1SCP(1)                    BSD General Commands Manual                   SCP(1)
2

NAME

4     scp — OpenSSH secure file copy
5

SYNOPSIS

7     scp [-346ABCOpqRrTv] [-c cipher] [-D sftp_server_path] [-F ssh_config]
8         [-i identity_file] [-J destination] [-l limit] [-o ssh_option]
9         [-P port] [-S program] source ... target
10

DESCRIPTION

12     scp copies files between hosts on a network.
13
14     It uses ssh(1) for data transfer, and uses the same authentication and
15     provides the same security as a login session.
16
17     scp will ask for passwords or passphrases if they are needed for authen‐
18     tication.
19
20     The source and target may be specified as a local pathname, a remote host
21     with optional path in the form [user@]host:[path], or a URI in the form
22     scp://[user@]host[:port][/path].  Local file names can be made explicit
23     using absolute or relative pathnames to avoid scp treating file names
24     containing ‘:’ as host specifiers.
25
26     When copying between two remote hosts, if the URI format is used, a port
27     cannot be specified on the target if the -R option is used.
28
29     The options are as follows:
30
31     -3      Copies between two remote hosts are transferred through the local
32             host.  Without this option the data is copied directly between
33             the two remote hosts.  Note that, when using the original SCP
34             protocol (via the -O flag), this option selects batch mode for
35             the second host as scp cannot ask for passwords or passphrases
36             for both hosts.  This mode is the default.
37
38     -4      Forces scp to use IPv4 addresses only.
39
40     -6      Forces scp to use IPv6 addresses only.
41
42     -A      Allows forwarding of ssh-agent(1) to the remote system.  The de‐
43             fault is not to forward an authentication agent.
44
45     -B      Selects batch mode (prevents asking for passwords or
46             passphrases).
47
48     -C      Compression enable.  Passes the -C flag to ssh(1) to enable com‐
49             pression.
50
51     -c cipher
52             Selects the cipher to use for encrypting the data transfer.  This
53             option is directly passed to ssh(1).
54
55     -D sftp_server_path
56             When using the SFTP protocol support via -s, connect directly to
57             a local SFTP server program rather than a remote one via ssh(1).
58             This option may be useful in debugging the client and server.
59
60     -F ssh_config
61             Specifies an alternative per-user configuration file for ssh.
62             This option is directly passed to ssh(1).
63
64     -i identity_file
65             Selects the file from which the identity (private key) for public
66             key authentication is read.  This option is directly passed to
67             ssh(1).
68
69     -J destination
70             Connect to the target host by first making an scp connection to
71             the jump host described by destination and then establishing a
72             TCP forwarding to the ultimate destination from there.  Multiple
73             jump hops may be specified separated by comma characters.  This
74             is a shortcut to specify a ProxyJump configuration directive.
75             This option is directly passed to ssh(1).
76
77     -l limit
78             Limits the used bandwidth, specified in Kbit/s.
79
80     -O      Use the original SCP protocol for file transfers instead of the
81             SFTP protocol.  Forcing the use of the SCP protocol may be neces‐
82             sary for servers that do not implement SFTP, for backwards-com‐
83             patibility for particular filename wildcard patterns and for ex‐
84             panding paths with a ‘~’ prefix for older SFTP servers.
85
86     -o ssh_option
87             Can be used to pass options to ssh in the format used in
88             ssh_config(5).  This is useful for specifying options for which
89             there is no separate scp command-line flag.  For full details of
90             the options listed below, and their possible values, see
91             ssh_config(5).
92
93                   AddressFamily
94                   BatchMode
95                   BindAddress
96                   BindInterface
97                   CanonicalDomains
98                   CanonicalizeFallbackLocal
99                   CanonicalizeHostname
100                   CanonicalizeMaxDots
101                   CanonicalizePermittedCNAMEs
102                   CASignatureAlgorithms
103                   CertificateFile
104                   CheckHostIP
105                   Ciphers
106                   Compression
107                   ConnectionAttempts
108                   ConnectTimeout
109                   ControlMaster
110                   ControlPath
111                   ControlPersist
112                   GlobalKnownHostsFile
113                   GSSAPIAuthentication
114                   GSSAPIDelegateCredentials
115                   HashKnownHosts
116                   Host
117                   HostbasedAcceptedAlgorithms
118                   HostbasedAuthentication
119                   HostKeyAlgorithms
120                   HostKeyAlias
121                   Hostname
122                   IdentitiesOnly
123                   IdentityAgent
124                   IdentityFile
125                   IPQoS
126                   KbdInteractiveAuthentication
127                   KbdInteractiveDevices
128                   KexAlgorithms
129                   KnownHostsCommand
130                   LogLevel
131                   MACs
132                   NoHostAuthenticationForLocalhost
133                   NumberOfPasswordPrompts
134                   PasswordAuthentication
135                   PKCS11Provider
136                   Port
137                   PreferredAuthentications
138                   ProxyCommand
139                   ProxyJump
140                   PubkeyAcceptedAlgorithms
141                   PubkeyAuthentication
142                   RekeyLimit
143                   SendEnv
144                   ServerAliveInterval
145                   ServerAliveCountMax
146                   SetEnv
147                   StrictHostKeyChecking
148                   TCPKeepAlive
149                   UpdateHostKeys
150                   User
151                   UserKnownHostsFile
152                   VerifyHostKeyDNS
153
154     -P port
155             Specifies the port to connect to on the remote host.  Note that
156             this option is written with a capital ‘P’, because -p is already
157             reserved for preserving the times and mode bits of the file.
158
159     -p      Preserves modification times, access times, and file mode bits
160             from the source file.
161
162     -q      Quiet mode: disables the progress meter as well as warning and
163             diagnostic messages from ssh(1).
164
165     -R      Copies between two remote hosts are performed by connecting to
166             the origin host and executing scp there.  This requires that scp
167             running on the origin host can authenticate to the destination
168             host without requiring a password.
169
170     -r      Recursively copy entire directories.  Note that scp follows sym‐
171             bolic links encountered in the tree traversal.
172
173     -S program
174             Name of program to use for the encrypted connection.  The program
175             must understand ssh(1) options.
176
177     -T      Disable strict filename checking.  By default when copying files
178             from a remote host to a local directory scp checks that the re‐
179             ceived filenames match those requested on the command-line to
180             prevent the remote end from sending unexpected or unwanted files.
181             Because of differences in how various operating systems and
182             shells interpret filename wildcards, these checks may cause
183             wanted files to be rejected.  This option disables these checks
184             at the expense of fully trusting that the server will not send
185             unexpected filenames.
186
187     -v      Verbose mode.  Causes scp and ssh(1) to print debugging messages
188             about their progress.  This is helpful in debugging connection,
189             authentication, and configuration problems.
190
191     Usage of SCP protocol can be blocked by creating a world-readable
192     /etc/ssh/disable_scp file. If this file exists, when SCP protocol is in
193     use (either remotely or via the -O option), the program will exit.
194

EXIT STATUS

196     The scp utility exits 0 on success, and >0 if an error occurs.
197

SEE ALSO

199     sftp(1), ssh(1), ssh-add(1), ssh-agent(1), ssh-keygen(1), ssh_config(5),
200     sftp-server(8), sshd(8)
201

CAVEATS

203     The original scp protocol (selected by the -O flag) requires execution of
204     the remote user's shell to perform glob(3) pattern matching.  This re‐
205     quires careful quoting of any characters that have special meaning to the
206     remote shell, such as quote characters.
207

HISTORY

209     scp is based on the rcp program in BSD source code from the Regents of
210     the University of California.
211
212     Since OpenSSH 8.8 (8.7 in Red Hat/Fedora builds), scp has use the SFTP
213     protocol for transfers by default.
214

AUTHORS

216     Timo Rinne <tri@iki.fi>
217     Tatu Ylonen <ylo@cs.hut.fi>
218

CAVEATS

220     The original SCP protocol (used by default) requires execution of the re‐
221     mote user's shell to perform glob(3) pattern matching.  This requires
222     careful quoting of any characters that have special meaning to the remote
223     shell, such as quote characters.
224
225BSD                           September 20, 2021                           BSD
Impressum