logo

oasis-root

Compiled tree of Oasis Linux based on own branch at <https://hacktivis.me/git/oasis/> git clone https://anongit.hacktivis.me/git/oasis-root.git

scp.1 (8882B)

    

  1. .\"
  2. .\" scp.1
  3. .\"
  4. .\" Author: Tatu Ylonen <ylo@cs.hut.fi>
  5. .\"
  6. .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  7. .\"                    All rights reserved
  8. .\"
  9. .\" Created: Sun May  7 00:14:37 1995 ylo
  10. .\"
  11. .\" $OpenBSD: scp.1,v 1.113 2024/12/06 15:12:56 djm Exp $
  12. .\"
  13. .Dd $Mdocdate: December 6 2024 $
  14. .Dt SCP 1
  15. .Os
  16. .Sh NAME
  17. .Nm scp
  18. .Nd OpenSSH secure file copy
  19. .Sh SYNOPSIS
  20. .Nm scp
  21. .Op Fl 346ABCOpqRrsTv
  22. .Op Fl c Ar cipher
  23. .Op Fl D Ar sftp_server_path
  24. .Op Fl F Ar ssh_config
  25. .Op Fl i Ar identity_file
  26. .Op Fl J Ar destination
  27. .Op Fl l Ar limit
  28. .Op Fl o Ar ssh_option
  29. .Op Fl P Ar port
  30. .Op Fl S Ar program
  31. .Op Fl X Ar sftp_option
  32. .Ar source ... target
  33. .Sh DESCRIPTION
  34. .Nm
  35. copies files between hosts on a network.
  36. .Pp
  37. .Nm
  38. uses the SFTP protocol over a
  39. .Xr ssh 1
  40. connection for data transfer, and uses the same authentication and provides
  41. the same security as a login session.
  42. .Pp
  43. .Nm
  44. will ask for passwords or passphrases if they are needed for
  45. authentication.
  46. .Pp
  47. The
  48. .Ar source
  49. and
  50. .Ar target
  51. may be specified as a local pathname, a remote host with optional path
  52. in the form
  53. .Sm off
  54. .Oo user @ Oc host : Op path ,
  55. .Sm on
  56. or a URI in the form
  57. .Sm off
  58. .No scp:// Oo user @ Oc host Oo : port Oc Op / path .
  59. .Sm on
  60. Local file names can be made explicit using absolute or relative pathnames
  61. to avoid
  62. .Nm
  63. treating file names containing
  64. .Sq :\&
  65. as host specifiers.
  66. .Pp
  67. When copying between two remote hosts, if the URI format is used, a
  68. .Ar port
  69. cannot be specified on the
  70. .Ar target
  71. if the
  72. .Fl R
  73. option is used.
  74. .Pp
  75. The options are as follows:
  76. .Bl -tag -width Ds
  77. .It Fl 3
  78. Copies between two remote hosts are transferred through the local host.
  79. Without this option the data is copied directly between the two remote
  80. hosts.
  81. Note that, when using the legacy SCP protocol (via the
  82. .Fl O
  83. flag), this option
  84. selects batch mode for the second host as
  85. .Nm
  86. cannot ask for passwords or passphrases for both hosts.
  87. This mode is the default.
  88. .It Fl 4
  89. Forces
  90. .Nm
  91. to use IPv4 addresses only.
  92. .It Fl 6
  93. Forces
  94. .Nm
  95. to use IPv6 addresses only.
  96. .It Fl A
  97. Allows forwarding of
  98. .Xr ssh-agent 1
  99. to the remote system.
  100. The default is not to forward an authentication agent.
  101. .It Fl B
  102. Selects batch mode (prevents asking for passwords or passphrases).
  103. .It Fl C
  104. Compression enable.
  105. Passes the
  106. .Fl C
  107. flag to
  108. .Xr ssh 1
  109. to enable compression.
  110. .It Fl c Ar cipher
  111. Selects the cipher to use for encrypting the data transfer.
  112. This option is directly passed to
  113. .Xr ssh 1 .
  114. .It Fl D Ar sftp_server_path
  115. Connect directly to a local SFTP server program rather than a
  116. remote one via
  117. .Xr ssh 1 .
  118. This option may be useful in debugging the client and server.
  119. .It Fl F Ar ssh_config
  120. Specifies an alternative
  121. per-user configuration file for
  122. .Nm ssh .
  123. This option is directly passed to
  124. .Xr ssh 1 .
  125. .It Fl i Ar identity_file
  126. Selects the file from which the identity (private key) for public key
  127. authentication is read.
  128. This option is directly passed to
  129. .Xr ssh 1 .
  130. .It Fl J Ar destination
  131. Connect to the target host by first making an
  132. .Nm
  133. connection to the jump host described by
  134. .Ar destination
  135. and then establishing a TCP forwarding to the ultimate destination from
  136. there.
  137. Multiple jump hops may be specified separated by comma characters.
  138. This is a shortcut to specify a
  139. .Cm ProxyJump
  140. configuration directive.
  141. This option is directly passed to
  142. .Xr ssh 1 .
  143. .It Fl l Ar limit
  144. Limits the used bandwidth, specified in Kbit/s.
  145. .It Fl O
  146. Use the legacy SCP protocol for file transfers instead of the SFTP protocol.
  147. Forcing the use of the SCP protocol may be necessary for servers that do
  148. not implement SFTP, for backwards-compatibility for particular filename
  149. wildcard patterns and for expanding paths with a
  150. .Sq ~
  151. prefix for older SFTP servers.
  152. .It Fl o Ar ssh_option
  153. Can be used to pass options to
  154. .Nm ssh
  155. in the format used in
  156. .Xr ssh_config 5 .
  157. This is useful for specifying options
  158. for which there is no separate
  159. .Nm scp
  160. command-line flag.
  161. For full details of the options listed below, and their possible values, see
  162. .Xr ssh_config 5 .
  163. .Pp
  164. .Bl -tag -width Ds -offset indent -compact
  165. .It AddKeysToAgent
  166. .It AddressFamily
  167. .It BatchMode
  168. .It BindAddress
  169. .It BindInterface
  170. .It CASignatureAlgorithms
  171. .It CanonicalDomains
  172. .It CanonicalizeFallbackLocal
  173. .It CanonicalizeHostname
  174. .It CanonicalizeMaxDots
  175. .It CanonicalizePermittedCNAMEs
  176. .It CertificateFile
  177. .It ChannelTimeout
  178. .It CheckHostIP
  179. .It Ciphers
  180. .It ClearAllForwardings
  181. .It Compression
  182. .It ConnectTimeout
  183. .It ConnectionAttempts
  184. .It ControlMaster
  185. .It ControlPath
  186. .It ControlPersist
  187. .It DynamicForward
  188. .It EnableEscapeCommandline
  189. .It EnableSSHKeysign
  190. .It EscapeChar
  191. .It ExitOnForwardFailure
  192. .It FingerprintHash
  193. .It ForkAfterAuthentication
  194. .It ForwardAgent
  195. .It ForwardX11
  196. .It ForwardX11Timeout
  197. .It ForwardX11Trusted
  198. .It GSSAPIAuthentication
  199. .It GSSAPIDelegateCredentials
  200. .It GatewayPorts
  201. .It GlobalKnownHostsFile
  202. .It HashKnownHosts
  203. .It Host
  204. .It HostKeyAlgorithms
  205. .It HostKeyAlias
  206. .It HostbasedAcceptedAlgorithms
  207. .It HostbasedAuthentication
  208. .It Hostname
  209. .It IPQoS
  210. .It IdentitiesOnly
  211. .It IdentityAgent
  212. .It IdentityFile
  213. .It IgnoreUnknown
  214. .It Include
  215. .It KbdInteractiveAuthentication
  216. .It KbdInteractiveDevices
  217. .It KexAlgorithms
  218. .It KnownHostsCommand
  219. .It LocalCommand
  220. .It LocalForward
  221. .It LogLevel
  222. .It LogVerbose
  223. .It MACs
  224. .It NoHostAuthenticationForLocalhost
  225. .It NumberOfPasswordPrompts
  226. .It ObscureKeystrokeTiming
  227. .It PKCS11Provider
  228. .It PasswordAuthentication
  229. .It PermitLocalCommand
  230. .It PermitRemoteOpen
  231. .It Port
  232. .It PreferredAuthentications
  233. .It ProxyCommand
  234. .It ProxyJump
  235. .It ProxyUseFdpass
  236. .It PubkeyAcceptedAlgorithms
  237. .It PubkeyAuthentication
  238. .It RekeyLimit
  239. .It RemoteCommand
  240. .It RemoteForward
  241. .It RequestTTY
  242. .It RequiredRSASize
  243. .It RevokedHostKeys
  244. .It SecurityKeyProvider
  245. .It SendEnv
  246. .It ServerAliveCountMax
  247. .It ServerAliveInterval
  248. .It SessionType
  249. .It SetEnv
  250. .It StdinNull
  251. .It StreamLocalBindMask
  252. .It StreamLocalBindUnlink
  253. .It StrictHostKeyChecking
  254. .It SyslogFacility
  255. .It TCPKeepAlive
  256. .It Tag
  257. .It Tunnel
  258. .It TunnelDevice
  259. .It UpdateHostKeys
  260. .It User
  261. .It UserKnownHostsFile
  262. .It VerifyHostKeyDNS
  263. .It VisualHostKey
  264. .It XAuthLocation
  265. .El
  266. .It Fl P Ar port
  267. Specifies the port to connect to on the remote host.
  268. Note that this option is written with a capital
  269. .Sq P ,
  270. because
  271. .Fl p
  272. is already reserved for preserving the times and mode bits of the file.
  273. .It Fl p
  274. Preserves modification times, access times, and file mode bits from the
  275. source file.
  276. .It Fl q
  277. Quiet mode: disables the progress meter as well as warning and diagnostic
  278. messages from
  279. .Xr ssh 1 .
  280. .It Fl R
  281. Copies between two remote hosts are performed by connecting to the origin
  282. host and executing
  283. .Nm
  284. there.
  285. This requires that
  286. .Nm
  287. running on the origin host can authenticate to the destination host without
  288. requiring a password.
  289. .It Fl r
  290. Recursively copy entire directories.
  291. Note that
  292. .Nm
  293. follows symbolic links encountered in the tree traversal.
  294. .It Fl S Ar program
  295. Name of
  296. .Ar program
  297. to use for the encrypted connection.
  298. The program must understand
  299. .Xr ssh 1
  300. options.
  301. .It Fl T
  302. Disable strict filename checking.
  303. By default when copying files from a remote host to a local directory
  304. .Nm
  305. checks that the received filenames match those requested on the command-line
  306. to prevent the remote end from sending unexpected or unwanted files.
  307. Because of differences in how various operating systems and shells interpret
  308. filename wildcards, these checks may cause wanted files to be rejected.
  309. This option disables these checks at the expense of fully trusting that
  310. the server will not send unexpected filenames.
  311. .It Fl v
  312. Verbose mode.
  313. Causes
  314. .Nm
  315. and
  316. .Xr ssh 1
  317. to print debugging messages about their progress.
  318. This is helpful in
  319. debugging connection, authentication, and configuration problems.
  320. .It Fl X Ar sftp_option
  321. Specify an option that controls aspects of SFTP protocol behaviour.
  322. The valid options are:
  323. .Bl -tag -width Ds
  324. .It Cm nrequests Ns = Ns Ar value
  325. Controls how many concurrent SFTP read or write requests may be in progress
  326. at any point in time during a download or upload.
  327. By default 64 requests may be active concurrently.
  328. .It Cm buffer Ns = Ns Ar value
  329. Controls the maximum buffer size for a single SFTP read/write operation used
  330. during download or upload.
  331. By default a 32KB buffer is used.
  332. .El
  333. .El
  334. .Sh EXIT STATUS
  335. .Ex -std scp
  336. .Sh SEE ALSO
  337. .Xr sftp 1 ,
  338. .Xr ssh 1 ,
  339. .Xr ssh-add 1 ,
  340. .Xr ssh-agent 1 ,
  341. .Xr ssh-keygen 1 ,
  342. .Xr ssh_config 5 ,
  343. .Xr sftp-server 8 ,
  344. .Xr sshd 8
  345. .Sh HISTORY
  346. .Nm
  347. is based on the rcp program in
  348. .Bx
  349. source code from the Regents of the University of California.
  350. .Pp
  351. Since OpenSSH 9.0,
  352. .Nm
  353. has used the SFTP protocol for transfers by default.
  354. .Sh AUTHORS
  355. .An Timo Rinne Aq Mt tri@iki.fi
  356. .An Tatu Ylonen Aq Mt ylo@cs.hut.fi
  357. .Sh CAVEATS
  358. The legacy SCP protocol (selected by the
  359. .Fl O
  360. flag) requires execution of the remote user's shell to perform
  361. .Xr glob 3
  362. pattern matching.
  363. This requires careful quoting of any characters that have special meaning to
  364. the remote shell, such as quote characters.