword mylocalfile myremotefile

        jftp mput -binary myhostname myusername mypassword "*.txt" /my/remote/dir

        jftp mget -binary myhostname myusername mypassword "backup_*.dmp" mylocaldir

        jftp quote myhostname myusername mypassword "site filetype=jes"

        jftp quote myhostname myusername mypassword "site filetype=jes" put -ascii mylocalfile \
                 myremotefile get myremotefile mylocalfile.check

        jftp get -port 21 myhostname myusername mypassword sourcefile destinationfile

        jftp put -tls -key mykey.pem -binary host user password filein fileout

        jftp put -protect -tls -key mykey.pem -binary host user password filein fileout

        jftp put -secretfile ftp.sec filein fileout

        jftp put -secretfile ftp.sec -protect -tls -key mykey.pem -binary filein fileout

        jftp login -secretfile ftp.sec quote "CWD /var/log/samba" \
                 get "log.*" "C:/Documents and Settings/jdoe/My Documents\fileserver logs" \
                 put -binary "C:/Documents and Settings/jdoe/My Documents/results.xlsx" /opt/samba/share/Results

See Also

• Command Line System Tools
• Securing Communications for Platform Agents and System Tools