sftp-fs

The sftp-fs library provides support for SFTP NIO.2 file systems, allowing SFTP servers to be accessed in a similar way to local file systems.

Creating file systems

If the SFTP file system library is available on the class path, it will register a FileSystemProvider for scheme sftp. This allows you to create SFTP file systems using the newFileSystem methods of class FileSystems. You can use class SFTPEnvironment to help create the environment maps for those methods:

SFTPEnvironment env = new SFTPEnvironment()
        .withUsername(username)
        .withUserInfo(userInfo);
FileSystem fs = FileSystems.newFileSystem(URI.create("sftp://example.org"), env);

Providing credentials

Credentials can be provided either through the URI or through the environment, as shown above. For security reasons the latter is preferred.

There are a few ways to provide credentials through the environment. The easiest way is to call withUserInfo on an SFTPEnvironment instance with a UserInfo object to provide the password, and if necessary the passphrase. The sftp-fs library provides class SimpleUserInfo to provide a fixed password and passphrase. Note that any prompt will be answered with “no”. That means that you will most likely also need to set a HostKeyRepository by calling withHostKeyRepository on an SFTPEnvironment instance to verify the host.

If the UserInfo object will only provide a fixed password and do nothing else, you can also call withPassword on the SFTPEnvironment instance instead. This too most likely requires a HostKeyRepository to be set.

Instead of using a password, it's also possible to use other authentication methods using an IdentityRepository, which can be set by calling withIdentityRepository on an SFTPEnvironment instance. The following code snippet shows how you can use pageant to authenticate:

SFTPEnvironment env = new SFTPEnvironment()
        .withUsername(username)
        .withIdentityRepository(new AgentIdentityRepository(new PageantConnector()));
FileSystem fs = FileSystems.newFileSystem(URI.create("sftp://example.org"), env);

Default directory

The default directory can be provided through the URI or trough the environment using withDefaultDirectory, as follows:

URI path	No default directory in the environment	Default directory in the environment
None	The default directory is defined by the SFTP server	The default directory is defined by the environment
`/`	The default directory is `/`	The default directory is defined by the environment
Other	The default directory is equal to the URI path	Not allowed

Creating paths

After a file system has been created, Paths can be created through the file system itself using its getPath method. As long as the file system is not closed, it's also possible to use Paths.get. Note that if the file system was created with credentials, the username must be part of the URL. For instance:

// created without credentials
Path path1 = Paths.get(URI.create("sftp://example.org"));
// created with credentials
Path path2 = Paths.get(URI.create("sftp://username@example.org"));

If the username in the URI does not match the username used to create the file system, or if no file system has been created for the URI, a new file system will be created. This works like Creating file systems. Since no environment can be provided this way, settings can still be provided through SFTPEnvironment.setDefault and query parameters; see usages of QueryParam and QueryParams for the possible query parameters. If creating a new file system fails, a FileSystemNotFoundException will be thrown.

Attributes

File attributes

SFTP file systems fully support read-access to the following attributes:

Attributes defined in BasicFileAttributeView and BasicFileAttributes, available both with and without prefixes basic: or posix:.
Attributes defined in FileOwnerAttributeView, available with prefixes owner: or posix:.
Attributes defined in PosixFileAttributeView and PosixFileAttributes, available with prefix posix:.

It's not possible to set the last access time or creation time, either through one of the file attribute views or through a file system. Attempting to do so will result in an UnsupportedOperationException. All other attributes are supported, although when setting the owner or group the name must be the UID/GID.

File store attributes

When calling getAttribute on a file store, the following attributes are supported:

totalSpace: returns the same value as the getTotalSpace method.
usableSpace: returns the same value as the getUsableSpace method.
unallocatedSpace: returns the same value as the getUnallocatedSpace method.

These values are only supported by SFTP servers that support the statvfs@openssh.com extension. If this extension is not supported, these methods will all return Long.MAX_VALUE.

There is no support for FileStoreAttributeView. Calling getFileStoreAttributeView on a file store will simply return null.

Error handling

Not all SFTP servers support the same set of error codes. Because of this, most methods may not throw the correct exception (NoSuchFileException, AccessDeniedException, etc).

To allow this behaviour to be modified, class SFTPEnvironment has method withFileSystemExceptionFactory that allows you to specify a custom FileSystemExceptionFactory implementation which will be used to create exceptions based on the reply code and string of the command that triggered the error. By default, an instance of class DefaultFileSystemExceptionFactory is used.

Thread safety

The SFTP protocol is fundamentally not thread safe. To overcome this limitation, SFTP file systems maintain multiple connections to SFTP servers. The number of connections determines the number of concurrent operations that can be executed. If all connections are busy, a new operation will block until a connection becomes available. Class SFTPEnvironment has method withPoolConfig that allows you to configure the connection pool:

The initial pool size - the number of connections that are created when an SFTP file system is created. The default is 1.
The maximum pool size - the maximum number of concurrent operations. The default is 5.
The maximum wait time - this determines how long to wait until a connection is available. The default is to wait indefinitely.
The maximum time that connections can be idle. The default is indefinitely.

When a stream or channel is opened for reading or writing, the connection will block because it will wait for the download or upload to finish. This will not occur until the stream or channel is closed. It is therefore advised to close streams and channels as soon as possible.

Connection management

Because SFTP file systems use multiple connections to an SFTP server, it's possible that one or more of these connections become stale. Class SFTPFileSystemProvider has static method keepAlive that, if given an instance of an SFTP file system, will send a keep-alive signal over each of its idle connections. You should ensure that this method is called on a regular interval. An alternative is to set a maximum idle time (see Thread safety).

Limitations

SFTP file systems knows the following limitations:

All paths use / as separator. / is not allowed inside file or directory names.
File attributes cannot be set when creating files or directories.
Symbolic links can be read and traversed, but not created.
There is no support for hard links.
Files can be marked as executable if the SFTP server indicates it is. That does not mean the file can be executed in the local JVM.
SeekableByteChannel is supported because it's used by Files.createFile. However, these channels do not support seeking specific positions or truncating.
FileSystem.getFileStores() will only return a FileStore for the root path, even if the SFTP server actually has several mount points.
Although FileSystemProvider.getFileStore(Path) will return a FileStore for the actual Path, its name will always be /, even if the file or directory is located on a different mount point.
There is no support for UserPrincipalLookupService.
There is no support for WatchService.