Last Updated: May 12, 2016

Note:This page refers to the current Globus CLI which is accessed via SSH. We have a new CLI, which is a locally installed program and now available in Beta.

This guide provides a brief introduction to the Globus command-line interface (CLI). Additional CLI features are discussed in CLI: Beyond the Basics.


To use the CLI you must have a Globus account with ssh access enabled. To enable your account for ssh access you must add your ssh public key to your Globus account by visiting the Manage Identities page and clicking "add linked identity", followed by "Add SSH Public Key". If you do not have an ssh key, follow the directions here to create one.

CLI Structure

There is no need to install custom client software. CLI users interact with Globus via a secure shell. The general structure of a CLI request is:

$ ssh <username> <command> <options> <params>

where: <username> is your Globus user name, <command> is the Globus command to execute, <options> are the options available for <command>, and <params> are the parameters passed to <command>. If desired, gsissh can be used in place of ssh.

File Transfer

The Globus transfer service provides the transfer command for moving files.

All Globus accounts are provisioned with two endpoints for exploratory use, so as soon as you have an account you should be able to transfer /share/godata/file1.txt from endpoint go#ep1 to your home directory on go#ep2, as shown below by user demodoc:

$ ssh transfer -- go#ep1/share/godata/file1.txt go#ep2/~/myfile.txt
Task ID: 9be793ca-5983-12e6-c030-22100b92c261
$ ssh status 9be793ca-5983-12e6-c030-22100b92c261
Task ID     : 9be793ca-5983-12e6-c030-22100b92c261
Request Time: 2016-10-03 16:08:23Z
Command     : transfer -- go#ep1/share/godata/file1.txt go#ep2/~/myfile.txt
Label       : n/a
Status      : SUCCEEDED
$ ssh ls go#ep2/~/

Online Help

You can execute the help command to view the current Globus CLI command set:

$ ssh help
Type '<command> -h' for basic help on a command.
Type 'man <command>' for detailed help.

Task Management        Endpoint Management         Other
---------------        -------------------         -----
cancel                 acl-add                     echo
details                acl-list                    help
events                 acl-remove                  history
modify                 bookmark-add                identity-details
status                 bookmark-list               man
wait                   bookmark-remove             profile
Task Creation          endpoint-add
-------------          endpoint-deactivate
delete                 endpoint-details
rm                     endpoint-modify
transfer               endpoint-remove
File Management        endpoint-role-add
---------------        endpoint-role-list
ls                     endpoint-role-remove
mkdir                  endpoint-search
rename                 server-add

In addition, <command> -h displays a command syntax summary and man <command> displays the command’s manual page.

Endpoint Activation

Activation is a Globus endpoint user authentication mechanism; it enables endpoint owners to determine who is transferring files. Transfers will only proceed when both the source and destination endpoints are activated. You can practice by activating the Globus endpoints:

$ ssh endpoint-activate go#ep1
$ ssh endpoint-activate go#ep2

In the following example user demodoc activates NERSC endpoints using the ssh -t option to prevent the passphrase from being echoed to stdout. Activation gives you authorization to the endpoint itself, but you still need to be authorized (have permissions) to the given resources on an endpoint before you can access them through Globus. Being authorized to access an endpoint is separate from being further authorized to access specific resources on and endpoint. Access to a given endpoint is entirely within the endpoint owner’s control, so you must contact owners directly to obtain permission to use their endpoints.

$ ssh -t endpoint-activate nersc#carver
Myproxy activation for endpoint: 'nersc#carver'
Using Myproxy server: ''
Enter username (Default: 'demodoc'):
Enter password:
Connection to closed.
$ ssh -t endpoint-activate nersc#hopper
Myproxy activation for endpoint: 'nersc#hopper'
Using Myproxy server: ''
Enter username (Default: 'demodoc'):
Enter password:
Connection to closed.

Because 'carver' and 'hopper' have been activated using NERSC credentials, and the 'carver' and 'hopper' owners have authorized the user to access their endpoints, demodoc is able to transfer a file:

$ ssh transfer -- nersc#carver/share/godata/file1.txt nersc#hopper/~/myfile.txt
Task ID: 6356aa16-ed20-11df-aa30-1231350018b1

Now, user demodoc activates the XSEDE endpoint 'stampede'. The endpoint owner requires that the user go to the XSEDE OAuth service so that the user’s password does not flow through Globus. This requires copying the URL shown in the terminal window to a web browser and following the prompts. Once the user has authenticated on XSEDE’s OAuth server, a confirmation message is displayed in the terminal:

$ ssh -t endpoint-activate xsede#stampede
*** Please use this URL to activate the endpoint(s) ***
*** Waiting... Press CTRL-C to cancel ***
*** Credential Received! ***
Connection to closed.

An endpoint can also be activated using gsissh:

$ gsissh endpoint-activate -g ci#pads
Credential Subject : /DC=org/DC=doegrids/OU=People/CN=Demo Docuser 595766/CN=576965990/CN=436543765
Credential Time Left: 11:59:54
Activating 'ci#pads'

Endpoints can also be activated inline by specifying the -g option with the transfer command.

© 2010- The University of Chicago Legal