jftp, jtool ftp

jftp is a non-interactive FTP tool. All options must be specified on the command line.

jftp will return error code 1 if an error occurs. jftp will also return a code that indicates the issue. For more information, see jftp return codes.

Note: Regardless of which platform your FTP server runs on, you can always use UNIX path separators (/), because this is part of the FTP standard. If you use quotes, always use double quotes, because they are more portable.

jftp adheres to the following RFCs.

RFC 959: File Transfer Protocol.
RFC 2228: FTP Security Extensions.
RFC 5246: The TLS Protocol Version 1.2.
RFC 8446: The TLS Protocol Version 1.3.

You do not have to hard-code the username and password or provide credentials in your Process Definitions. Instead, you can use a "secret" file. Because credentials cannot be exported, a "secret" file is also useful when you have multiple RunMyJobs instances. You can generate secret files with jsecret, using the -c option. Note that for FTP, the default port is 21. And alternative is to use the FTP Definition Type that uses the Remote Run As field for the credentials of the FTP server.

Note: For installation instructions, see jtool.

Syntax

Copy

Usage: ftp  [-h|-?|-help] [-l <loglevel>] [-f <logfile>] [-j|-job-context] [<[-]command>...]

  Option           Default                Purpose
  ---------------- ---------------------- -----------------------------------
  -h|-?|-help                             Show this help and exit
  -l <loglevel>    ${JCS_LOGLEVEL:-info}  Set the logging level
  -f <logfile>     ${JCS_LOGFILE:-stderr} Log to file instead of stderr
  -j|-job-context                         Obtain environment from job-context
  <[-]command>...                         Command(s) passed to jftp

where command represents one of the following:

login   <options|login arguments>
get     <options> <login arguments> <outfile> <infile>
mget    <options> <login arguments> <pattern> <localdir>
put     <options> <login arguments> <infile> <outfile>
mput    <options> <login arguments> <pattern> <remotedir>
append  <options> <login arguments> <infile> <outfile>
list    <options> <login arguments> <directory>
nlst    <options> <login arguments> <directory>
delete  <options> <login arguments> <file>
mdelete <options> <login arguments> <pattern>
mkdir   <options> <login arguments> <directory>
rmdir   <options> <login arguments> <directory>
rename  <options> <login arguments> <from> <to>
quote   <options> <login arguments> <command>
include <options> <login arguments> <includefile>

  Option                                       Default    Purpose
  -------------------------------------------  ---------  -------------------------------------
  -ascii|-binary                               -ascii     Transfer mode
  -[no]crlf-to-lf                              -nocrlf-to-lf Convert content on this side from CRLF to LF
  -[no]lf-to-crlf                              -nolf-to-crlf Convert content on this side from LF to CRLF
  -[no]resume                                  -noresume  Resume file transfer
  -[no]delete                                  -nodelete  Delete source file after transfer
  -[no]pasv                                    -pasv      Use passive mode or active mode
  -[no]epsv                                    -epsv      Use extended passive mode
  -use_cwd                                                Use CWD instead of remote filepaths
  -port <port>                                 21         Port to use for FTP control connection
  -secretfile <file>                                      Use <file> for <login arguments> and <port>
  -[no]verbose                                 -verbose   Echo FTP server output or not
  -progress                                               Show progress in job description
  -protect                                                Use TLS/SSL secured connections
  -protectmode {explicit|implicit|implicitzos} explicit   Which FTP/S mode to use
  -datamode    {stream|block|deflate}          stream     FTP data mode
  -deflatelevel 1..9                           6          Compression level for datamode deflate
  -[no]persist                                 nopersist  Keep data connection in datamode block and deflate
  -[no]timestamp                               timestamp  Try to keep file timestamp (modified time) correct
  -[no]checksum                                nochecksum Check file integrity after transfer using SHA-256/MD5/CRC

<login arguments> := <host> <user> <password>
<host>            := Hostname of the FTP server
<user>            := Username to logon to the server
<password>        := Password to logon (if environment variable JFTP_PASSWORD is set this is optional)
<infile>          := file on this system
<outfile>         := file on remote system
<file>            := file on remote system
<directory>       := directory on remote system

Notes:
- <login arguments> can only be specified for the first command.
- <options> can be specified for all commands.
- You must use a numerical value if you set the port number using the -port option.
- Datamode block requires MODE B support on FTP server.
- Datamode deflate requires MODE Z support on FTP server.
- Checksum requires HASH SHA-256, XSHA256, XCRC, XMD5, CRC or MD5 support on FTP server.
- Timestamp requires MDTM and MFMT or MFF support on FTP server. Is ignored silently if server does not support it.
- To cater for buggy servers the default for persist is off.

Command Parsing

Some notes on command parsing:

All commands take a fixed number of arguments. For example, when using put, you must specify a local and a remote file.
The number of arguments is fixed, so that the parser knows when the next command starts.
<login arguments> can only be specified for the first command. <options> can be specified for all commands. If you specify multiple commands, it is probably easier to understand if you specify login as the first command.
<options> must be specified immediately after the command, except for the extra command-line arguments for the secure library (which may appear anywhere on the command line).
If you use list, mget, or mput, make sure the wildcard definition gets to the FTP server. If you use jftp from a UNIX shell, enclose the wildcard argument in double or single quotes.
You must use a numerical value if you set the port number using the -port option.

Security

You can use -protect and/or -protectmode to enable encryption via the secure library. explicit means FTPTLS according to RFC4217. implicit is for FTP servers that use a different server port, usually 990, to do immediate SSL/TLS handshake on incoming connections. implicitzos is for z/OS FTP servers that use the SECUREIMPLICITZOS historic mode with the first message not encrypted.

TLS Arguments

Note: All arguments require the -protect argument.

Argument	Environment Variable	Description
-tlsv1_3, -tls13	`JCS_SSL_METHOD=tlsv1_3`	Use TLS v1.3 secured connection.
-tlsv1_2, -tls12	`JCS_SSL_METHOD=tlsv1_2`	Use TLS v1.2 secured connection.
-cipherlist `<text>`	`JCS_SSL_CIPHERLIST`	Set list of available ciphers.
-passphrase `<text>`	`JCS_SSL_PASSPHRASE`	Set passphrase for private key.
-key `<file>`	`JCS_SSL_KEYPATH`	Set private key.
-cert `<file>`	`JCS_SSL_CERTIFICATE_PATH`	Set public certificate.
-ca `<file\|path>`	`JCS_SSL_TRUSTED_CERTIFICATE_FILE`	Trusted CA certificates path or file.
-[no]verify	`JCS_SSL_VERIFY_CERT`	(Do not) verify peer (server or client) certificate.
-verify-names `<namelist>`	`JCS_SSL_VERIFY_SERVER_NAMES`, `JCS_SSL_VERIFY_CLIENT_NAMES`	Verify peer (server or client) certificate hostname against list.

Proxy Setting Environment Variables

The following environment variables are used to retrieve proxy server connection details.

HTTP_PROXY: The URL of the proxy server. For example: https://proxy.example.com:3128.
PROXY_USER: The user for the proxy server. This value is ignored if HTTP_PROXY is not set.
PROXY_PASSWORD: The password for the proxy user. This value is ignored if HTTP_PROXY is not set.
NO_PROXY: Enforces a direct connection.

These environment variables override the settings in the connection file for all tools that connect to the central Redwood server.

Examples

Note: Because some of these examples may exceed the maximum width of this page, a new line has been added (illustrated with a \). In practice, all commands should be issued on the same line.

Copy

        jftp get -ascii myhostname myusername mypassword myremotefile mylocalfile
        jftp put -ascii myhostname myusername mypassword mylocalfile myremotefile
        jftp mput -binary myhostname myusername mypassword "*.txt" /my/remote/dir
        jftp mget -binary myhostname myusername mypassword "backup_*.dmp" mylocaldir
        jftp quote myhostname myusername mypassword "site filetype=jes"
        jftp quote myhostname myusername mypassword "site filetype=jes" put -ascii mylocalfile \
                 myremotefile get myremotefile mylocalfile.check
        jftp get -port 21 myhostname myusername mypassword sourcefile destinationfile
        jftp put -tls13 -key mykey.pem -binary host user password filein fileout
        jftp put -protect -tls13 -key mykey.pem -binary host user password filein fileout
        jftp put -secretfile ftp.sec filein fileout
        jftp put -secretfile ftp.sec -protect -tls13 -key mykey.pem -binary filein fileout
        jftp login -secretfile ftp.sec quote "CWD /var/log/samba" \
                 get "log.*" "C:/Documents and Settings/jdoe/My Documents\fileserver logs" \
                 put -binary "C:/Documents and Settings/jdoe/My Documents/results.xlsx" /opt/samba/share/Results