ScaleFT Client

The ScaleFT Client is a lightweight desktop application and command-line tool for Windows, macOS, and Linux.


After installing the client, you will enroll in your team with sft enroll.


sft [global options] command [command options] [arguments...]


sft config

Get and set sft configuration

sft dash

Open your team’s dashboard

sft device-info

Print device-info as JSON

sft enroll

Adds your ScaleFT account to this device

sft list-accounts

  • -l, --selector: Selector (label query) to filter on
  • --output [format], -o [format] The output format must be one of: default, json, or describe

List the accounts this client is configured to be able to use

sft list-servers

  • -l, --selector: Selector (label query) to filter on
  • --output [format], -o [format] The output format must be one of: default, json, or describe

List servers available in the current team

sft login

If logged out, create a new session

sft logout

Logout from current session

sft proxycommand

  • --config: Instead of connecting over SSH ProxyCommand, print the associated SSH configuration block
  • --via, --bastion: SSH bastion host to use to connect to the target

Used with OpenSSH ProxyCommand to enable transparent use of sft with ssh, scp, rsync, ftp, etc.

sft rdp

  • --via, --bastion: SSH bastion host to use to connect to the target

Connect to RDP to a target passed as an argument

sft resolve

Resolves a single server matching the hostname or instance-details specified

sft ssh

  • --via, --bastion: SSH bastion host to use to connect to the target
  • --command: Command to execute over SSH (optional)

Connect via SSH to a target passed as an argument

sft unenroll

Remove this device from ScaleFT

sft use

Set an enrolled team as the current default

sft help

Shows a list of commands or help for one command

Global Command Line Options

  • -h, --help: Display help.
  • -v, --version: Display version.
  • --config-file: Provide alternative configuration file path.
  • --account: Use specified account
  • --team: Use specified team
  • --instance: Use specified instance of the ScaleFT Platform

All global options are optional.


  • -l, --selector: Selector (label query) to filter on

Commands which take a selector as an optional argument can filter their results based on an arbitrary selector query, such as sft list-servers -l os_type=windows,project_name=Demo.

Selector syntax is based on Kubernetes Label Queries.


You can view or set configuration options with the sft config command.

No configuration file will be present upon initial installation of the ScaleFT Client. The configuration file will be created once you set your first configuration option. Until then, all defaults will be used.

ScaleFT Client configurations are grouped into sections. Currently sections include rdp, ssh, ssh_agent, and service_auth.

Viewing your configuration

  • sft config: Display your current configurations
  • sft config [section.key]: View the current value of a specific configuration indicated by section.key

Setting a configuration value

You can set a configuration value with the command syntax: sft config [section.key] [value].

Configuration Options



A string, such as 1200x1600, describing the user’s preferred RDP window size.


If set, RDP sessions will be opened in fullscreen mode. This causes the rdp.screensize configuration to be ignored.



If set, the ScaleFT Client will store any passphrases entered by the user in the workstation’s local cryptographic store.


A value of “netcat” causes ScaleFT to remotely execute netcat (nc) as a means of port forwarding, instead of relying on a native SSH port forward.


A value of “host” causes ScaleFT to set the ForwardAgent option when executing SSH commands. Note that ScaleFT-issued credentials are not added to the ssh-agent, so the target host must be configured to accept an externally managed credential.

Leaving this unset, or supplying a value of “none”, will cause ScaleFT not to forward SSH agent.

SSH Agent


If set, the ScaleFT Client will use an SSH agent when authenticating.


The value is a JSON array of paths to SSH private keys to be loaded into the SHH agent.

Example: sft config ssh_agent.keys '["/Users/alice/.ssh/id_rsa"]'


When using Windows PowerShell, escape inner quotes.

Example: sft config ssh_agent.keys '[\"C:\\Users\\alice\\.ssh\\id_rsa\"]'

Service Auth


If set, the ScaleFT Client will support authentication for service users.

Environment Variables


When set, sft will print additional debugging to stderr.