Command-line
RSync#
The options of the com.github.fracpete.rsync4j.RSync tool are modeled after
the rsync executable itself. Here is the help screen:
usage: com.github.fracpete.rsync4j.RSync
[-h] [--output-commandline] [--maxtime MAXTIME] [-v]
[--info INFO] [--debug DEBUG] [--msgs2stderr] [-q] [--no-motd] [-c]
[-a] [-r] [-R] [--no-implied-dirs] [-b] [--backup-dir BACKUPDIR]
[--suffix SUFFIX] [-u] [--inplace] [--append] [--append-verify] [-d]
[-l] [-L] [--copy-unsafe-links] [--safe-links] [--munge-links] [-k]
[-K] [-H] [-p] [-E] [--chmod CHMOD] [-X] [-o] [-g] [--devices]
[--specials] [-t] [-O] [-J] [--super] [--fake-super] [-S]
[--preallocate] [-n] [-W] [-x] [-B BLOCKSIZE] [-e RSH]
[--rsync-path RSYNCPATH] [--existing] [--ignore-existing]
[--remove-source-files] [--delete] [--delete-before]
[--delete-during] [--delete-delay] [--delete-after]
[--delete-excluded] [--ignore-missing-args] [--delete-missing-args]
[--ignore-errors] [--force] [--max-delete MAXDELETE]
[--max-size MAXSIZE] [--min-size MINSIZE] [--partial]
[--partial-dir PARTIALDIR] [--delay-updates] [-m] [--numeric-ids]
[--usermap USERMAP] [--groupmap GROUPMAP] [--chown CHOWN]
[--timeout TIMEOUT] [--contimeout CONTIMEOUT] [-I] [-M REMOTEOPTION]
[--size-only] [--modify-window MODIFYWINDOW] [-T TEMPDIR] [-y]
[--compare-dest COMPAREDEST] [--copy-dest COPYDEST]
[--link-dest LINKDEST] [-z] [--compress-level COMPRESSLEVEL]
[--skip-compress SKIPCOMPRESS] [-C] [-f FILTER] [--exclude EXCLUDE]
[--exclude-from EXCLUDEFROM] [--include INCLUDE]
[--include-from INCLUDEFROM] [--files-from FILESFROM] [-0] [-s]
[--address ADDRESS] [--port PORT] [--sockopts SOCKOPTS]
[--blocking-io] [--stats] [-8] [--human-readable] [--progress] [-i]
[--out-format OUTFORMAT] [--log-file LOGFILE]
[--log-file-format LOGFILEFORMAT] [--password-file PASSWORDFILE]
[--list-only] [--bwlimit BWLIMIT] [--outbuf OUTBUF]
[--write-batch WRITEBATCH] [--only-write-batch ONLYWRITEBATCH]
[--read-batch READBATCH] [--protocol PROTOCOL] [--iconv ICONV]
[--checkum-seed CHECKSUMSEED] [-4] [-6] [--version]
[--checksum-choice CHECKSUMCHOICE] [-U] [--open-noatime]
[--write-devices] [--copy-as COPYAS] [--early-input EARLYINPUT]
[--max-alloc MAXALLOC] [--mkpath] [-N] [--stop-at STOPAT]
[--stop-after STOPAFTER] [--copy-devices] [--fsync] [--trust-sender]
[--additional ADDITIONAL]
[source(s)/destination [source(s)/destination ...]]
A fast, versatile, remote (and local) file-copying tool.
See man page:
https://linux.die.net/man/1/rsync
positional arguments:
source(s)/destination Multiple local/remote paths (path or [user@]host:
path), with the last one being the target and the
others the source(s).
named arguments:
-h, --help show this help message and exit
--output-commandline output the command-line generated for the wrapped
binary
--maxtime MAXTIME set the maximum time for the process to run in
seconds before getting killed
-v, --verbose increase verbosity
--info INFO fine-grained informational verbosity
--debug DEBUG fine-grained debug verbosity
--msgs2stderr special output handling for debugging
-q, --quiet suppress non-error messages
--no-motd suppress daemon-mode MOTD
-c, --checksum skip based on checksum, not mod-time & size
-a, --archive archive mode; equals -rlptgoD (no -H,-A,-X)
-r, --recursive recurse into directories
-R, --relative use relative path names
--no-implied-dirs use relative path names
-b, --backup make backups (see --suffix & --backup-dir)
--backup-dir BACKUPDIR
make backups into hierarchy based in DIR
--suffix SUFFIX set backup suffix (default ~ w/o --backup-dir)
-u, --update skip files that are newer on the receiver
--inplace update destination files in-place
--append append data onto shorter files
--append-verify like --append, but with old data in file checksum
-d, --dirs transfer directories without recursing
-l, --links copy symlinks as symlinks
-L, --copy-links transform symlink into referent file/dir
--copy-unsafe-links only "unsafe" symlinks are transformed
--safe-links ignore symlinks that point outside the source tree
--munge-links munge symlinks to make them safer (but unusable)
-k, --copy-dirlinks transform symlink to a dir into referent dir
-K, --keep-dirlinks treat symlinked dir on receiver as dir
-H, --hard-links preserve hard links
-p, --perms preserve permissions
-E, --executability preserve the file's executability
--chmod CHMOD affect file and/or directory permissions
-X, --xattrs preserve extended attributes
-o, --owner preserve owner (super-user only)
-g, --group preserve group
--devices preserve device files (super-user only)
--specials preserve special files
-t, --times preserve modification times
-O, --omit-dir-times omit directories from --times
-J, --omit-link-times omit symlinks from --times
--super receiver attempts super-user activities
--fake-super store/recover privileged attrs using xattrs
-S, --sparse handle sparse files efficiently
--preallocate allocate dest files before writing them
-n, --dry-run perform a trial run with no changes made
-W, --whole-file copy files whole (without delta-xfer algorithm)
-x, --one-file-system don't cross filesystem boundaries
-B BLOCKSIZE, --block-size BLOCKSIZE
force a fixed checksum block-size
-e RSH, --rsh RSH specify the remote shell to use.
On Windows, use 'ssh' to use built-in ssh binary;
otherwise use absolute path, eg 'C:
\somewhere\ssh' or '/usr/bin/ssh'.
Uses plain protocol if left empty.
--rsync-path RSYNCPATH
specify the rsync to run on the remote machine
--existing skip creating new files on receiver
--ignore-existing skip updating files that already exist on receiver
--remove-source-files sender removes synchronized files (non-dirs)
--delete delete extraneous files from destination dirs
--delete-before receiver deletes before transfer, not during
--delete-during receiver deletes during the transfer
--delete-delay find deletions during, delete after
--delete-after receiver deletes after transfer, not during
--delete-excluded also delete excluded files from destination dirs
--ignore-missing-args ignore missing source args without error
--delete-missing-args delete missing source args from destination
--ignore-errors delete even if there are I/O errors
--force force deletion of directories even if not empty
--max-delete MAXDELETE
don't delete more than NUM files
--max-size MAXSIZE don't transfer any file larger than SIZE
--min-size MINSIZE don't transfer any file smaller than SIZE
--partial keep partially transferred files
--partial-dir PARTIALDIR
put a partially transferred file into DIR
--delay-updates put all updated files into place at transfer's end
-m, --prune-empty-dirs
prune empty directory chains from the file-list
--numeric-ids don't map uid/gid values by user/group name
--usermap USERMAP custom username mapping
--groupmap GROUPMAP custom groupname mapping
--chown CHOWN simple username/groupname mapping
--timeout TIMEOUT set I/O timeout in seconds
--contimeout CONTIMEOUT
set daemon connection timeout in seconds
-I, --ignore-times don't skip files that match in size and mod-time
-M REMOTEOPTION, --remote-option REMOTEOPTION
send OPTION to the remote side only
--size-only skip files that match in size
--modify-window MODIFYWINDOW
compare mod-times with reduced accuracy
-T TEMPDIR, --temp-dir TEMPDIR
create temporary files in directory DIR
-y, --fuzzy find similar file for basis if no dest file
--compare-dest COMPAREDEST
also compare destination files relative to DIR
--copy-dest COPYDEST ... and include copies of unchanged files
--link-dest LINKDEST hardlink to files in DIR when unchanged
-z, --compress compress file data during the transfer
--compress-level COMPRESSLEVEL
explicitly set compression level
--skip-compress SKIPCOMPRESS
skip compressing files with a suffix in LIST
-C, --cvs-exclude auto-ignore files the same way CVS does
-f FILTER, --filter FILTER
add a file-filtering RULE
--exclude EXCLUDE exclude files matching PATTERN
--exclude-from EXCLUDEFROM
read exclude patterns from FILE
--include INCLUDE include files matching PATTERN
--include-from INCLUDEFROM
read include patterns from FILE
--files-from FILESFROM
read list of source-file names from FILE
-0, --from0 all *-from/filter files are delimited by 0s
-s, --protect-args no space-splitting; only wildcard special-chars
--address ADDRESS bind address for outgoing socket to daemon
--port PORT specify double-colon alternate port number
--sockopts SOCKOPTS specify custom TCP options
--blocking-io use blocking I/O for the remote shell
--stats give some file-transfer stats
-8, --8-bit-output leave high-bit chars unescaped in output
--human-readable output numbers in a human-readable format
--progress show progress during transfer
-i, --itemize-changes output a change-summary for all updates
--out-format OUTFORMAT
output updates using the specified FORMAT
--log-file LOGFILE log what we're doing to the specified FILE
--log-file-format LOGFILEFORMAT
log updates using the specified FMT
--password-file PASSWORDFILE
read daemon-access password from FILE
--list-only list the files instead of copying them (no target
required)
--bwlimit BWLIMIT limit socket I/O bandwidth
--outbuf OUTBUF set output buffering to None, Line, or Block
(N|L|B)
--write-batch WRITEBATCH
write a batched update to FILE
--only-write-batch ONLYWRITEBATCH
like --write-batch but w/o updating destination
--read-batch READBATCH
read a batched update from FILE
--protocol PROTOCOL force an older protocol version to be used
--iconv ICONV request charset conversion of filenames
--checkum-seed CHECKSUMSEED
set block/file checksum seed (advanced)
-4, --ipv4 prefer IPv4
-6, --ipv6 prefer IPv6
--version print version number
--checksum-choice CHECKSUMCHOICE
choose the checksum algorithm: auto, xxh128,
xxh3, xxh64/xxhash, md5, md4, sha1, none (since
3.1.3)
-U, --atimes preserve access (use) times (since 3.2.0)
--open-noatime avoid changing the atime on opened files (since
3.2.0)
--write-devices write to devices as files, implies --inplace
(since 3.2.0)
--copy-as COPYAS specify user & optional group for the copy 'USER[:
GROUP]' (since 3.2.0)
--early-input EARLYINPUT
use FILE for daemon's early exec input (since
3.2.1)
--max-alloc MAXALLOC change a limit relating to memory alloc (since
3.2.2)
--mkpath create destination's missing path components
(since 3.2.3)
-N, --crtimes preserve create times (newness) (since 3.2.3)
--stop-at STOPAT stop rsync at the specified point in time 'y-m-
dTh:m' (since 3.2.3)
--stop-after STOPAFTER
stop rsync after MINS minutes have elapsed (since
3.2.3)
--copy-devices copy device contents as a regular file (since
3.2.4)
--fsync fsync every written file (since 3.2.4)
--trust-sender trust the remote sender's file list (since 3.2.5)
--additional ADDITIONAL
generic option to pass on to rsync; for command-
line parsing to work though, leading dashes must
get replaced with '+', eg '--additional
"++exclude=*~"'
Ssh#
The options of the com.github.fracpete.rsync4j.Ssh tool are modeled after
the ssh executable itself. Here is the help screen:
usage: com.github.fracpete.rsync4j.Ssh
[-h] [--output-commandline] [--maxtime MAXTIME] [-1] [-2] [-4]
[-6] [-A] [-a] [-b BINDADDRESS] [-C] [-c CIPHERSPEC]
[-D DYNAMICBINDADDRESS] [-E LOGFILE] [-e ESCAPECHAR] [-F CONFIGFILE]
[-f] [-G] [-g] [-I PKCS11] [-K] [-k] [-L LOCAL] [-l LOGINNAME] [-M]
[-m MACSPEC] [-N] [-n] [-O CONTROLCOMMAND] [-o OPTION] [-p PORT]
[-q] [-R REMOTE] [-s] [-T] [-t] [-v] [-vv] [-vvv] [-W FORWARDTO]
[-w FORWARDTUNNEL] [-X] [-x] [-Y] [-y] hostname [command]
OpenSSH SSH client (remote login program). No interactive sessions
possible.
See man page:
https://linux.die.net/man/1/ssh
positional arguments:
hostname The hostname to connect to.
The hostname to connect to.
command The remote command to execute.
optional arguments:
-h, --help show this help message and exit
--output-commandline output the command-line generated for the wrapped
binary
--maxtime MAXTIME set the maximum time for the process to run in
seconds before getting killed
-1 Forces ssh to try protocol version 1 only.
-2 Forces ssh to try protocol version 2 only.
-4 Forces ssh to use IPv4 addresses only.
-6 Forces ssh to use IPv6 addresses only.
-A Enables forwarding of the authentication agent
connection.
-a Disables forwarding of the authentication agent
connection.
-b BINDADDRESS Use bind_address on the local machine as the
source address of the connection.
-C Requests compression of all data.
-c CIPHERSPEC Selects the cipher specification for encrypting
the session.
-D DYNAMICBINDADDRESS Specifies a local “dynamic” application-level
port forwarding ([bind_address:]port).
-E LOGFILE Append debug logs to log_file instead of standard
error.
-e ESCAPECHAR Sets the escape character for sessions with a pty
(default: ‘~’).
-F CONFIGFILE Specifies an alternative per-user configuration
file.
-f Requests ssh to go to background just before
command execution.
-G Causes ssh to print its configuration after
evaluating Host and Match blocks and exit.
-g Allows remote hosts to connect to local forwarded
ports
-I PKCS11 Specify the PKCS#11 shared library ssh should use
to communicate with a PKCS#11 token providing the
user's private RSA key.
-K Enables GSSAPI-based authentication and
forwarding (delegation) of GSSAPI credentials to
the server.
-k Disables forwarding (delegation) of GSSAPI
credentials to the server.
-L LOCAL Specifies that connections to the given TCP port
or Unix socket on the local (client) host are to
be forwarded to the given host and port, or Unix
socket, on the remote side.
-l LOGINNAME Specifies the user to log in as on the remote
machine.
-M Places the ssh client into “master” mode for
connection sharing.
-m MACSPEC A comma-separated list of MAC (message
authentication code) algorithms, specified in
order of preference.
-N Do not execute a remote command. This is useful
for just forwarding ports.
-n Redirects stdin from /dev/null (actually,
prevents reading from stdin).
-O CONTROLCOMMAND Control an active connection multiplexing master
process.
-o OPTION Can be used to give options in the format used in
the configuration file.
-p PORT Port to connect to on the remote host.
-q Quiet mode. Causes most warning and diagnostic
messages to be suppressed.
-R REMOTE Specifies that connections to the given TCP port
or Unix socket on the remote (server) host are to
be forwarded to the given host and port, or Unix
socket, on the local side.
-s May be used to request invocation of a subsystem
on the remote system.
-T Disable pseudo-terminal allocation.
-t Force pseudo-terminal allocation.
-v Verbose mode.
-vv Very verbose mode.
-vvv Very, very verbose mode.
-W FORWARDTO Requests that standard input and output on the
client be forwarded to host on port over the
secure channel.
-w FORWARDTUNNEL Requests tunnel device forwarding with the
specified tun(4) devices between the client
(local_tun) and the server (remote_tun).
-X Enables X11 forwarding.
-x Disables X11 forwarding.
-Y Enables trusted X11 forwarding.
-y Send log information using the syslog system
module.
SshKeyGen#
The options of the com.github.fracpete.rsync4j.SshKeyGen tool are modeled after
the ssh-keygen executable itself. Here is the help screen:
usage: com.github.fracpete.rsync4j.SshKeyGen
[-h] [--output-commandline] [-A] [-a ROUNDS] [-B] [-b BITS]
[-C COMMENT] [-D PKCS11] [-E FINGERPRINT] [-e] [-F FINDHOST]
[-f KEYFILE] [-G CANDIDATEPRIMES] [-g] [-H] [--host] [-i]
[-J SCREENNUMLINES] [-j SCREENSTARTLINE] [-K SCREENCHECKPOINT] [-k]
[-L] [-l] [-M MEMORY] [-m KEYFORMAT] [-N NEWPASSPHRASE]
[-n PRINCIPALS] [-O OPTION] [-o] [-P PASSPHRASE] [-p] [-Q] [-q]
[-R REMOVEKEYS] [-r PRINTFINGERPRINT] [-S STARTPOINT] [-s SIGNCAKEY]
[-T TESTCANDIDATEPRIMES] [-t KEYTYPE] [-u] [-V VALIDITYINTERVAL]
[-v] [-vv] [-vvv] [-W GENERATOR] [-y] [-z SERIALNUMBER]
[file [file ...]]
Authentication key generation, management and conversion.
See man page:
https://linux.die.net/man/1/ssh-keygen
positional arguments:
file The key file(s).
optional arguments:
-h, --help show this help message and exit
--output-commandline output the command-line generated for the wrapped
binary
-A For each of the key types (rsa1, rsa, dsa, ecdsa
and ed25519) for which host keys do not exist,
generate the host keys with the default key file
path, an empty passphrase, default bits for the
key type, and default comment.
-a ROUNDS When saving a new-format private key (i.e. an
ed25519 key or any SSH protocol 2 key when the -o
flag is set), this option specifies the number of
KDF (key derivation function) rounds used.
-B Show the bubblebabble digest of specified private
or public key file.
-b BITS Specifies the number of bits in the key to create.
-C COMMENT Provides a new comment.
-D PKCS11 Download the RSA public keys provided by the
PKCS#11 shared library pkcs11.
-E FINGERPRINT Specifies the hash algorithm used when displaying
key fingerprints.
-e This option will read a private or public OpenSSH
key file and print to stdout the key in one of
the formats specified by the -m option.
-F FINDHOST Search for the specified hostname in a
known_hosts file, listing any occurrences found.
-f KEYFILE Specifies the filename of the key file.
-G CANDIDATEPRIMES Generate candidate primes for DH-GEX..
-g Use generic DNS format when printing fingerprint
resource records using the -r command.
-H Hash a known_hosts file.
--host When signing a key, create a host certificate
instead of a user certificate.
-i This option will read an unencrypted private (or
public) key file in the format specified by the -
m option and print an OpenSSH compatible private
(or public) key to stdout.
-J SCREENNUMLINES Exit after screening the specified number of
lines while performing DH candidate screening
using the -T option.
-j SCREENSTARTLINE Start screening at the specified line number
while performing DH candidate screening using the
-T option.
-K SCREENCHECKPOINT Write the last line processed to the file checkpt
while performing DH candidate screening using the
-T option.
-k Generate a KRL file.
-L Prints the contents of one or more certificates.
-l Show fingerprint of specified public key file.
-M MEMORY Specify the amount of memory to use (in
megabytes) when generating candidate moduli for
DH-GEX.
-m KEYFORMAT Specify a key format for the -i (import) or -e
(export) conversion options.
-N NEWPASSPHRASE Provides the new passphrase.
-n PRINCIPALS Specify one or more principals (user or host
names) to be included in a certificate when
signing a key.
-O OPTION Specify a certificate option when signing a key.
-o Causes ssh-keygen to save private keys using the
new OpenSSH format rather than the more
compatible PEM format.
-P PASSPHRASE Provides the (old) passphrase.
-p Requests changing the passphrase of a private key
file instead of creating a new private key.
-Q Test whether keys have been revoked in a KRL.
-q Silence ssh-keygen.
-R REMOVEKEYS Removes all keys belonging to hostname from a
known_hosts file.
-r PRINTFINGERPRINT Print the SSHFP fingerprint resource record named
hostname for the specified public key file.
-S STARTPOINT Specify start point (in hex) when generating
candidate moduli for DH-GEX.
-s SIGNCAKEY Certify (sign) a public key using the specified
CA key.
-T TESTCANDIDATEPRIMES
Test DH group exchange candidate primes
(generated using the -G option) for safety.
-t KEYTYPE Specifies the type of key to create.
-u Update a KRL.
-V VALIDITYINTERVAL Specify a validity interval when signing a
certificate.
-v Verbose mode.
-vv Very verbose mode.
-vvv Very, very verbose mode.
-W GENERATOR Specify desired generator when testing candidate
moduli for DH-GEX.
-y This option will read a private OpenSSH format
file and print an OpenSSH public key to stdout.
-z SERIALNUMBER Specifies a serial number to be embedded in the
certificate to distinguish this certificate from
others from the same CA.