Sftp Sync Folder

Posted onby
  1. Vscode Sftp Sync Folder
  2. Sftp Sync Folder Free
  3. Sftp Server Software
  4. Sftp Folder Sync Windows
  5. Synchronize Ftp Folder


SFTP is the Secure (or SSH) File TransferProtocol.

The SFTP backend can be used with a number of different providers:

Total Commander has built-in functionality for FTP and synchronization. Just download and install it, connect to the FTP folder in the left pane, open local folder on the right, and choose Commands - Synchronize Dirs. Private Key (optional) for SFTP; Setting an FTP or SFTP as a Source or Destination. 1) Open GoodSync and select or create your Job. 2) Click the Left or Right Browse buttons to view the files and folders available for selection. 3) Select FTP or SFTP from the list of supported services. How to Synchronize with FileZilla and Windows. 1.Connect to your FTP with FileZilla. Click the “Quick Connect” button to log in to the remote server. Wait a few seconds while FileZilla negotiates login credentials and establishes a. Scroll down to the folder you want to synchronize with. FreeFileSync supports synchronization with SFTP and FTP natively. Just enter your login information into the dialog shown for cloud folder selection: Note. In case the (S)FTP server sets file modification times to the current time you can do a Compare by File Size as a workaround. Right-click on the folder and select the option SFTP/FTP → Map to Remote. A new file called “sftp-config.json” will pop up in your Sublime Text window. In here, configure, information about your server, including the server directory on which your site is hosted and information about your login and password. These are the main fields I usually change from the default (from top to bottom of the file).

  • C14
  • rsync.net

SFTP runs over SSH v2 and is installed as standard with most modernSSH installations.

Paths are specified as remote:path. If the path does not begin witha / it is relative to the home directory of the user. An empty pathremote: refers to the user's home directory.

'Note that some SFTP servers will need the leading / - Synology is agood example of this. rsync.net, on the other hand, requires users toOMIT the leading /.

Here is an example of making an SFTP configuration. First run

This will guide you through an interactive setup process.

This remote is called remote and can now be used like this:

See all directories in the home directory

Make a new directory

List the contents of a directory

Sync /home/local/directory to the remote directory, deleting anyexcess files in the directory.

Vscode Sftp Sync Folder

SSH Authentication

The SFTP remote supports three authentication methods:

  • Password
  • Key file, including certificate signed keys
  • ssh-agent

Key files should be PEM-encoded private key files. For instance /home/$USER/.ssh/id_rsa.Only unencrypted OpenSSH or PEM encrypted files are supported.

The key file can be specified in either an external file (key_file) or contained within therclone config file (key_pem). If using key_pem in the config file, the entry should be on asingle line with new line ('n' or 'rn') separating lines. i.e.

key_pem = -----BEGIN RSA PRIVATE KEY-----nMaMbaIXtEn0gAMbMbaSsdnMbaassn-----END RSA PRIVATE KEY-----

This will generate it correctly for key_pem for use in the config:

If you don't specify pass, key_file, or key_pem then rclone will attempt to contact an ssh-agent.

You can also specify key_use_agent to force the usage of an ssh-agent. In this casekey_file or key_pem can also be specified to force the usage of a specific key in the ssh-agent.

Using an ssh-agent is the only way to load encrypted OpenSSH keys at the moment.

If you set the --sftp-ask-password option, rclone will prompt for apassword when needed and no password has been configured.

If you have a certificate then you can provide the path to the public key that contains the certificate. For example:

If you concatenate a cert with a private key then you can specify themerged file in both places.

Note: the cert must come first in the file. e.g.

Host key validation

By default rclone will not check the server's host key for validation. Thiscan allow an attacker to replace a server with their own and if you usepassword authentication then this can lead to that password being exposed.

Host key matching, using standard known_hosts files can be turned on byenabling the known_hosts_file option. This can point to the file maintainedby OpenSSH or can point to a unique file.


There are some limitations:

  • rclone will not manage this file for you. If the key is missing orwrong then the connection will be refused.
  • If the server is set up for a certificate host key then the entry inthe known_hosts file must be the @cert-authority entry for the CA
  • Unlike OpenSSH, the libraries used by rclone do not permit (at timeof writing) multiple host keys to be listed for a server. Only the firstentry is used.

If the host key provided by the server does not match the one in thefile (or is missing) then the connection will be aborted and an errorreturned such as



If you see an error such as

Ftp vs sftp

then it is likely the server has presented a CA signed host certificateand you will need to add the appropriate @cert-authority entry.

The known_hosts_file setting can be set during rclone config as anadvanced option.

ssh-agent on macOS

Note that there seem to be various problems with using an ssh-agent onmacOS due to recent changes in the OS. The most effective work-aroundseems to be to start an ssh-agent in each session, e.g.

And then at the end of the session

These commands can be used in scripts of course.

Modified time

Modified times are stored on the server to 1 second precision.

Modified times are used in syncing and are fully supported.

Some SFTP servers disable setting/modifying the file modification time afterupload (for example, certain configurations of ProFTPd with mod_sftp). If youare using one of these servers, you can set the option set_modtime = false inyour RClone backend configuration to disable this behaviour.

Standard Options

Here are the standard options specific to sftp (SSH/SFTP Connection).


SSH host to connect to

  • Config: host
  • Type: string
  • Default: '
  • Examples:
    • 'example.com'
      • Connect to example.com


SSH username, leave blank for current username, $USER

  • Config: user
  • Type: string
  • Default: '


SSH port, leave blank to use default (22)

  • Config: port
  • Type: string
  • Default: '


SSH password, leave blank to use ssh-agent.

NB Input to this must be obscured - see rclone obscure.

  • Config: pass
  • Type: string
  • Default: '


Raw PEM-encoded private key, If specified, will override key_file parameter.

  • Config: key_pem
  • Type: string
  • Default: '


Path to PEM-encoded private key file, leave blank or set key-use-agent to use ssh-agent.

Leading ~ will be expanded in the file name as will environment variables such as ${RCLONE_CONFIG_DIR}.

  • Config: key_file
  • Type: string
  • Default: '


The passphrase to decrypt the PEM-encoded private key file.

Only PEM encrypted key files (old OpenSSH format) are supported. Encrypted keysin the new OpenSSH format can't be used.

NB Input to this must be obscured - see rclone obscure.

  • Config: key_file_pass
  • Type: string
  • Default: '


Optional path to public key file.

Set this if you have a signed certificate you want to use for authentication.

Leading ~ will be expanded in the file name as will environment variables such as ${RCLONE_CONFIG_DIR}.

  • Config: pubkey_file
  • Type: string
  • Default: '


When set forces the usage of the ssh-agent.

When key-file is also set, the '.pub' file of the specified key-file is read and only the associated key isrequested from the ssh-agent. This allows to avoid Too many authentication failures for *username* errorswhen the ssh-agent contains many keys.

  • Config: key_use_agent
  • Type: bool
  • Default: false


Enable the use of insecure ciphers and key exchange methods.

This enables the use of the following insecure ciphers and key exchange methods:

  • aes128-cbc
  • aes192-cbc
  • aes256-cbc
  • 3des-cbc
  • diffie-hellman-group-exchange-sha256
  • diffie-hellman-group-exchange-sha1

Those algorithms are insecure and may allow plaintext data to be recovered by an attacker.

  • Config: use_insecure_cipher
  • Type: bool
  • Default: false
  • Examples:
    • 'false'
      • Use default Cipher list.
    • 'true'
      • Enables the use of the aes128-cbc cipher and diffie-hellman-group-exchange-sha256, diffie-hellman-group-exchange-sha1 key exchange.


Disable the execution of SSH commands to determine if remote file hashing is available.Leave blank or set to false to enable hashing (recommended), set to true to disable hashing.

  • Config: disable_hashcheck
  • Type: bool
  • Default: false

Advanced Options

Here are the advanced options specific to sftp (SSH/SFTP Connection).


Optional path to known_hosts file.

Set this value to enable server host key validation.

Leading ~ will be expanded in the file name as will environment variables such as ${RCLONE_CONFIG_DIR}.

  • Config: known_hosts_file
  • Type: string
  • Default: '
  • Examples:
    • '~/.ssh/known_hosts'
      • Use OpenSSH's known_hosts file


Allow asking for SFTP password when needed.

If this is set and no password is supplied then rclone will:

  • ask for a password

  • not contact the ssh agent

  • Config: ask_password


  • Type: bool

  • Default: false


Override path used by SSH connection.

This allows checksum calculation when SFTP and SSH paths aredifferent. This issue affects among others Synology NAS boxes.

Shared folders can be found in directories representing volumes


Home directory can be found in a shared folder called 'home'

  • Config: path_override
  • Type: string
  • Default: '


Set the modified time on the remote if set.

  • Config: set_modtime
  • Type: bool
  • Default: true


The command used to read md5 hashes. Leave blank for autodetect.

  • Config: md5sum_command
  • Type: string
  • Default: '


The command used to read sha1 hashes. Leave blank for autodetect.

  • Config: sha1sum_command
  • Type: string
  • Default: '


Set to skip any symlinks and any other non regular files.

  • Config: skip_links
  • Type: bool
  • Default: false


Specifies the SSH2 subsystem on the remote host.

  • Config: subsystem
  • Type: string
  • Default: 'sftp'


Specifies the path or command to run a sftp server on the remote host.

The subsystem option is ignored when server_command is defined.

  • Config: server_command
  • Type: string
  • Default: '


If set use fstat instead of stat

Some servers limit the amount of open files and calling Stat after openingthe file will throw an error from the server. Setting this flag will callFstat instead of Stat which is called on an already open file handle.

It has been found that this helps with IBM Sterling SFTP servers which have'extractability' level set to 1 which means only 1 file can be opened atany given time.

  • Config: use_fstat
  • Type: bool
  • Default: false


If set don't use concurrent reads

Normally concurrent reads are safe to use and not using them willdegrade performance, so this option is disabled by default.

Some servers limit the amount number of times a file can bedownloaded. Using concurrent reads can trigger this limit, so if youhave a server which returns

Then you may need to enable this flag.

If concurrent reads are disabled, the use_fstat option is ignored.

  • Config: disable_concurrent_reads
  • Type: bool
  • Default: false


Max time before closing idle connections

If no connections have been returned to the connection pool in the timegiven, rclone will empty the connection pool.

Set to 0 to keep connections indefinitely.

  • Config: idle_timeout
  • Type: Duration
  • Default: 1m0s


SFTP supports checksums if the same login has shell access and md5sumor sha1sum as well as echo are in the remote's PATH.This remote checksumming (file hashing) is recommended and enabled by default.Disabling the checksumming may be required if you are connecting to SFTP serverswhich are not under your control, and to which the execution of remote commandsis prohibited. Set the configuration option disable_hashcheck to true todisable checksumming.

SFTP also supports about if the same login has shellaccess and df are in the remote's PATH. about willreturn the total space, free space, and used space on the remotefor the disk of the specified path on the remote or, if not set,the disk of the root on the remote.about will fail if it does not have shellaccess or if df is not in the remote's PATH.

Note that some SFTP servers (e.g. Synology) the paths are different forSSH and SFTP so the hashes can't be calculated properly. For themusing disable_hashcheck is a good idea.

The only ssh agent supported under Windows is Putty's pageant.

The Go SSH library disables the use of the aes128-cbc cipher bydefault, due to security concerns. This can be re-enabled on aper-connection basis by setting the use_insecure_cipher setting inthe configuration file to true. Further details on the insecurity ofthis cipher can be foundin this paper.

SFTP isn't supported under plan9 until thisissue is fixed.

Sftp Sync Folder Free

Note that since SFTP isn't HTTP based the following flags don't workwith it: --dump-headers, --dump-bodies, --dump-auth

Note that --timeout isn't supported (but --contimeout is).


Sftp Server Software

C14 is supported through the SFTP backend.

See C14's documentation


Sftp Folder Sync Windows

rsync.net is supported through the SFTP backend.

Synchronize Ftp Folder

See rsync.net's documentation of rclone examples.