Ascp4 command reference

Supported environment variables, the general syntax, and command options for ascp4 are described in the following sections. ascp4 exits with a 0 on success or a 1 on error. The error code is logged in the ascp4 log file.

Note: Not all ascp options are available with ascp4. For more information, see Comparison of ascp and ascp4 options. Additionally, ascp4 transfers fail if the user's docroot is a symbolic link, whereas ascp supports symbolic link docroots.

ascp4 syntax

ascp4 options [[user@]srcHost:]source_file1[,source_file2,...] [[user@]destHost:]dest_path

User

The username of the Aspera transfer user can be specified as part of the as part of the source or destination, whichever is the remote server or with the --user option. If you do not specify a username for the transfer, the local username is authenticated by default.

Note: If you are authenticating on a Windows machine as a domain user, the transfer server strips the domain from the username. For example, Administrator is authenticated rather than DOMAIN\Administrator. Thus, you must specify the domain explicitly.

Source and destination paths

  • If there are multiple source arguments, then the target path must be a directory.
  • To describe file paths, use single quotation marks (' ') and forward slashes (/) on all platforms.
  • To transfer to the transfer user's docroot, specify "." as the destination.
  • Avoid the following characters in file names: / \ " : ' ? > < & * |.
  • If the destination is a symbolic link, then the file is written to the target of the symbolic link. However, if the symbolic link path is a relative path to a file (not a directory) and a partial file name suffix is configured on the receiver, then the destination path is relative to the user's home directory. Files within directories that are sent to symbolic links that use relative paths are not affected.

URI paths: URI paths are supported, but only with the following restrictions:

  • If the source paths are URIs, they must all be in the same cloud storage account. No docroot (download), local docroot (upload), or source prefix can be specified.
  • If a destination path is a URI, no docroot (upload) or local docroot (download) can be specified.
  • The special schemes stdio:// and stdio-tar:// are supported only on the client side. They cannot be used as an upload destination or download source.
  • If required, specify the URI passphrase as part of the URI or set it as an environment variable (ASPERA_SRC_PASS or ASPERA_DST_PASS, depending on the direction of transfer).

UNC paths: If the server is Windows and the path on the server is a UNC path (a path that points to a shared directory or file on Windows operating systems) then it can be specified in an ascp4 command by using one of the following conventions:

  1. UNC path that uses backslashes (\)

    If the client side is a Windows machine, the UNC path can be used with no alteration. For example, \\192.168.0.10\temp. If the client is not a Windows machine, every backslash in the UNC path must be replaced with two backslashes. For example, \\\\192.168.0.10\\temp.

  2. UNC path that uses forward slashes (/)

    Replace each backslash in the UNC path with a forward slash. For example, if the UNC path is \\192.168.0.10\temp, change it to //192.168.0.10/temp. This format can be used with any client-side operating system.

Required file access and permissions

  • Sources (for downloads) or destinations (for uploads) on the server must be in the transfer user's docroot or match one of the transfer user's file restrictions, otherwise the transfer stops and returns an error.
  • The transfer user must have sufficient permissions to the sources or destinations, for example write access for the destination directory, otherwise the transfer stops and returns a permissions error.
  • The transfer user must have authorization to do the transfer (upload or download), otherwise the transfer stops and returns a "management authorization refused" error.
  • Files that are open for write by another process on a Windows source or destination cannot be transferred and return a "sharing violation" error. On Unix-like operating systems, files that are open for write by another process are transferred without reporting an error, but might produce unexpected results that depend on what data in the file is changed and when relative to the transfer.

Environment variables

If needed, you can set the following environment variables for use with an ascp4 session. The total size for environment variables depends on your operating system and transfer session. Each environment variable value must not exceed 4096 characters.

ASPERA_SCP_PASS=password
The password that is used for SSH authentication of the transfer user.
ASPERA_SCP_TOKEN=token
Set the transfer user authorization token. Ascp4 currently supports transfer tokens, which must be created by using astokengen with the --full-paths option. For more information, see Transfer token generation (astokengen)
ASPERA_SCP_COOKIE=cookie
A cookie string that is passed to monitoring services.
ASPERA_SRC_PASS=password
The password that is used to authenticate to a URI source.
ASPERA_DST_PASS=password
Set the password that is used to authenticate to a URI destination.
ASPERA_LOCAL_TOKEN=token
A token that authenticates the user to the client (in place of SSH authentication).
Note: If the local token is a basic or bearer token, the access key settings for cipher and preserve_time are not respected and the server settings are used. To set the cipher and timestamp preservation options as a client, set them in the command line.

Ascp4 options

Note: To see the ascp4 usage options, run ascp4 -h.
-A, --version
Display version and license information.
-c {aes128|aes192|aes256|none}
Encrypt in-transit file data by using the specified cipher. This option overrides the <encryption_cipher> setting in aspera.conf.
--check-sshfp=fingerprint
Compare fingerprint to the server SSH host key fingerprint that is set with <ssh_host_key_fingerprint> in aspera.conf. Aspera fingerprint convention is to use a hex string without the colons; for example, f74e5de9ed0d62feaf0616ed1e851133c42a0082. For more information on SSH host key fingerprints, see Installing and configuring the SSH Server..
--chunk-size=bytes
Perform storage read and write operations with the specified buffer size. Also, use the buffer size as an internal transmission and compression block. Valid range: 4 KB - 128 MB. For transfers with object storage, use --chunk-size=1048576 if chunk size is not configured on the server to ensure that the chunk size of ascp4 and Trapd match.
--compare={size|size+mtime|md5|md5-sparse|sha1|sha1-sparse}method
When using --overwrite and --resume, compare files with the specified method. If the --overwrite method is diff or diff+older, the default --compare method is size.
--compression={none|zlib|lz4}
Compress file data inline. Default: lz4. If set to zlib, --compression-hint can be used to set the compression level.
--compression-hint=num
Compress file data to the specified level when --compression is set to an option that accepts compression level settings (currently only zlib). A lower value results in less, but faster, data compression (0 = no compression). A higher value results in greater, slower compression. Valid values are -1 to 9, where -1 is "balanced". Default: -1.
-D | -DD | -DDD
Log at the specified debug level. With each D, an additional level of debugging information is written to the log. This option is not supported if the transfer user is restricted to aspshell.
--delete-before, --delete-before-transfer
Before transfer, delete files that exist at the destination but not at the source. The source and destination arguments must be directories that have matching names. Objects on the destination that have the same name but different type or size as objects on the source are not deleted. Do not use with multiple sources or --keepalive.
--dest64
Indicate that the destination path or URI is base64 encoded.
-E pattern
Exclude files or directories from the transfer based on the specified pattern. Use the -N option (include) to specify exceptions to -E rules. Rules are applied in the order in which they are encountered, from left to right. The following symbols can be used in the pattern:
  • * (asterisk) represents zero or more characters in a string, for example *.tmp matches .tmp and abcde.tmp.
  • ? (question mark) represents a single character. For example, t?p matches tmp but not temp.

For more information, see Using filters to include and exclude files.

Note: When filtering rules are found in aspera.conf, they are applied before rules that are given on the command line (-E and -N).
--exclude-newer-than=mtime
--exclude-older-than=mtime
Exclude files (but not directories) from the transfer based on when the file was last changed. Positive mtime values are used to express time, in seconds, since the original system time (usually 1970-01-01 00:00:00). Negative mtime values (prefixed with "-") are used to express the number of seconds before the current time.
-f config_file
Read Aspera configuration settings from config_file rather than aspera.conf(the default).
--faspmgr-io
Run ascp4 in API mode by using FASP manager I/O. Ascp4 reads FASPMGR4 commands from management and runs them. The FASPMGR4 commands are PUT/WRITE/STOP to open/write/close on a file on the server.
--file-crypt={encrypt|decrypt}
Encrypt files (when sending) or decrypt files (when receiving) for client-side encryption-at-rest (EAR). Encrypted files have the file extension .aspera-env. This option requires the encryption and decryption passphrase to be set with the environment variable ASPERA_SCP_FILEPASS. If a client-side encrypted file is downloaded with an incorrect password, the download is successful, but the file remains encrypted and still has the file extension .aspera-env. For more information, see Client-Side Encryption-at-Rest (EAR).
--file-list=filepath
Transfer the files and directories that are listed in filepath. Only the files and directories are transferred. The path information is not preserved at the destination. Each source must be specified on a separate line, for example:
src
src2
...
srcN

To read a file list from standard input, use "-" in place of filepath (as ascp4 --file-list=- …). UTF-8 file format is supported. Use with -d if the destination folder does not exist.

Restrictions:

  • Paths in file lists cannot use user@host:filepath syntax. You must use --user with --file-list.
  • Only one --file-list option is allowed per ascp4 session. If multiple file lists are specified, all but the last are ignored.
  • Only files and directories from the file list are transferred, and any additional source files or directories that are specified on the command line are ignored.
  • If more than one read thread is specified (default is 2) for a transfer that uses --file-list, the files in the file list must be unique. Duplicates can produce unexpected results on the destination.
  • Because multiple sources are being transferred, the destination must be a directory.
  • If the source paths are URIs, the size of the file list cannot exceed 24 KB.

For large file lists (~100 MB+), use with --memory to increase available buffer space.

--file-manifest={none|text}
Generate a list of all transferred files when set to text. Requires --file-manifest-path to specify the location of the list. (Default: none)
--file-manifest-path=directory
Save the file manifest to the specified location when using --file-manifest=text. File manifests must be stored locally. For cloud or other nonlocal storage, specify a local manifest path.
--file-manifest-inprogress-suffix=suffix
Apply the specified suffix to the file manifest's temporary file. For use with --file-manifest=text. (Default suffix: .aspera-inprogress)
-h, --help
Display the usage summary.
--host=host
Transfer to the specified hostname or address. Requires --mode. This option can be used instead of specifying the host as part of the file name (as hostname:filepath).
-i private_key_file
Authenticate the transfer by using public key authentication with the specified SSH private key file (specified with a full or relative path). The private key file is typically in the directory $HOME/.ssh/. If multiple -i options are specified, only the last one is used.
-k {0|1|2|3}
Enable the resumption of partially transferred files at the specified resume level. Default: 0. This option must be specified for your first transfer or it does not work for subsequent transfers. Resume levels:
  • -k 0: Always retransfer the entire file (same as --overwrite=always).
  • -k 1: Compare file modification time and size and resume if they match (same as --overwrite=diff --compare=size --resume).
  • -k 2: Compare-sparse checksum and resume if they match (same as --overwrite=diff --compare=md5-sparse --resume).
  • -k 3: Compare-full checksum and resume if they match (same as --overwrite=diff --compare=md5 --resume).
--keepalive
Enable ascp4 to run in persistent mode. This option enables a persistent session that does not require that source content and its destination are specified at execution. Instead, the persistent session reads source and destination paths through mgmt commands. Requires --mode and --host.
-L local_log_dir[:size]
Log to the specified directory on the client machine rather than the default directory. Optionally, set the size of the log file (default 10 MB).
-l max_rate
Transfer at rates up to the specified target rate. Default: 10 Mbps. This option accepts suffixes G/g for Giga, M/m for Mega, K/k for Kilo, and P/p/% for percentage. Decimals are allowed. If this option is not set by the client, the server target rate is used. If a rate cap is set in the local or server aspera.conf, then the rate does not exceed the cap.
For streaming, the value must be equal to or greater than the bit rate of the video.
-m min_rate
Attempt to transfer no slower than the specified minimum transfer rate. Default: 0. If this option is not set by the client, then the server's aspera.conf setting is used. If a rate cap is set in the local or server aspera.conf, then the rate does not exceed the cap.
--memory=bytes
Allow the local ascp4 process to use no more than the specified memory. Default: 256 MB. See also --remote-memory.
--meta-threads=num
Use the specified number of directory creation threads (receiver only). Default: 2.
--mode={send|recv}
Transfer in the specified direction: send or recv (receive). Requires --host.
--move-after-transfer=archivedir
Move source files and copy source directories to archiver after they are successfully transferred. Because directories are copied, the original source tree remains in place. The transfer user must have write permissions to the archivedir. The archivedir is created if it does not already exist. If the archive directory cannot be created, the transfer proceeds and the source files remain in their original location.

To preserve portions of the file path above the transferred file or directory, use this option with --src-base.

To remove empty source directories (except those specified as the source to transfer), use this option with --remove-empty-directories .

Restrictions:

  • archivedir must be on the same file system as the source. If the specified archive is on a separate file system, it is created (if it does not exist), but an error is generated and files are not moved to it.
  • For cloud storage, archivedir must be in the same cloud storage account as the source and must not already contain files with the same name (the existing files cannot be overwritten and the archiving fails).
  • If the source is on a remote system (ascp is run in receive mode), archivedir is subject to the same docroot restrictions as the remote user.
  • --remove-after-transfer and --move-after-transfer are mutually exclusive. Using both in the same session generates an error.
  • Empty directories are not saved to archivedir.
  • When used with --remove-empty-directories and --src-base, scanning for empty directories starts at the specified source base and proceeds down any subdirectories. If no source base is specified and a file path (as opposed to a directory path) is specified, then only the immediate parent directory is removed (if empty) after the source files were moved.
-N pattern
Protect (include) files or directories from exclusion by any -E (exclude) options that follow it. Files and directories are specified by using pattern. Each option-plus pattern is a rule. Rules are applied in the order (left to right) in which they're encountered. Thus, -N rules protect files only from -E rules that follow them. Create patterns by using standard globbing wildcards and special characters such as:
  • * (asterisk) represents zero or more characters in a string, for example, *.tmp matches .tmp and abcde.tmp.
  • ? (question mark) represents any single character, for example, t?p matches tmp but not temp.

For more information, see Using filters to include and exclude files.

Note: Filtering rules can also be specified in aspera.conf. Rules that are found in aspera.conf are applied before any -E and -N rules that are specified on the command line.
--no-open
In test mode, do not open or write the contents of destination files.
--no-read
In test mode, do not read the contents of source files.
--no-write
In test mode, do not write the contents of destination files.
-O fasp_port
Use the specified UDP port for FASP transfers. Default: 33001.
--overwrite={always|never|diff|diff+older|older}
Overwrite files at the destination with source files of the same name based on the method. Default: always. Use with --compare and --resume. method can be the following:
  • always – Always overwrite the file.
  • never – Never overwrite the file. If the destination contains partial files that are older or the same as the source files and --resume is enabled, the partial files resume transfer. Partial files with checksums or sizes that differ from the source files are not overwritten.
  • diff – Overwrite the file if it is different from the source, depending on the compare method (default is size). If the destination is object storage, diff has the same effect as always.

    If resume is not enabled, partial files are overwritten if they are different from the source, otherwise they are skipped. If resume is enabled, only partial files with different sizes or checksums from the source are overwritten; otherwise, files resume.

  • diff+older – Overwrite the file if it is older and different from the source, depending on the compare method (default is size). If resume is not enabled, partial files are overwritten if they are older and different from the source, otherwise they are skipped. If resume is enabled, only partial files that are different and older than the source are overwritten, otherwise they are resumed.
  • older – Overwrite the file if its timestamp is older than the source timestamp.
-P ssh-port
Use the specified TCP port to initiate the FASP session. (Default: 22).
-p
Preserve file timestamps for access and modification time. Equivalent to setting --preserve-modification-time, --preserve-access-time, and --preserve-creation-time. Timestamp support in object storage varies by provider; consult your object storage documentation to determine which settings are supported.

On Windows, modification time might be affected when the system automatically adjusts for Daylight Savings Time (DST). For more information, see Daylight saving time help and support.

--partial-file-suffix=suffix
Enable the use of partial files for files that are in transit, and set the suffix to add to names of partial files. (The suffix does not include a ".", as for a file extension, unless explicitly specified as part of the suffix). This option takes effect only when set on the receiver side. When the transfer is complete, the suffix is removed. (Default: suffix is null; use of partial files is disabled).
--policy={fixed|high|fair|low}
Transfer according to the specified policy:
  • fixed – Attempt to transfer at the specified target rate, regardless of network capacity. Content is transferred at a constant rate and the transfer finishes in a guaranteed time. The fixed policy can consume most of the network's bandwidth and is not recommended for most types of file transfers. This option requires a maximum (target) rate value (-l).
  • high – Adjust the transfer rate to fully utilize the available bandwidth up to the maximum rate. When congestion occurs, the transfer rate is twice as fast as transfer with a fair policy. This option requires maximum (target) and minimum transfer rates (-l and -m).
  • fair – Adjust the transfer rate to fully utilize the available bandwidth up to the maximum rate. When congestion occurs, bandwidth is shared fairly by transferring at an even rate. This option requires maximum (target) and minimum transfer rates (-l and -m).
  • low – Adjust the transfer rate to use the available bandwidth up to the maximum rate. Similar to fair mode, but less aggressive when sharing bandwidth with other network traffic. When congestion occurs, the transfer rate is reduced to the minimum rate until other traffic decreases.

If --policy is not set, ascp4 uses the server-side policy setting (fair by default).

--precalculate-job-size

Calculate the total size before starting the transfer. The server-side pre_calculate_job_size setting in aspera.conf overrides this option.

--preserve-access-time
Preserve the file timestamps (currently the same as -p).
--preserve-creation-time
Preserve the file timestamps (currently the same as -p).
--preserve-file-owner-gid
--preserve-file-owner-uid
(Linux, UNIX, and macOS only) Preserve the group information (gid) or owner information (uid) of the transferred files. These options require that the transfer user is authenticated as a superuser.
--preserve-modification-time
Preserve the file timestamps (currently the same as -p).
--preserve-source-access-time
Preserve the file timestamps (currently the same as -p).
-q
Run ascp4 in quiet mode. This option disables the progress display.
-R remote_log_dir
Log to the specified directory on the remote host rather than the default directory.
Note: Client users that are restricted to aspshell are not allowed to use this option.
--read-threads=num
Use the specified number of storage read threads (sender only). Default: 2. To set write threads on the receiver, use --write-threads.
Note: If more than one read thread is specified for a transfer that uses --file-list, the files in the file list must be unique. Duplicates can produce unexpected results on the destination.
--remote-memory=bytes
Allow the remote ascp4 process to use no more than the specified memory. Default: 256 MB.
--remove-empty-directories
Remove empty source directories once the transfer is completed successfully, but do not remove a directory that is specified as the source argument. To also remove the specified source directory, use --remove-empty-source-directory. Directories can be emptied by using --move-after-transfer or --remove-after-transfer. Scanning for empty directories starts at the src-base and proceeds down any subdirectories. If no source base is specified and a file path (as opposed to a directory path) is specified, then only the immediate parent directory is scanned and removed if it's empty following the move of the source file.
Note: Do not use this option if multiple processes (ascp4 or other) might access the source directory at the same time.
--resume
Resume a transfer rather than retransferring the content if partial files are present at the destination and they do not differ from the source file based on the --compare method. If the source and destination files do not match, then the source file is retransferred. See -k for another way to enable resume.
--scan-threads=num
Use the specified number of directory scan threads (sender only). Default: 2.
-SSH
Use an external SSH program instead of the built-in libssh2 implementation to establish the connection with the remote host. The wanted SSH program must be defined in the environment's PATH variable. To enable debugging of the SSH process, use the -DD and --ssh-arg=-vv options with ascp4.
--ssh-arg=ARG
Add ARG to the command line arguments passed to the external SSH program (implies that you use-SSH). This option might be repeated as needed to supply multiple separate SSH arguments. The order is preserved. The ARG elements are inserted before any key files supplied to ascp4, and before the user and host argument.
--sparse-file
Enable ascp4 to write sparse files to disk. This option prevents ascp4 from writing zero content to disk for sparse files; ascp4 writes a block to disk if even 1 bit is set in that block. If no bits are set in the block, ascp4 does not write the block (ascp4 blocks are 64 KB by default).
--src-base=prefix
Strip the specified prefix from each source path. The remaining portion of the source path is kept intact at the destination. Available only in send mode. For usage examples, see Ascp file manipulation examples.

Use with URIs: The --src-base option performs a character-to-character match with the source path. For object storage source paths, the prefix must specify the URI in the same manner as the source paths. For example, if a source path includes an embedded passphrase, the prefix must also include the embedded passphrase otherwise it does not match.

--symbolic-links={follow|copy|skip}
Handle symbolic links by using the specified method. For more information on symbolic link handling, see Symbolic link handling. On Windows, the only option is skip. On other operating systems, this option takes following values:
  • follow – Follow symbolic links and transfer the linked files. (Default)
  • copy – Copy only the alias file. If a file with the same name exists on the destination, the symbolic link is not copied.
  • skip – Skip symbolic links. Do not copy the link or the file it points to.
-T
Disable in-transit encryption for maximum throughput.
-u user_string
Define a user string for Lua scripts that can be run with transfer events. See Transfer session data accessible to scripts.
--user=username
Authenticate the transfer by using the specified username. Use this option instead of specifying the username as part of the destination path (as user@host:file).
Note: If you are authenticating on a Windows machine as a domain user, the transfer server strips the domain from the username. For example, Administrator is authenticated rather than DOMAIN\Administrator. Thus, you must specify the domain explicitly.
--worker-threads=num
Use the specified number of worker threads for deleting files. On the receiver, each thread deletes one file or directory at a time. On the sender, each thread checks for the presences of one file or directory at a time. Default: 1.
--write-threads=num
Use the specified number of storage write threads (receiver only). Default: 2. To set read threads on the sender, use --read-threads.
For transfers to object storage, write threads cannot exceed the maximum number of jobs that are configured for Trapd. Default: 15. To use more threads, open /opt/aspera/etc/trapd/trap.properties on the server and set aspera.session.upload.max-jobs to a number larger than the number of write threads. For example,
# Number of jobs allowed to run in parallel for uploads.
# Default is 15
aspera.session.upload.max-jobs=50
-X rexmsg_size
Limit the size of retransmission requests to no larger than the specified size, in bytes. Max: 1440.
-Z dgram_size
Use the specified datagram size (MTU) for FASP transfers. Range: 296 - 65535 bytes. Default: the detected path MTU.

As of version 3.3, datagram size can be specified on the server by setting <datagram_size> in aspera.conf. The server setting overrides the client setting, unless the client uses a version of ascp that is older than 3.3, in which case the client setting is used. If the pre-3.3 client does not set -Z, the datagram size is the discovered MTU and the server logs the message "LOG Peer client doesn't support alternative datagram size".