Command-line Options

Advertisement

Parameters

Parameters for winscp.exe executable:

winscp.exe site|workspace|folder
winscp.exe <session_url>[/path/[file]]
winscp.exe [mysession] [/sessionname=<name>]
winscp.exe [mysession] [/newinstance]
winscp.exe [mysession] /edit <path>
winscp.exe [mysession] /browse[=<file>]
winscp.exe [mysession] /synchronize [local_directory] [remote_directory] [/defaults[=secs]]
winscp.exe [mysession] /keepuptodate [local_directory] [remote_directory] [/defaults[=secs]]
winscp.exe [mysession] /refresh [path]
winscp.exe [mysession] /upload file1 file2 file3 ... [/defaults[=secs]]
winscp.exe [mysession] [/privatekey=<file> [/passphrase=<passphrase>]]
winscp.exe [mysession] [/hostkey=<fingerprint>]
winscp.exe [mysession] [/username=<user>] [/password=<pass>]
winscp.exe [mysession] [/passwordsfromfiles]
winscp.exe [mysession] [/clientcert=<file> [/passphrase=<passphrase>]]
winscp.exe [mysession] [/certificate=<fingerprint>]
winscp.exe [mysession] [/passive[=on|off]] [/implicit|explicit]
winscp.exe [mysession] [/timeout=<sec>]
winscp.exe [mysession] [/rawsettings setting1=value1 setting2=value2 ...]
winscp.exe [/console] [/script=<script_file>] [/command command1 command2 ...]
           [/parameter // param1 ...]
winscp.exe [/log=<logfile>  [/loglevel=<level>] [/logsize=[<count>*]<size>]]
           [/xmllog=<logfile> [/xmlgroups]]
winscp.exe [/ini=<inifile>]
winscp.exe [/rawconfig config1=value1 config2=value2 ...]
winscp.exe [/rawtransfersettings setting1=value1 setting2=value2 ...]
winscp.exe /batchsettings <site_mask> setting1=value1 setting2=value2 ...
winscp.exe /keygen keyfile [/output=<file>] [/changepassphrase]
winscp.exe /keygen keyfile [/comment=<text>] [/certificate=<file>]
winscp.exe /update
winscp.exe /info
winscp.exe /help

Advertisement

Parameters for winscp.com executable:

winscp.com [/script=script_file] [/command command1 command2 ...]
           [/parameter // param1 ...]
winscp.com [/stdout[=binary|chunked]] [/stdin]
winscp.com [/log=<logfile> [/loglevel=<level>] [/logsize=[<count>*]<size>]]
           [/xmllog=<logfile> [/xmlgroups]] [/nointeractiveinput]
winscp.com [/ini=<inifile>]
winscp.com [/rawconfig config1=value1 config2=value2 ...]
winscp.com /batchsettings <site_mask> setting1=value1 setting2=value2 ...
winscp.com /keygen keyfile [/output=<file>] [/changepassphrase]
winscp.com /keygen keyfile [/comment=<text>] [/certificate=<file>]
winscp.com /info
winscp.com /help

Session

The first syntax opens the site. To open site, stored in folder, use path syntax “folder/site”. You can also open workspace or all sites in site folder.

The second creates the session specified by session URL and optionally by initial remote path. If the remote path is not ended by slash (/), it is treated as path to file (or even directory) that should be downloaded.

The parameter /sessionname specifies a custom name of the session to be used instead of the automatically generated name in a format username@hostname or to override the name of the saved site.

If there’s already an idle WinSCP instance running, the session(s) opens in the existing instance. To force the session to open in a new instance of WinSCP, use /newinstance parameter. If no session is specified on command-line, Login dialog opens to select one.

The parameter /privatekey specifies a local path to an SSH private key file. If the key file is encrypted, use the /passphrase to specify its passphrase. The passphrase can be read from a file.

The parameter /hostkey specifies the fingerprint of the expected SSH host key (or several alternative fingerprints separated by a semicolon). It makes WinSCP automatically accept the host key with the fingerprint.

You can use the parameters /username and /password as an alternative way to specify the credentials. The credentials are normally part of the session URL. Using these switches has the advantage of not needing to URL-encode special characters. The password can be read from a file.

With parameter /passwordsfromfiles, the values of /password, /passphrase and in general all passwords from all sources are interpreted as paths to files, where the actual passwords are read from. The files must use UTF-8 or UTF-16 encoding.1

The parameter /clientcert specifies a local path to FTPS or WebDAVS TLS/SSL client certificate. If the certificate is encrypted, use the /passphrase to specify its passphrase.

When a FTPS or WebDAVS server TLS/SSL certificate is not trusted (typically a self-signed certificate), use the parameter /certificate to specify the fingerprint of the untrusted certificate. It makes WinSCP trust the certificate. Several alternative fingerprints can be separated by a semicolon.

The parameter /passive enables a passive (=on) or an active (=off) transfer mode (FTP protocol only).

Advertisement

The parameters /implicit, and /explicit enable respective method of invoking FTPS.

The parameter /timeout specifies server response timeout.

The parameter /rawsettings allows configuring any site settings using raw format as in an INI file. E.g. to enable an SSH compression and an agent forwarding, use /rawsettings Compression=1 AgentFwd=1. The parameter must come after the session URL (if any).

When using scripting, use the open command (and its switches) instead.

Examples:

winscp.exe "My site"
winscp.exe sftp://martin:password@example.com/ /hostkey="ssh-rsa 2048 xxxxxxxxxxx..."
winscp.exe scp://test@example.com:2222/ /privatekey=mykey.ppk
winscp.exe ftps://martin:password@example.com/

Logging

With /log parameter you may turn on session logging to file specified by local path. In the path you can use the same patterns as in the logging preferences.

Use parameter /loglevel to change logging level. The value can be in range -12 (for Reduced, Normal, Debug 1 and Debug 2 logging levels respectively). Append additional * to enable password logging (e.g. /loglevel=2*).2

Use parameter /logsize to configure log file size limit and log file rotation. Specify maximum size in bytes, optionally with K, M or G units. Optionally you can limit number of archived log files using count* prefix. For example /logsize=5*10M will limit log file size to 10 MB and will allow up to 5 archived logs.

winscp.exe sftp://martin@example.com/ /log="C:\winscp.log" /loglevel=0

With /xmllog parameter you may turn on XML logging to file specified by local path.3 In the path you can use the same patterns as in the logging preferences.

Use parameter /xmlgroups along with /xmllog, to group all XML log elements belonging to the same command under parent group element.

Console/scripting mode

Parameter /console executes WinSCP in console (scripting) mode. Note that when using winscp.com, the console mode is implicit, so using /console parameter is redundant.

To run batch script either pass script file using /script parameter or specify the commands directly on command line using /command. In the latter case each following parameter is treated as single command. See syntax section and examples below for details how to deal with spaces and double-quotes.

If both /script and /command parameters are used, commands from script file are executed first. When the last command is not exit, regular non-batch mode follows.

Use parameter /parameter to specify list of arguments to be passed to script. It is recommended to escape the arguments with // switch.

With winscp.exe, if /console parameter is not used along with /script or /command, the script/command is executed without visual feedback (window).

Advertisement

Use the parameter /stdout to enable streaming files to the standard output of winscp.com. When the parameter is used, the get command will stream the downloaded file(s) to the standard output, when - is used as a download target. By default (or with the binary flag), the files are streamed unmodified. With the chunked flag, the files are individually encoded using Chunked transfer encoding, what allows separating contents of multiple streamed files. When the parameter is used, all console output that would normally be printed to the standard output is redirected to the error output. Streaming is supported with the SFTP and FTP protocols only.

Use the parameter /stdin to enable streaming files from the standard input of winscp.com. When the parameter is used, the put command will stream the standard input to the remote server, when - is used as an upload source. Implies /nointeractiveinput. Streaming is supported with the SFTP and FTP protocols only.

Use parameter /nointeractiveinput, when feeding commands to winscp.com using standard input, to make sure prompts for anything other than commands (such as password prompts) are cancelled. Also prevents error message popping up when fatal error occurs while starting WinSCP. When combined with /xmllog the fatal error is recorded in the XML log.

Examples:

winscp.com /script="C:\Users\martin\Documents\myscript.txt"
winscp.com /command "open sftp://martin@example.com/ -hostkey=""ssh-rsa 2048 xxxx...""" "exit"
winscp.exe /console /script="myscript.txt" /log="myscript.log"

You can have WinSCP generate a scripting command-line for you.

Operations

The following parameters can be used to create a shortcut that initiates operation in GUI mode. They are not intended for automation, for that see scripting.

Use /edit to open a remote file in WinSCP internal editor.

Use /browse to select the specified file in (both) file panel(s). The switch can also be used together with a file URL for the same effect, overriding the default download action.

With /synchronize or /keepuptodate parameter WinSCP performs Synchronize or Keep remote directory up to date commands respectively on the specified session and directories. A dialog to set options is displayed first.

With /upload parameter WinSCP uploads specified files to initial remote directory of session.4 A dialog to set options is displayed first.

Use /defaults parameter along with /upload, /synchronize or /keepuptodate to skip the settings dialog and start the operation straight away with default settings. Alternatively you can specify a number of seconds, to actually show the settings dialogs, but have them automatically submit after the specified time elapses.

Use the /refresh parameter to reload remote panel of all running instances of WinSCP. If a session is specified on command-line, only instances that have that session as active are refreshed. If a path is specified after the /refresh, only that directory is refreshed.

It is recommended to escape the arguments with // switch.

Example:

winscp.exe /defaults /synchronize // "C:\Users\martin\Documents\MySite" /home/martin/public_html

Advertisement

Configuration

With /ini parameter you may specify local path to configuration INI file. It effectively disables using registry as configuration storage. If the file does not exist, default configuration will be used and the file will be created.

winscp.exe /ini="C:\Users\martin\Documents\myconfig.ini"

Use nul instead of path to force WinSCP start with its default configuration and not save the configuration on exit.

With /rawconfig parameter you can set any configuration settings using raw format as in an INI file. E.g. to configure an external IP address use /rawconfig Interface\ExternalIpAddress=198.51.100.10. The parameter must come after a session URL (if any). The configuration set this way is preserved.

With /rawtransfersettings you can set any transfer settings using raw format as in an INI file. E.g. to enable preserving of directory timestamps, use /rawtransfersettings PreserveTimeDirs=1. The configuration set this way is preserved. In scripting, it is better to use -rawtransfersettings switch of individual scripting commands, like get, put, etc.

Mass-modification of sites

Use /batchsettings to mass-modify stored sites. The first argument is a mask to select sites to modify. Use a syntax of basic file masks. You can also use path mask to select sites based on their folders. The other arguments define new values for site settings. Use the same syntax as for /rawsettings.

For example to configure a proxy for all sites in a “clients” folder, use:

winscp.exe /batchsettings clients/* ProxyMethod=3 ProxyHost=proxy

Private key conversion and modification

Use the /keygen switch to convert private keys from other formats to a PuTTY .ppk format or to change their passphrase or comment or to add a certificate. You can combine a conversion and key changes into one command.

A parameter after the /keygen switch specifies a path to an input private key file. The input key can be in OpenSSH or ssh.com format (when converting the key to the PuTTY format) or in the PuTTY format (when modifying the key).

When converting the key from other format, you need to specify an output key path using the /output switch. When modifying a PuTTY key, the existing file is overwritten, if /output is not specified.

Use /changepassphrase switch to change the key passphrase.

Use /comment switch to change the key comment.

Use /certificate switch to add an certificate to the key.

For example, to convert key mykey.pem from OpenSSH format to mykey.ppk in PuTTY format and set its comment:

winscp.com /keygen mykey.pem /output=mykey.ppk /comment="Converted from OpenSSH format"

Advertisement

To change the passphrase of existing mykey.ppk:

winscp.com /keygen mykey.ppk /changepassphrase

For a compatibility with *nix puttygen, the -o, -P, -C, --old-passphrase and --certificate switches are understood as aliases to /output, /changepassphrase, /comment, /passphrase and /certificate respectively. The --new-passphrase is recognized too. So, for features supported by WinSCP, you can use the same arguments as for puttygen, just prefixed with /keygen:

winscp.com /keygen mykey.pem -o mykey.ppk -C "Converted from OpenSSH format"

Auxiliary

When run with /update parameter, WinSCP only checks for its updates.

The parameter /info lists the supported SSH and TLS/SSL algorithms.

Parameter /help shows usage (overview similar to this).

Syntax

Command-line parameters that include space(s) must be surrounded by double-quotes:

winscp.exe /ini="C:\Users\martin\Documents\myconfig.ini"

To use the double-quote as a literal, use two double-quotes sequentially. For example, the /command expects that each script command is surrounded by double quotes, so that it is passed as a single command-line argument. In addition, any script command argument that includes spaces is expected to be surrounded by double-quotes within the command (see doubling double-quotes):

winscp.com /command "open sftp://... -hostkey=""ssh-rsa ...""" "put ""C:\my file.dat"""
                    <-           Script command 1           -> <-  Script command 2  ->

When executing such command from PowerShell, you additionally have to escape the doubled inner double-quotes with ` (backtick) to prevent PowerShell from interpreting them on its own:5

winscp.com /command "open sftp://... -hostkey=`"`"ssh-rsa ...`"`"" "put `"`"C:\my file.dat`"`""
                    <-             Script command 1             -> <-    Script command 2    ->

To debug the quoting, enable session logging on level Debug 1 (/loglevel=1). The log will show how WinSCP understands your command-line.

An argument that begins with a slash is considered a switch. To pass a parameter that itself starts with the slash in its syntax (i.e. a remote path like /root), use the special switch // (two slashes) before the argument. The switch // denotes that all following arguments are not switches. Example:

winscp.exe /synchronize // "C:\Users\martin\Documents\MySite" /root

Advertisement

Executables

Learn about two WinSCP executables, winscp.exe and winscp.com.

Hint

If you are going to run WinSCP from command-line often, you may wish to add WinSCP installation directory to search path.

Running from Bash

When running WinSCP from a shell, where /switch is interpreted as a path, such as Git Bash, use a dash (-) instead of the slash (/) for switches. For example:

./WinSCP.com -script="myscript.txt" -log="myscript.log"
  1. With UTF-8 encoding use of BOM is optional. With UTF-16 the BOM is mandatory. Only the first line of the file is considered. Use of more lines is reserved for the future.Back
  2. Append *- to disable password logging.Back
  3. For backward compatibility, XML logging can also be enabled using /log parameter with filename ending with .xml extension.Back
  4. Parameter is primarily intended to allow Windows File Explorer’s ‘Send To’ menu integration.Back
  5. Alternative way is using single quotes instead of outer double quotes.Back

Last modified: by martin