scp.1 (8882B)
- .\"
- .\" scp.1
- .\"
- .\" Author: Tatu Ylonen <ylo@cs.hut.fi>
- .\"
- .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
- .\" All rights reserved
- .\"
- .\" Created: Sun May 7 00:14:37 1995 ylo
- .\"
- .\" $OpenBSD: scp.1,v 1.113 2024/12/06 15:12:56 djm Exp $
- .\"
- .Dd $Mdocdate: December 6 2024 $
- .Dt SCP 1
- .Os
- .Sh NAME
- .Nm scp
- .Nd OpenSSH secure file copy
- .Sh SYNOPSIS
- .Nm scp
- .Op Fl 346ABCOpqRrsTv
- .Op Fl c Ar cipher
- .Op Fl D Ar sftp_server_path
- .Op Fl F Ar ssh_config
- .Op Fl i Ar identity_file
- .Op Fl J Ar destination
- .Op Fl l Ar limit
- .Op Fl o Ar ssh_option
- .Op Fl P Ar port
- .Op Fl S Ar program
- .Op Fl X Ar sftp_option
- .Ar source ... target
- .Sh DESCRIPTION
- .Nm
- copies files between hosts on a network.
- .Pp
- .Nm
- uses the SFTP protocol over a
- .Xr ssh 1
- connection for data transfer, and uses the same authentication and provides
- the same security as a login session.
- .Pp
- .Nm
- will ask for passwords or passphrases if they are needed for
- authentication.
- .Pp
- The
- .Ar source
- and
- .Ar target
- may be specified as a local pathname, a remote host with optional path
- in the form
- .Sm off
- .Oo user @ Oc host : Op path ,
- .Sm on
- or a URI in the form
- .Sm off
- .No scp:// Oo user @ Oc host Oo : port Oc Op / path .
- .Sm on
- Local file names can be made explicit using absolute or relative pathnames
- to avoid
- .Nm
- treating file names containing
- .Sq :\&
- as host specifiers.
- .Pp
- When copying between two remote hosts, if the URI format is used, a
- .Ar port
- cannot be specified on the
- .Ar target
- if the
- .Fl R
- option is used.
- .Pp
- The options are as follows:
- .Bl -tag -width Ds
- .It Fl 3
- Copies between two remote hosts are transferred through the local host.
- Without this option the data is copied directly between the two remote
- hosts.
- Note that, when using the legacy SCP protocol (via the
- .Fl O
- flag), this option
- selects batch mode for the second host as
- .Nm
- cannot ask for passwords or passphrases for both hosts.
- This mode is the default.
- .It Fl 4
- Forces
- .Nm
- to use IPv4 addresses only.
- .It Fl 6
- Forces
- .Nm
- to use IPv6 addresses only.
- .It Fl A
- Allows forwarding of
- .Xr ssh-agent 1
- to the remote system.
- The default is not to forward an authentication agent.
- .It Fl B
- Selects batch mode (prevents asking for passwords or passphrases).
- .It Fl C
- Compression enable.
- Passes the
- .Fl C
- flag to
- .Xr ssh 1
- to enable compression.
- .It Fl c Ar cipher
- Selects the cipher to use for encrypting the data transfer.
- This option is directly passed to
- .Xr ssh 1 .
- .It Fl D Ar sftp_server_path
- Connect directly to a local SFTP server program rather than a
- remote one via
- .Xr ssh 1 .
- This option may be useful in debugging the client and server.
- .It Fl F Ar ssh_config
- Specifies an alternative
- per-user configuration file for
- .Nm ssh .
- This option is directly passed to
- .Xr ssh 1 .
- .It Fl i Ar identity_file
- Selects the file from which the identity (private key) for public key
- authentication is read.
- This option is directly passed to
- .Xr ssh 1 .
- .It Fl J Ar destination
- Connect to the target host by first making an
- .Nm
- connection to the jump host described by
- .Ar destination
- and then establishing a TCP forwarding to the ultimate destination from
- there.
- Multiple jump hops may be specified separated by comma characters.
- This is a shortcut to specify a
- .Cm ProxyJump
- configuration directive.
- This option is directly passed to
- .Xr ssh 1 .
- .It Fl l Ar limit
- Limits the used bandwidth, specified in Kbit/s.
- .It Fl O
- Use the legacy SCP protocol for file transfers instead of the SFTP protocol.
- Forcing the use of the SCP protocol may be necessary for servers that do
- not implement SFTP, for backwards-compatibility for particular filename
- wildcard patterns and for expanding paths with a
- .Sq ~
- prefix for older SFTP servers.
- .It Fl o Ar ssh_option
- Can be used to pass options to
- .Nm ssh
- in the format used in
- .Xr ssh_config 5 .
- This is useful for specifying options
- for which there is no separate
- .Nm scp
- command-line flag.
- For full details of the options listed below, and their possible values, see
- .Xr ssh_config 5 .
- .Pp
- .Bl -tag -width Ds -offset indent -compact
- .It AddKeysToAgent
- .It AddressFamily
- .It BatchMode
- .It BindAddress
- .It BindInterface
- .It CASignatureAlgorithms
- .It CanonicalDomains
- .It CanonicalizeFallbackLocal
- .It CanonicalizeHostname
- .It CanonicalizeMaxDots
- .It CanonicalizePermittedCNAMEs
- .It CertificateFile
- .It ChannelTimeout
- .It CheckHostIP
- .It Ciphers
- .It ClearAllForwardings
- .It Compression
- .It ConnectTimeout
- .It ConnectionAttempts
- .It ControlMaster
- .It ControlPath
- .It ControlPersist
- .It DynamicForward
- .It EnableEscapeCommandline
- .It EnableSSHKeysign
- .It EscapeChar
- .It ExitOnForwardFailure
- .It FingerprintHash
- .It ForkAfterAuthentication
- .It ForwardAgent
- .It ForwardX11
- .It ForwardX11Timeout
- .It ForwardX11Trusted
- .It GSSAPIAuthentication
- .It GSSAPIDelegateCredentials
- .It GatewayPorts
- .It GlobalKnownHostsFile
- .It HashKnownHosts
- .It Host
- .It HostKeyAlgorithms
- .It HostKeyAlias
- .It HostbasedAcceptedAlgorithms
- .It HostbasedAuthentication
- .It Hostname
- .It IPQoS
- .It IdentitiesOnly
- .It IdentityAgent
- .It IdentityFile
- .It IgnoreUnknown
- .It Include
- .It KbdInteractiveAuthentication
- .It KbdInteractiveDevices
- .It KexAlgorithms
- .It KnownHostsCommand
- .It LocalCommand
- .It LocalForward
- .It LogLevel
- .It LogVerbose
- .It MACs
- .It NoHostAuthenticationForLocalhost
- .It NumberOfPasswordPrompts
- .It ObscureKeystrokeTiming
- .It PKCS11Provider
- .It PasswordAuthentication
- .It PermitLocalCommand
- .It PermitRemoteOpen
- .It Port
- .It PreferredAuthentications
- .It ProxyCommand
- .It ProxyJump
- .It ProxyUseFdpass
- .It PubkeyAcceptedAlgorithms
- .It PubkeyAuthentication
- .It RekeyLimit
- .It RemoteCommand
- .It RemoteForward
- .It RequestTTY
- .It RequiredRSASize
- .It RevokedHostKeys
- .It SecurityKeyProvider
- .It SendEnv
- .It ServerAliveCountMax
- .It ServerAliveInterval
- .It SessionType
- .It SetEnv
- .It StdinNull
- .It StreamLocalBindMask
- .It StreamLocalBindUnlink
- .It StrictHostKeyChecking
- .It SyslogFacility
- .It TCPKeepAlive
- .It Tag
- .It Tunnel
- .It TunnelDevice
- .It UpdateHostKeys
- .It User
- .It UserKnownHostsFile
- .It VerifyHostKeyDNS
- .It VisualHostKey
- .It XAuthLocation
- .El
- .It Fl P Ar port
- Specifies the port to connect to on the remote host.
- Note that this option is written with a capital
- .Sq P ,
- because
- .Fl p
- is already reserved for preserving the times and mode bits of the file.
- .It Fl p
- Preserves modification times, access times, and file mode bits from the
- source file.
- .It Fl q
- Quiet mode: disables the progress meter as well as warning and diagnostic
- messages from
- .Xr ssh 1 .
- .It Fl R
- Copies between two remote hosts are performed by connecting to the origin
- host and executing
- .Nm
- there.
- This requires that
- .Nm
- running on the origin host can authenticate to the destination host without
- requiring a password.
- .It Fl r
- Recursively copy entire directories.
- Note that
- .Nm
- follows symbolic links encountered in the tree traversal.
- .It Fl S Ar program
- Name of
- .Ar program
- to use for the encrypted connection.
- The program must understand
- .Xr ssh 1
- options.
- .It Fl T
- Disable strict filename checking.
- By default when copying files from a remote host to a local directory
- .Nm
- checks that the received filenames match those requested on the command-line
- to prevent the remote end from sending unexpected or unwanted files.
- Because of differences in how various operating systems and shells interpret
- filename wildcards, these checks may cause wanted files to be rejected.
- This option disables these checks at the expense of fully trusting that
- the server will not send unexpected filenames.
- .It Fl v
- Verbose mode.
- Causes
- .Nm
- and
- .Xr ssh 1
- to print debugging messages about their progress.
- This is helpful in
- debugging connection, authentication, and configuration problems.
- .It Fl X Ar sftp_option
- Specify an option that controls aspects of SFTP protocol behaviour.
- The valid options are:
- .Bl -tag -width Ds
- .It Cm nrequests Ns = Ns Ar value
- Controls how many concurrent SFTP read or write requests may be in progress
- at any point in time during a download or upload.
- By default 64 requests may be active concurrently.
- .It Cm buffer Ns = Ns Ar value
- Controls the maximum buffer size for a single SFTP read/write operation used
- during download or upload.
- By default a 32KB buffer is used.
- .El
- .El
- .Sh EXIT STATUS
- .Ex -std scp
- .Sh SEE ALSO
- .Xr sftp 1 ,
- .Xr ssh 1 ,
- .Xr ssh-add 1 ,
- .Xr ssh-agent 1 ,
- .Xr ssh-keygen 1 ,
- .Xr ssh_config 5 ,
- .Xr sftp-server 8 ,
- .Xr sshd 8
- .Sh HISTORY
- .Nm
- is based on the rcp program in
- .Bx
- source code from the Regents of the University of California.
- .Pp
- Since OpenSSH 9.0,
- .Nm
- has used the SFTP protocol for transfers by default.
- .Sh AUTHORS
- .An Timo Rinne Aq Mt tri@iki.fi
- .An Tatu Ylonen Aq Mt ylo@cs.hut.fi
- .Sh CAVEATS
- The legacy SCP protocol (selected by the
- .Fl O
- flag) requires execution of the remote user's shell to perform
- .Xr glob 3
- pattern matching.
- This requires careful quoting of any characters that have special meaning to
- the remote shell, such as quote characters.