Whatever message this page gives is out now! Go check it out!
cfftp: Opening and closing secure FTP server connections
Last update:
May 18, 2026
Description
To establish a connection with a secure FTP server, use the open action with a connection attribute, specify that secure = "yes", and specify the key, passphrase, and fingerprint as appropriate.
<cfftp
action = "open|close"
connection = "name"
fingerprint = "ssh-dss.ssh-rsa"
key = "private key"
passive = "yes|no">
passphrase = "passphrase"
password = "password"
port = "port"
proxyServer = "proxy server"
retryCount = "number"
secure = "yes|no"
server = "server"
stopOnError = "yes|no"
timeout = "time-out in seconds"
username = "name">cfscript equivalent of the syntax
<cfscript>
cfftp(action = "open|close", connection = "name", fingerprint = "ssh-dss.ssh-rsa" key = "private key", passive = "yes|no", passphrase = "passphrase", password = "password", port = "port", proxyServer = "proxy server", retryCount = "number", secure = "yes|no", server = "server", stopOnError = "yes|no", timeout = "time-out in seconds", username = "name")
</cfscript>Note: You can specify this tag's attributes in an attributeCollection attribute whose value is a structure. Specify the structure name in the attributeCollection attribute and use the tag's attribute names as structure keys.
See also
History
- ColdFusion (2025 release): ColdFusion (2025 release): ssh-rsa algorithm will not be enabled by default due to the security issues associated with it. The default fingerprint algorithm is changed from md5 to a more secure SHA256 algorithm. The following flags are introduced to change this behaviour. Enable the ssh-rsa algorithm and change the fingerprint algorithm using jvm arguments:
- -Dcoldfusion.sftp.enable-ssh-rsa: The default is False. Enable the disabled ssh-rsa algorithm.
- -Dcoldfusion.sftp.fingerprint: The default is SHA256. Change the fingerprint algorithm.
Attributes
Attribute | Req/Opt | Default | Description |
action | Required | FTP operation to perform.
| |
connection | Optional, but always used with open or close | Name of the FTP connection. If you specify the username, password, and server attributes, and if no connection exists for them, ColdFusion creates one. Calls to cfftp with the same connection name reuse the connection. | |
fingerprint | Optional. Used only when server, username, and password are supplied | Fingerprint of the host key in the form ssh-dss.ssh-rsa, which is a 16-byte unique identifier for the server attribute that you specify, The fingerprint consists of eight pairs of hexadecimal values in the form hh:hh:hh:hh::hh:hh:hh:hh. ColdFusion checks the fingerprint of the remote server only if the fingerprint value is specified. | |
key | Required if action="open" (}}When {{secure="yes", either password or key is required.) | Public-key based authentication. Refers to the absolute path to the private key of the user. Possession of a private key provides authentication by sending a signature created with a private key. The server must ensure that the key is a valid authentication for the user and that the signature is valid. Both must be valid to accept the authentication. | |
passive | Optional | no | Valid only if secure="no".
|
passphrase | Optional. Used when key is specified | Because private keys are stored in an encrypted form on the client host, the user must supply a passphrase to enable generating the signature. | |
password | Required if action="open" (}}When {{secure="yes", either password or key is required.) | Password to log in the user. | |
port | Optional | 21 | Remote port to which to connect. |
proxyServer | Optional | String. Name of proxy server (or servers) to use, if proxy access is specified. | |
retryCount | Optional | 1 | Number of retries until failure is reported. |
secure | Optional | no |
|
server | Required if action="open" | FTP server to which to connect; for example, ftp.myserver.com. | |
stopOnError | Optional | no |
|
timeout | Optional | 30 | Value in seconds for the time-out of all operations, including individual data request operations. |
username | Required if action="open" | User name to pass in the FTP operation. |
Usage
The cfftp tag lets you open a connection to a Secure Shell (SSH) server by using either symmetric or asymmetric encryption. To use symmetric encryption, you specify secure="yes", the user name, password, connection, and fingerprint. To use asymmetric encryption, first generate private-public key pairs for each user authorized to have access to the server. Each authorized user's public key is stored on the server; each user's private key is encrypted and stored on that user's computer. To open a connection to the SSH server, you specify secure="yes", the user name, the password, or the private key and the passphrase that the server uses to decrypt the private key, connection, and fingerprint. After you open the connection to the SSH server, you can use that connection for any action supported by the cfftp tag. To keep a connection open throughout a session or longer, put the connection name in the Session or Application scope; for example, specify connection="Session.FTPConnection". However, if you do this, specify the full variable name in all FTP operations, and use the close action when you are finished. Keeping a connection open prevents others from using the FTP server; so close a connection as soon as possible. If you do not assign the connection name to Session or Application variable, the connection remains open for the current page only, and you do not have to close it manually. Changes to a cached connection, such as changing retryCount or timeout values, might require reestablishing the connection.
Example
<!--- This example uses symmetric encryption. --->
<!--- Open the secure connection. --->
<cfftp action = "open"
username = "myusername"
connection = "My_query"
password = "mypassword"
fingerprint = "12:34:56:78:AB:CD:EF:FE:DC:BA:87:65:43:21"
server = "ftp.tucows.com"
secure = "yes">
<p>Did it succeed? <cfoutput>#cfftp.succeeded#</cfoutput>
<cfdump var ="#My_query# label="connection">
<!--- Transfer files to the remote server. --->
<cfset absolutePathToLocalFile="C:\one\two\myfile.htm">
<cfif FileExists(absolutePathToLocalFile)>
<cfftp action = "putFile"
connection="My_query"
localFile="#variables.absolutePathToLocalFile#"
remoteFile="/home/myname/sftptest/myfile.htm">
<cfelse>
<!--- Put error handling code here. --->
</cfif>
<p>Did it succeed? <cfoutput>#cfftp.succeeded#</cfoutput>
<!--- Close the connection. --->
<cfftp action="close" connection="My_query">Example
<!--- This example uses asymmetric encryption. --->
<!--- Open the secure connection. --->
<cfftp action = "open"
username = "myusername"
connection = "My_query"
key="C:\mykeys\myprivatekey"
passphrase = "zHx628Fg"
fingerprint = "12:34:56:78:AB:CD:EF:FE:DC:BA:87:65:43:21"
server = "ftp.tucows.com"
secure = "yes">
<p>Did it succeed? <cfoutput>#cfftp.succeeded#</cfoutput>
<cfdump var ="#My_query# label="connection">
<!--- List files on the remote server. --->
<cftry>
<!--- List the files in a directory. --->
<cfftp action = "listDir"
connection="My_query"
stopOnError="yes"
name="ListFiles"
directory="/">
<cfcatch>
<!--- Close the connection. --->
<cfftp action="close" connection="My_query" stopOnError="no">
</cfcatch>
</cftry>
We're glad. Tell us how this page helped.
We're sorry. Can you tell us what didn't work for you?
Share additional feedback to help us improve.
0/255
|
